Again - due to being a recent victim of computer theft, my new Windows 7 64-bit laptop required an encryption solution, to protect against future hardware theft being a huge data breach. Windows 7 is actually a very good candidate for full drive encryption using TrueCrypt.
http://www.truecrypt.org/ (http://www.truecrypt.org/)
With only the basic install and OS activation complete, I downloaded TrueCrypt, followed the online documentation, ran the wizard and was well on my way to a fully encrypted hard disk. The initial encryption stage ran for about 3 hours, but now due to TrueCrypt's pipelining and parallelization, there is no discernible performance hit.
I preferred this solution to Microsoft's own Bitlocker offering and so far I'm totally satisfied with TrueCrypt. It's free and very potent... if you need to secure your data - this is well worth looking into.
If it is free did you make sure they were not sending all your data to them during that 3 hour session :-)
nothing to send - was a fresh OS install... but regardless, the folks who do TrueCrypt are just serious security professionals who believe good encryption should be the right of everyone.
The product has be well reviewed and has been around for sometime now.
TrueCrypt is one of the poster children of the open source community. If there were any vulnerabilities or anything malicious in the code, it would be all over the web. I've used it for years and been amazed at how little it effects performance. We encrypt all our corporate laptops with it at the system level. Thanks to a handy little feature in the program, we've set the password prompt to "NO HARD DISK FOUND" so it looks like a dead soldier if someone steals/finds one of our laptops.
I'm a huge fan of Truecrypt and we avidly use it for our clients that have a limited number of computers they want to protect. It is missing the enterprise features that Bitlocker has - like storing the recovery password within Active Directory, support for TPM, support for USB key boot authentication, configuration settings through GPO, etc.
So I think in some scenarios Truecrypt is advantageous - fast to deploy, works on various OS's, reliable. But if one is tasked with supporting the encryption of dozens of computers, I think Bitlocker has some important advantages.
Quote from: Kevin Crow on April 30, 2010, 02:02:24 PMwe've set the password prompt to "NO HARD DISK FOUND" so it looks like a dead soldier if someone steals/finds one of our laptops.
Or maybe...
Police contacted and en route. Please wait here... ;D
Hey, you may as well have a little fun with the little jerks.
I've been using a TrueCrypted laptop for quite a while now, and I can't complain at all. Performance is great, as is security.
I've heard rumors of bad sectors on the drive causing unrecoverable data corruption, but I can't verify this. Nothing a good backup won't solve.
We also use TrueCrypt to encrypt and password protect flash drives. Good stuff.
Folllow-Up:
over the weekend my system became caught in a boot loop - involving a BSOD declaring UNMOUNTABLE_BOOT_VOLUME 0xEB (IIRC)
TC forums indicate I am not alone and this usually results in a emergency decryption from the Rescue CD - sure enough, I'm currently decrypting my entire sys volume.
Root cause - unknown.
Is there really a point to encrypting the entire C: drive rather than creating a partition for data and putting My Docs and such on it? Enough already can go wrong with boot drives.
If you can trust the OS not to leak anything critical out of the encrypted "sandbox" - then yes, you could just encrypt docs and settings. I don't trust Windows or Windows application authors enough to say that something important won't get put in another directory though.
In the near future full hardware encryption hard disks becoming commonplace, esp. in the notebook sector.
Presently I'm not sure what my response to this incident is going to be.
Quote from: Rick Chisholm on May 17, 2010, 11:56:59 AM
Presently I'm not sure what my response to this incident is going to be.
Be curious to see if a bad sector (or several) was at fault. How old is the drive?
Quote from: insurebaltimore on May 17, 2010, 01:35:46 PM
Be curious to see if a bad sector (or several) was at fault. How old is the drive?
It's a brand new Dell e6400... :-[
Re:
QuoteIs there really a point to encrypting the entire C: drive rather than creating a partition for data and putting My Docs and such on it?
For example when you open an attachment in TAM, it puts a copy in the Windows TEMP folder. Also, OWA (Outlook Web Access) downloads opened attachments to the IE or Windows TEMP folder (also a good reason not to open attachments in OWA on public computers).
And don't forget all those "work related" photos of Megan Fox in your IE files...
On Linux/OSX, I'd say no... no need to encrypt the entire drive. But Windows is such a <bleep>ing "free for all" that it's almost a requirement.