Skip navigation

Windows IT Pro UPDATE--Vista's BitLocker: Boon or Bust?--May 2, 2006

Subscribe to Windows IT Pro:


Make sure your copy of Windows IT Pro UPDATE doesn't get mistakenly blocked by antispam software! Be sure to add [email protected] to your list of allowed senders and contacts.

This email newsletter comes to you free and is supported by the following advertisers, which offer products and services in which you might be interested. Please take a moment to visit these advertiser's Web sites and show your support for Windows IT Pro UPDATE.


Raxco Software's PerfectDisk(R) defragmenter



1. Commentary
- Vista's BitLocker: Boon or Bust?

2. Hot Off the Press
- Intel Seeks to Bridge Digital Divide
- Calling All Windows IT Pro Innovators!

3. Peer to Peer
- Featured Forum: Office Tips
- Tip: How can I use the Storage Report feature in Windows Server 2003 R2 to run a storage report?
- Instant Poll: Are you taking any time off this summer--or taking your work with you?

4. New and Improved
- Inventory Network Infrastructure With One Solution

==== Sponsor: Diskeeper ====

Free download! Fast, thorough automatic defragmentation

NEW Diskeeper 10! FREE download! Boost access speeds like never before with breakthrough disk performance calibration technology. Get fast, thorough defragmentation transparently in the background for every system on your network. See why Diskeeper is the number one automatic defragmenter - download FREE 30-day fully-functional trialware now.


==== 1. Commentary: Vista's BitLocker: Boon or Bust? ====
by Paul Thurrott, News Editor, [email protected]

Last week, I took a mile-high view at some of the features Windows Vista will offer the enterprise. This week, I'd like to look more closely at a controversial new Vista feature called BitLocker. BitLocker sounds simple enough. Combined with a Trusted Platform Module (TPM) chip on a PC's motherboard, BitLocker encrypts an entire hard disk. Microsoft says this feature will help companies, especially those with executives traveling around with key corporate data on their laptops, keep private company information private. But there are fears that lawbreakers will use BitLocker to secure their data as well. And because Microsoft has pledged that there will never be any backdoors created for BitLocker, information stored on those encrypted hard disks will always be safe from prying eyes, good or bad.

Here's how it works. BitLocker is a hardware-backed encryption feature that protects an entire hard disk from being hacked. It integrates with a TPM 1.2 chip and leverages a 128-bit or 256-bit Advanced Encryption Standard (AES) encryption algorithm. (You can optionally use BitLocker on non-TPM systems as well, but in such a case you must supply a USB memory key or an alphanumeric password to access the system.) BitLocker interacts with TPM-enabled systems and is thus secure even during the boot-up process when used in conjunction with TPM. (On non-TPM systems, BitLocker can't guarantee boot file integrity.)

If you're familiar with the Encrypting File System (EFS), a feature of NTFS, you might be wondering what the big deal is. Although some serious technical differences exist between the two features--most obviously, that BitLocker uses a stronger hardware-based encryption scheme--the end result is the same: Data is encrypted so that thieves won't be able to recover it by simply plugging the hard disk into a different PC. BitLocker is what Microsoft used to call Secure Startup and Full Volume Encryption. For the truly security conscious, it's even possible to use both BitLocker and EFS together. That's because BitLocker protects only the volume on which the Windows OS is installed. So you can use EFS to protect data on other volumes, and because EFS stores its encryption keys on the OS partition, all the EFS-protected data is more secure as a result.

Confusingly, BitLocker requires a number of configuration options, including two separate partitions for the boot files and OS. Microsoft provides semi-convoluted instructions for configuring a system for BitLocker (see URL below), so I won't repeat those steps here. The more important point, I think, is that BitLocker raises a lot of questions.

For corporations that don't mind investing in TPM-based hardware, BitLocker may seem like an obvious choice. But Microsoft isn't yet admitting what kind of performance hit BitLocker-based systems will incur. And it appears that BitLocker requires an onerous amount of configuration to be used effectively. It's unclear that even in heavily managed environments that BitLocker can easily be rolled out to individuals without a lot of hands-on work by administrators.

Machines that use BitLocker without TPM can technically succumb to brute force attacks. Indeed, even hardware-based BitLocker-based systems could theoretically be usurped, although Microsoft calls such attempts "unfeasible." Ultimately, the effectiveness of BitLocker is determined largely by how well it's configured. Thus, the possibility of human error raises its ugly head once again.

And then there's the recovery issue. Data protected by BitLocker is literally unrecoverable in the event that the user forgets his or her recovery password or loses the recovery key. (Unless of course Moore's Law finally catches up with 256-bit AES encryption.) Microsoft recommends that users store this information in a safe place, but again, people are human. Mistakes happen.

I've tested BitLocker only briefly, but I'm intrigued by its Windows integration and Group Policy capabilities, and of course, no one wants to think that their data is being pawed over by others, be they competitors, criminals, or both. But I'm a bit nervous that BitLocker might ultimately do more harm than good. Will the number of people burned by BitLocker's unbreakable encryption exceed those who are saved by this feature? Only time will tell.

Windows Vista Beta 2 BitLocker Drive Encryption Step-by-Step Guide (Microsoft)


==== Sponsor: Raxco Software's PerfectDisk(R) defragmenter ====

Free download! Windows IT Pro Readers' Choice, Redmond Magazine Readers' Choice, PC Magazine Editors' Choice,, many more - Best Defragmenter

Make your PCs and servers as fast as possible with the world's #1 defragmenter. No extra pricing for large drives. Exclusive single pass defragmentation and free space consolidation plus patented SMARTPlacement(TM) optimization strategy ensures maximum performance and a slower rate of refragmentation. Sumitomo Bank, Gibson Guitar, the Subway Restaurant chain, Chase Bank, Patent and Trademark Office, the FBI and other world-class enterprises around the world rely on PerfectDisk. Join them - download today.


==== 2. Hot Off the Press ====
by Paul Thurrott, [email protected]

Intel Seeks to Bridge Digital Divide
Intel this week announced that it will spend more than $1 billion over the next five years to help provide developing countries with computers, Internet access, and other technologies. Under a program it calls World Ahead, Intel will provide wireless Internet access to 1 billion people, train 10 million teachers to use technology in their classes, and provide more than 10,000 PCs for use in classrooms. Read the entire story at the following URL:

Calling All Windows IT Pro Innovators!
Have you developed a solution that uses Windows technology to solve a business problem in an innovative way? Enter your solution in the 2006 Windows IT Pro Innovators Contest! Grand-prize winners will receive airfare and a conference pass to Windows and Exchange Connections in Las Vegas, November 6-9, 2006, plus more great prizes and a feature article about the winning solutions in the December 2006 issue of Windows IT Pro. Contest runs through August 1, 2006.
To enter, click here:

==== Events and Resources ====
( A complete Web and live events directory brought to you by Windows IT Pro: )

Learn the essentials about how consolidation and selected technology updates build an infrastructure that can handle change effectively.

Use virtual server technology to consolidate your production environment using only a fraction of the server hardware in the data center. Live Event: Thursday, May 18

Design effective policies to protect your company's assets and data. Don't accidentally damage what you mean to protect! View this on-demand seminar today.

Learn to differentiate alternative solutions to disaster recovery for your Windows-based applications and ensure seamless recovery of your key systems--whether a disaster strikes just one server or the whole site. Live event: Thursday, May 11

Increase administration efficiency, build flexible yet inexpensive file-server environments, and maximize potential through consolidation of your SQL Server environment. Make the most of your resources today!

==== Featured White Papers ====

Learn how to address challenges such as making email truly available 24x7x365, securing against viruses, comprehensively backing up email data, and more.

~~~~ Hot Spot: ~~~~

Protect mission-critical business information stored on your high-availability Exchange systems when you implement backup and restore strategies. You'll also learn the proven best configuration and deployment considerations.

==== 4. Peer to Peer ====

Featured Forum: Office Tips
As an IT professional, do you feel you spend too much of your time answering user questions about Microsoft Office applications? If you would like to improve your users’ productivity with Microsoft Word, Excel, Outlook, PowerPoint, and Access, the new Office Tips forum is for you. You can ask Microsoft Office-related questions and swap tips with your fellow IT pros. Check it out at the following URL:

Tip: How can I use the Storage Report feature in Windows Server 2003 R2 to run a storage report?
by John Savill,

Find the answer at the following URL:

Instant Poll: Are you taking any time off this summer--or taking your work with you?
The current Instant Poll question is, "What are your vacation plans for this summer?" Go to the Windows IT Pro home page and submit your vote for a) Taking 1 week, b) Taking 2 weeks, c) Taking 3 weeks, d) Not taking any time off, or e) Taking my work to the beach.

==== Announcements ====
(from Windows IT Pro and its partners)

Windows IT Pro Master CD--SAVE 50%!
Subscribe today and get portable, high-speed access to the entire Windows IT Pro article database on CD: a searchable library that includes every Windows IT Pro issue ever published. The newest issue also includes BONUS Windows IT Tips. Order now and save:

May Exclusive--Save $100 off the Exchange & Outlook Newsletter
For a limited time, order the Exchange & Outlook Administrator newsletter and SAVE up to $100! You'll get 12 helpful issues loaded with solutions you won't find anywhere else and FREE access to the entire Exchange & Outlook online article database. Subscribe now:

==== 5. New and Improved ====
by Blake Eno, [email protected]

Inventory Network Infrastructure With One Solution
Alchemy Lab announced Asset Tracker for Networks 5.7, a network management and inventory tool. The product automatically provides information on all your network workstations and servers, including details such as processor, memory, hard disks, OS, and installed software. Asset Tracker also detects non-PC network devices such as routers and printers, providing device name, model, manufacturer, and installed software information. Eighteen built-in reports are also available and inventory information can be exported to Microsoft SQL Server databases, Microsoft Excel spreadsheets, and text files. A free trial is available. Pricing for Asset Tracker starts at $199.

Tell Us About a Hot Product and Get a T-Shirt!
Have you used a product that changed your IT experience by saving you time or easing your daily burden? Tell us about the product, and we'll send you a T-shirt if we write about the product in a future Windows IT Pro What's Hot column. Send your product suggestions with information about how the product has helped you to mailto:[email protected].

==== Contact Us ====

About the newsletter -- [email protected] About technical questions -- About product news -- [email protected] About your subscription -- [email protected] About sponsoring UPDATE -- [email protected]


This email newsletter is brought to you by Windows IT Pro, the leading publication for IT professionals deploying Windows and related technologies. Subscribe today!

Manage Your Account You are subscribed as %%$email%%

You are receiving this email message because you subscribed to this newsletter on our Web site. To unsubscribe, click the unsubscribe link:

View the Windows IT Pro Privacy policy at Windows IT Pro is a division of Penton Media, Inc. 221 East 29th Street, Loveland, CO 80538, Attention: Customer Service Department Copyright 2006, Penton Media, Inc. All Rights Reserved.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.