What could possibly go wrong? Isnât there enough trust lost with your international customers since the PRISM leak? Apparently you donât need those sweet euro-dollarsâŚ
You know when they said, âWindows 10 is the last version of Windows you will ever needâ? I think they were correct. Iâll hunker down in the Windowsâ 7 hole for a bit and keep casting increasingly desperate glances at Linux.
Dammit, I was just considering switching to 10 before they disable my Minecraft, only to see this. Donât I recall Microsoft saying, âDonât worry, nothing bad could happen!â
It looks like this is part of MSâ attempt to maintain differentiation between Windows Pro/enterprise SKUs and the practically-giving-it-away home versions without getting hammered by a bunch of ugly little stories about how much less secure than ipads all those little win tablets are.
So far as anyone knows, bitlocker, the version that ships with versions of Windows that Microsoft actually wants you to buy, doesnât move encryption keys anywhere without being specifically ordered to; can be used without any âmicrosoft accountâ nonsense, and so on.
The flavor that ships with Windows Peon Edition is architecturally bitlocker, nothing to gain by reinventing the wheel; but you cannot even turn it on without logging in with a âmicrosoft accountâ rather than a local user account, and the keys are automatically exfiltrated for your convenience, customer.
Cynical; but pragmatic on their part. They can both claim âcustomer demand/user experienceâ as a reason for storing those key backups(and, in fairness, they probably arenât lying; lots of users are very, very, surprised when they run into âno, we actually canât just reset your password and make it all better, period.â for the first time); and gimp their crypto features such that no pro/enterprise user will be able to touch the cheaper versions.
Its not funny because it is true
So you have to 1. Enable this, 2. Log into your microsoft account to use it. So splain to me how this affects someone who does neither?
Like the the other things Cory mentioned it does not have to be enabled and requires sign in to microsoft services (and because they put all the EULA language for their services in with the OS EULA everyone thinks they are one and the same).
And considering they may well have had plenty of people who bitlockered themselves out I kinda donât blame them for trying this.
What to other full disk encryption utilities do with their keys if you have an account with them? I honestly dunno. Only my work machine has full encryption and that has an automatic login or something. Nobody gets the password/key for it. I think maybe the helpdesk folk can look it up but we get given the thing already encrypted and never a password for it.
It sounds cynical, but I think this is spot on â I recently tried activating an OEM Office 2016 license on a Dell PC, but there was a glitch between Dell & MSFT. When I mentioned to the rep that itâs silly to tie these licenses to a Microsoft account the reason he promptly told me was âUsers kept losing their license keys, so they did this to help users keep track of themâ
Yeah this. Like I said in another thread Cory was saying how sysadmins were like parents and I said no. There are real reasons we do things like lock users out having admin rights on the pcs like no matter how much you educate them one will try and click the attachment, install the tool bar, etc which will then get loose in the enterprise and we have to fix that.
Basically you canât fix stupid and having it tied to the MSFT services account probably is the best way they can mitigate the stupid.
The main issue(though I donât remember it being a surprise: the Win10 UI wonât even let you turn it on if you clicked past the âHey, login with The Cloud Because Reasons!!!â startup screen and insisted on an oh-so-last-year local acount); is that the non-pro version of Win10 have no non-âescrowedâ disk encryption available, despite âbitlockerâ being technologically present.
Given that non-pro versions historically had nothing this may or may not be considered an improvement; but it is worth knowing: Microsoft will not allow you to use disk encryption, without grabbing a copy of your keys, unless you buy one of the Pro/enterprise SKUs. If you donât do that, you cannot use the feature at all without logging in with a microsoft account, rather than a local one; and your keys will leave the system, without any particular assurance that âdeleteâ means âreally deleteâ.
Well considering I donât keep anything I want/need encrypted locally on my machine and would rather use other options for encryption.
But having had to deal with the stupid of userland for over 20 years now⌠I have trouble seeing what they are doing as specifically evil over how do we keep from having to tell them sorry it is all gone because you were an idiot⌠A LOT. Probably not the best solution but I can understand why they want to do it that way.
This is the paradigmatic conflict between administrating systems and consumerism. Anybody with personal/household/portable computers is actually a sysadmin, regardless of their degree of competence. People learn through failure. Itâs not as if I havenât learned by breaking my own installs, or getting locked out of my own boxes. Saying âItâs OK, you donât need to learnâ makes the marketplace only more foolish. If some people are resolved to never learn, then perhaps computers arenât for them.
Having a culture based upon exploiting stupid doesnât help, since it appears to reward stupid, this leaves few people interested in fixing the underlying cognitive problems.
But is that really a bad thing? Without getting so personal about it, at least. People being responsible for their systems seems to be preferable to vendor-as-babysitter.
This. This is why I use TAILS (tails.boum.org) and PGP.
I have a weedy 128gig SSD drive for my C Drive and a couple of terabyte drives for storage. MS âpreloadedâ Windows 10 on to my C Drive; taking up the last 6gig of free space. This stopped me updating ARMA 3, the whole reason why I bought my computer.
I thought, thatâs okay, I can move the Windows 10 files to one of my storage drives and leave it in a cold dark corner somewhere. I can then put a symbolic link on the C Drive to prevent MS from feeling the need to re-preload those pesky files. Unfortunately, despite having admin rights on my own computer, MS denies me the authority to move those files. Fecking tossers.
Can you boot to linux, mount the disk, and move the files that way?
Astonishingly, Iâve not got Linux yet But that sounds like a plan.
There are live distros out there that you can boot from a USB disk. I used to rely on Knoppix, But you can likely get something smaller and more agile.
With something small enough to not waste much space, and a cellphone that can expose its SD card as a USB mass storage, thereâs even a chance of carrying a live CD always with you.
The only reason I would build a Windows machine nowadays is for game playing. Considering that most of my games can run quite happily under Windows 7, I see no reason to go to Windows 10.
Iâm already engaged in full binary computing practices. Anything important I run on Linux with SELinux set up properly. If itâs school or business related, Iâll use Windows 10. If people want to steal my homework, theyâre welcome to it. Iâm not sure how much I should be protecting my search history, but Iâve defaulted to âI donât care⌠for now.â
But as @TobinL points out, I think thereâs a benevolent seed in the idea. I donât think itâs immediately insidious, but this is what happens when we donât successfully defang the corrupt national security apparatus: We are forced to default to paranoia, because itâs the only substitute for real accountability.
Hello,
Pervasive device encryption has been a feature of Windows since Windows 8.1 was released in 2013. I wrote about it in a blog post and paper, Windows 8.1 - Security Improvements, and even tried to get some reporters interested, but no one seemed to think it was an issue.