Windows 7 RTM Review: Improvements But Security Issues Remain

As with Vista, Windows 7 Enterprise and Ultimate come with BitLocker full-disk encryption. BitLocker is a little easier to use on Windows 7, however.

Specifically, Vista required planning for BitLocker right at the time of OS installation because a separate boot partition was needed. Windows 7 builds the boot partition automatically and slims it down (to 100MB in Windows 7 from 1.5GB in Vista). This allows users or administrators to add full-disk encryption well after initial installation without complications.

By default, BitLocker requires that the computer have an onboard TPM (Trusted Platform Module) chip in which to store the encryption keys. Users without a TPM chip can opt to use a USB stick instead, but that will necessitate some changes in Group Policy.

I tested BitLocker on the Lenovo T60p using the laptop’s TPM chip, as well as on the Dell XPS M1330 using a USB stick for the key. Depending on the size of the hard drive and the amount of data that needs to be protected, encryption can take several hours.

It took just under an hour to protect my relatively data-free test machine and more than three hours to encrypt a half full 80GB disk. Thankfully, the encryption process can be paused midstream to accommodate a system reboot and will resume after the next boot.

Enterprise administrators will find solid controls over both BitLocker and BitLocker To Go in Group Policy that can be distributed throughout the domain.

Administrators can control cipher strength, enforce authentication types and strength, and store recovery keys within Active Directory.

Bitlocker trouble in virtual machines

In one detail of note, I found that users running Windows 7 in a virtual machine will have trouble enabling BitLocker disk encryption. (I tried this out in VMWare Workstation 6.5, in my case.)

Specifically, the hypervisor would not virtualize the TPM chip, and the OS could not recognize a USB stick early enough in the boot process to work for BitLocker. Those who want to protect data within a VM running on Windows 7 should probably look into file or folder encryption instead of full-disk protection.

With Windows 7, no longer will administrators need boot media to attempt to recover a distressed or broken Windows instance, as the new OS features a Recovery Console that is accessible simply by pressing F8 upon boot.

During tests, I found that the recovery options differed significantly for administrators and limited rights users.

As a limited rights user, I was able to kick off a diagnostic scan called StartUp Repair that automatically looks at the validity of the file system, the hard disk and the registry, then, as a last resort, offers to let the user recover to the last System Restore checkpoint.

Page: 1 2 3 4 5 6 7

Andrew Garcia eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved

Recent Posts

Northvolt Mulls US Bankruptcy Protection – Report

Troubled battery maker Northvolt reportedly considers Chapter 11 bankruptcy protection in the United States as…

1 week ago

FTC Plans Investigation Into Microsoft Cloud Business – Report

Microsoft's cloud business practices are reportedly facing a potential anti-competitive investigation by the FTC

1 week ago

Programmer Sentenced To Five Years In Prison For Bitcoin Laundering

Ilya Lichtenstein sentenced to five years in prison for hacking into a virtual currency exchange…

1 week ago

Hate Speech Watchdog CCDH To Quit Musk’s X

Target for Elon Musk's lawsuit, hate speech watchdog CCDH, announces its decision to quit X…

1 week ago

Meta Fined €798m Over Alleged Facebook Marketplace Violations

Antitrust penalty. European Commission fines Meta a hefty €798m ($843m) for tying Facebook Marketplace to…

1 week ago

Elon Musk Rebuked By Italian President Over Migration Tweets

Elon Musk continues to provoke the ire of various leaders around the world with his…

1 week ago