Scrambled Bits – Part One: BitLocker

by Scott Roche on November 8, 2010 · 0 comments

in Windows

[This week we are pleased to bring you the debut review from Scott Roche, our Windows corespondent for the Blog. Please welcome Scott, and enjoy part one of this three part series. – Editor]

Security is, unfortunately, not number one on many peoples’ minds when it comes to their home computers. Oh sure, they think about anti-virus and anti-spyware software, but that’s about the extent of it. When it comes to a bit more intensive precautions I’ve seen eyes glaze over or roll completely back into the individual’s skull. I can’t blame them. Most people who own computers aren’t geeks and they aren’t as aware of the dangers out there as the pros. Or, if they are aware, they’re often scared or confused to the point of immobility. Hopefully, with a few simple pointers, we can change that.

One particular concern that many businesses make a top priority is that of encrypting the data on their computers. Essentially they use software to scramble the ones and zeros on their PCs so that only the correct password can grant access to anything readable. This ensures that it will be more difficult for anyone to steal the data itself once they have possession of a computer or its hard drives. Given the fact that laptops are more affordable and therefore more common (in addition to being easier to steal), now is the time for us regular folk to take precautions along those same lines. Thankfully, doing so doesn’t have to be expensive or complicated.

The Windows operating system gets a lot of flack from people, but I will say that Microsoft does do a few things right. With each new version they often incorporate a feature that previously required a third party piece of software. Well, they finally did that with encryption and in today’s edition we’ll look at their tool.

Windows Vista, in the Enterprise (only available to volume license customers) and Ultimate ($259-$399) editions, was the first version of Windows to offer built in encryption. This feature is also available in Windows 7 in the Enterprise and Ultimate editions only. They call it BitLocker and if you have the hardware necessary to support it, it encrypts the entire drive on the fly. That means that once you have activated it and logged on, everything happens behind the scenes after the initial encryption.

In order to take advantage of it there is a relatively minor hardware requirement. You must check to see if your mother board/BIOS supports Trusted Platform Module (TPM). Open Bitlocker Drive Encryption by clicking the Start button, clicking Control Panel, clicking Security, and then clicking Bitlocker Drive Encryption.‌ If the TPM administration link appears in the left pane, your computer has the TPM security hardware and you may proceed.

If you do not see the link there’s an excellent tutorial on how to activate it on a non-compliant motherboard here. All that is required is a USB hard drive or “thumb drive in place of the TPM support. Once successfully configured, even if someone removes the hard drive from your computer, it will be unreadable without the correct password.

So what happens if you forget your password/PIN? When you first install BitLocker, you’re presented with the above options. You can print or save the recovery password. I don’t recommend the “Save the password in a folder” option. I would recommend printing it and saving it on a USB key and putting those backups each in a separate location, perhaps even off site. This may seem excessive to some, but it’s not very secure if it’s right by your machine. In addition if your backup is destroyed in a fire or other disaster, it’s not much use. Unfortunately if you lose this recovery key there will be no way to recover your data.

So, there you have it. If you have one of the newer versions of Windows, or were planning to upgrade, you should have everything you need to make sure that the “bad guys” out there will have a harder time getting access to your data. While this isn’t as important as making sure your anti-virus is working and up to date or having all of your security patches installed, I would highly recommend taking these steps if you have a laptop. It’s not a bad idea to install and configure this for a desktop computer either.

If you don’t have Vista or Windows 7 there are good options out there for you as well. I’ll talk about that and about a way you can encrypt USB drives and other portable media as well in future installments.

[Scott will be back with part 2 of this series in approximately four weeks. In the mean time, wish him luck with his NaNoWriMo effort! – Editor]

Previous post:

Next post: