Windows 10's Bitlocker feature will now use software encryption on SSDs by default

[nanoguy]

What just happened? Most people who buy SSDs and use the baked in hardware encryption capabilities as provided by manufacturers trust their data to be safe. However, it turns out the firmware on these devices is prone to relatively simple attacks that offer hackers an easy way to access your data, so Microsoft is changing the default Windows 10 behavior to use software-based AES encryption regardless of any encryption done internally by the SSD itself.

SSDs are getting faster and cheaper every year, but there's one feature that is as important to professionals, and that is security and encryption. Judging by a security advisory issued by Microsoft last year, it looks like manufacturers are leaving a lot be desired in that regard.

The company received many reports of vulnerabilities in the hardware encryption used by self-encrypting drives, so it made some changes with a recent Windows 10 update to enable software encryption by default on any newly connected SSDs. This was discovered by SwiftOnSecurity, who believes Microsoft no longer trusts SSD manufacturers after research has shown that firmware can be easily exploitable thus making locked down data accessible. Even more concerning is that manufacturers like Seagate expose the update process so much that a determined hacker can easily compromise a storage drive.

On a more positive note, enterprise-class SSDs do feature stronger encryption and have better quality firmware, so Microsoft is likely targeting consumer devices with the change. It's also worth noting that modern CPUs have special instructions that greatly reduce the performance hit that comes with using software encryption. The change will not apply to existing drives, but you can switch them over to software encryption by unencrypting and then re-encrypting them if you so desire.

Permalink to story.

https://www.techspot.com/news/82128-windows-10-bitlocker-feature-now-use-software-encryption.html

 

[dualkelly]

The Irony. All the while windows 10 gives MS unlimited backdoor access to your data hell I am willing to bet most users are happy to give their data to MS. Seen enough fanbois to know how happy they are giving their data to ms.

 

[CrazyDave]

All the while windows 10 gives MS unlimited backdoor access to your data

Have any facts to back that statement up?

 

[Bullwinkle M]

All the while windows 10 gives MS unlimited backdoor access to your data

Have any facts to back that statement up?

There is an endless supply of evidence that Spyware Platform 10 is backdoored at every level, including the firewall and bitlocker

Spyware, extortionware , blackmailware and backdoors are Microsofts main business after all

What has never been found, or ever will be, by you or anyone else, is evidence that Windows is safe or secure for the end user

 

[CrazyDave]

There is an endless supply of evidence that Spyware Platform 10 is backdoored at every level, including the firewall and bitlocker

Spyware, extortionware , blackmailware and backdoors are Microsofts main business after all

What has never been found, or ever will be, by you or anyone else, is evidence that Windows is safe or secure for the end user

I enjoy reading conspiracy theories as much as the next guy, I've just never seen any actual hard evidence of MS having full access to my stuff, just conjecture and rumours. This is the reason I ask for a link or reference to back it up. I'm truly interested in learning how MS accomplishes this and how it affects me.

And yes, I'm being lazy and don't feel like googling it myself and trying to filter out the rubbish from fact.

 

[Darth Shiv]

All the while windows 10 gives MS unlimited backdoor access to your data

Have any facts to back that statement up?

Government policy to mandate undisclosed backdoors. That good enough for you? You know... the five eyes bullshit?

 

[Uncle Al]

There is an endless supply of evidence that Spyware Platform 10 is backdoored at every level, including the firewall and bitlocker

Spyware, extortionware , blackmailware and backdoors are Microsofts main business after all

What has never been found, or ever will be, by you or anyone else, is evidence that Windows is safe or secure for the end user

I enjoy reading conspiracy theories as much as the next guy, I've just never seen any actual hard evidence of MS having full access to my stuff, just conjecture and rumours. This is the reason I ask for a link or reference to back it up. I'm truly interested in learning how MS accomplishes this and how it affects me.

And yes, I'm being lazy and don't feel like googling it myself and trying to filter out the rubbish from fact.

Actually, if you took time to read it, that was one of the facts that Edward Snowden revealed awhile back ...

 

[CrazyDave]

Government policy to mandate undisclosed backdoors. That good enough for you? You know... the five eyes bullshit?

I do believe that this US government law has not been passed. So no, not good enough.
I also suspect that the public backlash for a law like that would be substantial, at a minimum, certainly not something that will just go under the radar

Tech companies do not implement what is required for a law until it is passed. These laws normally involve action once they are in law over an implementation period and not while being discussed and formalized, as they can't be enforced.

 

[CrazyDave]

Actually, if you took time to read it, that was one of the facts that Edward Snowden revealed awhile back ...

You had me interested here, and after a quick search, Snowden did in fact reveal NSA interaction with Outlook.com, SkyDrive and Skype. I see no mention of Windows 10.

 

[Bullwinkle M]

There is an endless supply of evidence that Spyware Platform 10 is backdoored at every level, including the firewall and bitlocker

Spyware, extortionware , blackmailware and backdoors are Microsofts main business after all

What has never been found, or ever will be, by you or anyone else, is evidence that Windows is safe or secure for the end user

I enjoy reading conspiracy theories as much as the next guy, I've just never seen any actual hard evidence of MS having full access to my stuff, just conjecture and rumours. This is the reason I ask for a link or reference to back it up. I'm truly interested in learning how MS accomplishes this and how it affects me.

And yes, I'm being lazy and don't feel like googling it myself and trying to filter out the rubbish from fact.

Like Reagan, you're doing it wrong!

Trust but verify is an *** backwards way of doing things

You will be compromised for years until you have evidence which may be dificult when the the software is closed source

The correct way is to verify first

When Microsoft makes claims of safety or security with Windows without any evidence to back them, we can make a direct counterclaim without any evidence

A level playing field

If you demand evidence of backdoors or spyware, you "choose" to trust Microsoft without any evidence

Why would you "choose" to trust a Company that has repeatedly shown it cannot be trusted?

There is really only one question you should be asking (but probably won't) >

Is it Safe?
https://www.bleepingcomputer.com/forums/t/699803/is-it-safe/

Need more?

If Bitlocker is not backdoored, then why has the F.B.I. never once asked (or demanded) a backdoor for Bitlocker when they have repeatedly asked for (or demanded) backdoors for other encryption schemes that they cannot access?

If the Windows firewall is not backdoored, then why can you not stop Microsoft from accessing your computer and making changes when you are online?

If the Activation License grants Microsoft full access to all of your data, to be used however Microsoft see's fit (with no recourse to you) how is that not extortion?

How can you legally enter into a binding license for software you don't understand and cannot fix due to it's closed source if the licence itself contains blackmail and extortionary terms?

How can you license a product when the Company in question cannot even prove that they own the sourcecode within that product?

Why are we not allowed to see the sourcecode unless we first.....
Sign a non-disclosure agreement, and....
Work for the N.S.A., C.I.A., F.B.I or other shady criminal gang?

Why ?

You answer my questions, and I'll gladly answer yours

 

[cliffordcooley]

As long as MS doesn't default my SSD drive to being encrypted, I've nothing to complain about.

 

[DrSuess]

All the while windows 10 gives MS unlimited backdoor access to your data

Have any facts to back that statement up?

There is an endless supply of evidence that Spyware Platform 10 is backdoored at every level, including the firewall and bitlocker

Spyware, extortionware , blackmailware and backdoors are Microsofts main business after all

What has never been found, or ever will be, by you or anyone else, is evidence that Windows is safe or secure for the end user

Windows 10 can be locked down to be compliant with Security Technical Implementation Guides (STIG) which makes the system secure enough to process classified data. So when properly configured by competent people it can be pretty secure.

 

[Darth Shiv]

You had me interested here, and after a quick search, Snowden did in fact reveal NSA interaction with Outlook.com, SkyDrive and Skype. I see no mention of Windows 10.

Snowden's disclosures were data a few years BEFORE Win10 was released so that would be quite a feat.

 

[CrazyDave]

Is it Safe?
https://www.bleepingcomputer.com/forums/t/699803/is-it-safe/

Need more?

If that link is what you're basing your opinion on, lets call this conversation over. It tells me everything I need to know. I've seen nothing that logically proves, or even provides sufficient evidence to back your Windows 10 "Spyware/backdoor" view.

You can have your point of view and I'll keep mine. Ignorance is bliss, right?

 

[Bullwinkle M]

Is it Safe?
https://www.bleepingcomputer.com/forums/t/699803/is-it-safe/

Need more?

If that link is what you're basing your opinion on, lets call this conversation over. It tells me everything I need to know. I've seen nothing that logically proves, or even provides sufficient evidence to back your Windows 10 "Spyware/backdoor" view.

You can have your point of view and I'll keep mine. Ignorance is bliss, right?

Logic?

I gave you that!

The FBI does not publicly complain about encryption they can access (like Bitlocker)

They publicly complain about the encryption schemes that block FBI access

Yes, they "may" be backdoored, but not for the FBI

The only secure encryption scheme is the one you understand and can verify

The conversation is not about proof

There can be no proof when the encryption is closed source

The conversation is about Trust!

Why would you "choose" to trust a Corporation that has never shown itself to be trustworthy?

Are you a stockholder, a criminal co-conspirator, or just incompetent?

 

[netman]

No thanks...This is going to slow the SSD performance...

 

[Ramrunner]

As long as MS doesn't default my SSD drive to being encrypted, I've nothing to complain about.

Well that's the interesting part. I pre-install a lot of customer PCs and with the MOST RECENT build of 1903 HOME EDITION (yep you read that right not even PRO), if I preinstall without products key, then even if I pre-activate the machine once all drivers/updates are in (yes, with a HOME key), the C: drive will be bitlocker encrypted.

I physically need to use bitlocker to un-encrypt the drive (which is supposed to be only available on PRO).

I don't have the bitlocker option on my RAZER home notebook, even though it's been upgraded to the latest 1903, but the pre-install I do does.

WEIRD????????

This started a few months back when I upgraded my install image with the latest 1903

 

[CrazyDave]

Logic?

I gave you that!

The FBI does not publicly complain about encryption they can access (like Bitlocker)

They publicly complain about the encryption schemes that block FBI access

Yes, they "may" be backdoored, but not for the FBI

The only secure encryption scheme is the one you understand and can verify

The conversation is not about proof

There can be no proof when the encryption is closed source

The conversation is about Trust!

Why would you "choose" to trust a Corporation that has never shown itself to be trustworthy?

Are you a stockholder, a criminal co-conspirator, or just incompetent?

I think your tin-foil hat needs another few layers of tin-foil.

 

[GirlDownunder]

Intel ME & AMD PSP are suspicious:

"You are probably talking about Minix3 running on the Intel Management Engine.

Yes, AMD has something similar: a small ARM cpu inside their Ryzen series running a Trusted Execution Environment OS called tbase (teebase?) on a platform called TrustZone.

We do not yet know what it can do exactly, but we do know that it has high-speed access to at least memory, firmware and the rest of the cpu and it can run at least two different kinds of programs (trustlets and services) with different security levels depending on how it downloaded them and who signed them. It also has a small amount of RAM and non-volatile storage as well as a unique hardware identifier.

The entire system goes under the name Platform Security Processor."

HyenaCheeseHeads

https://www.reddit.com/r/Amd/comments/7bybiw

 

[Bullwinkle M]

Well that's the interesting part. I pre-install a lot of customer PCs and with the MOST RECENT build of 1903 HOME EDITION (yep you read that right not even PRO), if I preinstall without products key, then even if I pre-activate the machine once all drivers/updates are in (yes, with a HOME key), the C: drive will be bitlocker encrypted.

I physically need to use bitlocker to un-encrypt the drive (which is supposed to be only available on PRO).

I don't have the bitlocker option on my RAZER home notebook, even though it's been upgraded to the latest 1903, but the pre-install I do does.

WEIRD????????

This started a few months back when I upgraded my install image with the latest 1903

Sounds like you have the "Untrusted Platform Module"

https://www.tenforums.com/tutorials/36454-verify-trusted-platform-module-tpm-chip-windows-pc.html

I seriously doubt 1903 is the cause or we would be hearing about it at every site

 

[Gars]

Have any facts to back that statement up?

just take a look at my hosts file (in forum mode attached)
that's after ShutUp10