Quite a well informed article about Bitlocker and alternatives, which of course echoes what has already been discussed here: https://www.wilderssecurity.com/threads/hard-disk-encryption-options.372834/page-3#post-2470206 and other previous threads. There are two things that strike me about the whole FDE/Windows/Linux heated debate: First, what's the point of limiting attention on the FDE itself, when we know endpoint security is terrifically weak anyway? I mean, it's a good idea to do it, but it depends on your adversary. Second, none of the common FDE solutions strikes me as actually meeting the modern set of threats for a very important reason: once you've unlocked the drive/container, all of the files are open to all process; and this makes it way too vulnerable to RATs and such. Seems to me that what is needed is a distinct storage subsystem (with different processor and RNG) - maybe a smart usb drive with display - and also some TFA with user consent to open files which have been individually encrypted with different salts.
That is the bottom line concern, I think. He does have a point that LUKS in Linux is vulnerable to "evil maid" /boot exploit. But paranoids can put /boot on an SD card, and even wipe the LUKS header. I've also seen guides for including /boot in the LUKS volume. While there must obviously be something unencrypted on disk, maybe it's less exploitable. Anyone know?
Direct paste from article: Seriously? Then you could only comply with legitimate legal requests IF there is a backdoor available. They would have said no if there was no backdoor at all. My .02
As mirimir said, this is a serious matter. However, it is also possible for them to avoid that question in order to avoid the wrath of the 3 letter agencies (if the answer would be "NO"). So it is very hard to reveal the truth behind Microsoft's words.
Of course that makes some sense too! However; it would seem their business model (as a for profit business) would be to maximize the use of their products and bolster its reputation. Leaving severe doubts as to the encryption's ability to withstand a Gov adversary would be counterproductive. I mean this in all sincerity; if I knew I could trust this product in the respect we are examining it, I would start encrypting my system disk with BitLocker immediately. It would be seamless and integrated, but I don't trust it for numerous reasons, and that "crappy" answer to the backdoor question reinforces my doubts.
A lot of smoke & mirrors in some of the responses in the article, which makes me Very suspicious. "Requires an administrator action to turn it on" Hello, isn't that what malware can do, eg .GOV malware !
Unfortunately this tells us all that we need to know. Microsoft probably is subject to some type of secret gag order under some provision of a law that we are not aware of. The problem being in a non-US country is that basic legal protections that may apply to US citizens are non-existent. They probably dont even need a warrant to get my bitlocker drive opened. This is the dilema of being a US tech company, you can say all you want but it is very hard to believe that you are not giving the NSA whatever it wants.
Is there some OEM OS that isn't vulnerable to boot exploits? I don't think I've ever heard of a software solution to an adversary having direct physical access to the machine itself.
