Linux vs Windows:Vista

[eeyrjmr]

I would of started this thread over at the Gentoo forum but it would of got hijacked.
I would of started this thread in [H]ard OS secion but would of got screammed at being a windows hater (which I am not)

I want to start this thread here then see if I can get some Windows-lovers/Vista testers input as well



What exactly does Vista bring that Linux cannot do?

From what I see Vista brings:


Aero + other 3D stuff
Bitlocker
Better search
DRM
DirectX 10



So can Linux match it?

Well I have just finished emerging all of the Xgl stuff from a nice overlay (to try out) BUT ppl have it working, from what I see the Xgl stuff exceeds what Aero will provide, equally with Cairo taking the desktop to a vector as opose to a raster-desktop that is also exceeded.

Bitlocker: Thats just a hardware chip to encript data. You can already make a loopback filesystem in a file and encrpyt it and mount it for use (passwd protected). IF bitlocker is just a place to store the keys it is hardware and sooner or later it will be interfaced to, not so much of a biggy

We already have Beagle and it is a fantastic search so even when Windows gets WinFS, still have exceeded it

DRM, do we want it? no, do we need it? no!!!

DirextX 10, only real advantage is for DirextX10 games, OpenGL is good

 

[Whatsisname]

What GNU\Linux has that windows does not, is freedom. That should be the number 1 reason why someone would choose to use it in my opinion.

 

[Bullitt]

I'll have to keep a MS install on my "fun" box because all the cool kids arent porting my favorite games to 'nix. I will still use my 'nix boxes for my real work.

 

[Gorankar]

What win has that nix lacks.. Not much really.. Driver support, game compatibility, and general ease of installation and use still go to windows.. With win you pretty much never need to use the command line either..
That is really about all win has over nix..

Nix has price, freedom, security(for the most part), is more customizable, and has a general "stick it to the man" feel.. Also most biz apps have either a nix port or a nix equivelant..

My wife uses ubuntu only, my kid and I would use it, but we like our games too much, and both positively hate dual booting..

Edit: I guess what I said really applies more to Xp and previous versions of windows, and not really vista alone.. But, I have no reason to believe Vista will be any different than earlier win versions, when it comes to compatibility,ease of install/use, and driver availability(when it is actually released that is)....

 

[SJConsultant]

Bitlocker: Thats just a hardware chip to encript data. You can already make a loopback filesystem in a file and encrpyt it and mount it for use (passwd protected). IF bitlocker is just a place to store the keys it is hardware and sooner or later it will be interfaced to, not so much of a biggy

Bitlocker is Microsofts terminology for their full hard drive encryption which works in conjunction with a TPM chipset in the computer.

Microsoft has a way in which a user can use Bitlocker without a TPM, but IMO it is less secure and subject to cause more problems than it is worth using the non-tpm method.

TPM is simply a security subsystem in a PC, no doubt in time, *nix users will have the same capability.

 

[M11]

Why anyone would trust Bitlocker, or any other TPM-based and Microsoft backed encryption scheme is beyond me.


www.truecrypt.org


Do yourself a favor and get an open encryption system free of any possible interference by Microsoft or the government. While I'm certainly not implying there are any backdoors or weaknesses (intentional or unintentional) in Bitlocker, I'm not about to trust my security to something I can't inspect.

One is open to inspection, the other isn't. This is a no-brainer.

Not to mention, Bitlocker has a de facto requirement of a TPM chip, which no sane person would want to begin with.


This mantra of "everything new must be a feature, and every feature must be good" really needs to go.

 

[SJConsultant]

Not to mention, Bitlocker has a de facto requirement of a TPM chip, which no sane person would want to begin with.

Apparently you don't take any time to read the *facts*. If you had then you would have seen that bitlocker in fact can work *without* a TPM chip.

Take the time to read the links people provide before making such an uninformed post.

 

[M11]

Apparently you don't take any time to read the *facts*. If you had then you would have seen that bitlocker in fact can work *without* a TPM chip.

Take the time to read the links people provide before making such an uninformed post.

DE FACTO = REQUIRED FOR FULL FUNCTIONALITY


Bitlocker uses certain functionality provided by a TPM chip, and thus, does not function to the fullest of its ability in its absence.

http://en.wikipedia.org/wiki/BitLocker_Drive_Encryption

BitLocker provides three modes of operation. The first two modes require a cryptographic hardware chip called a Trusted Platform Module (version 1.2 or later) and a compatible BIOS:

* Transparent operation mode: This mode leverages the capabilities of the TPM 1.2 hardware to provide for a transparent user experience – the user logs onto Windows Vista as normal. The key used for the disk encryption is sealed (encrypted) by the TPM chip and will only be released to the OS loader code if the early boot files appear to be unmodified. The pre-O/S components of BitLocker achieve this by implementing a Static Root of Trust Measurement – a methodology specified by the Trusted Computing Group.
* User authentication mode: This mode requires that the user provide some authentication to the pre-boot environment in order to be able to boot the O/S. Two authentication modes are supported – a pre-boot PIN entered by the user or a USB device inserted that contains the required startup key.

The final mode does not require a TPM chip:

* USB-Key: The user must insert a USB device that contains a startup key into the computer to be able to boot the protected O/S. Note that this mode requires that the BIOS on the protected machine supports the reading of USB devices in the pre-O/S environment.

Bitlocker has been billed as an easy to use encryption system for idiots, and was specifically designed so that the lowest common denominator could use it reliably, and without significant risk of data loss. The ability to fall back on USB dongles was not the primary design goal, and is certainly not a selling point. Dongle based encryption schemes have been around for years, and are not going to become magically more convenient, and less prone to key loss now that Microsoft is making them. There are quite a few good reasons why dongle based encryption hasn't been prevalent outside of the most security-intensive of applications, and why dongle based encryption is unlikely to ever become prevalent even in the areas it could do a lot of good in.

Take the time to comprehend the posts of others, before jumping to erroneous conclusions concerning your factual superiority and proceeding to lambast someone else for it.


You lose, good day sir.

 

[SJConsultant]

DE FACTO = REQUIRED FOR FULL FUNCTIONALITY

No, bitlocker can be used either with or without TPM. No where in the wiki article (which btw links to the same page I posted earlier) does it indicate any functionality is lost by not using TPM.

Bitlocker uses certain functionality provided by a TPM chip, and thus, does not function to the fullest of its ability in its absence.

See above.

The only difference between tpm and non tpm is where and how the keys are accessed and stored. Choosing USB vs. TPM does not reduce the overall functionality of bitlocker.

 

[M11]

No, bitlocker can be used either with or without TPM. No where in the wiki article (which btw links to the same page I posted earlier) does it indicate any functionality is lost by not using TPM.

Please re-read the statement I chose to increase the font size of.

See above.

The only difference between tpm and non tpm is where and how the keys are accessed and stored. Choosing USB vs. TPM does not reduce the overall functionality of bitlocker.

No, you are wrong. TPM as a whole was designed to create a sub-OS level of data security to prevent exploitation by malicious software. Bitlocker functionality is lost by not having a TPM chip present, since malware will be able to access keys easily in the absence of the TPM-based functionality.

If you haven't been following the whole Trusted Computing fiasco, the main appeal to consumers is protection from malicious code by implementing security in a (supposedly) un-tamperable module operating below the OS. In reality, Trusted Computing is a trojan horse in itself, since it entices users into accepting a framework for incredibly restrictive DRM by offering the benefit of stopping amateur malware from accessing certain secured data.

Without the functionality provided by the TPM, Bitlocker is reduced to yet another dongle based solution, which is ultimately worthless to most users, as it requires possession of the USB key, and ultimately not losing it. These dongles have been around for years, and were never meant for the mainstream. Bitlocker's only mainstream appeal is its ability to use a PIN-based security mechanism, and thus eliminate the drawbacks which have prevented dongles from being widely adopted.

 

[Krycek1]

Always fun comparing Linux to an operating system that is 6+ months from launch.

 

[SJConsultant]

M11,

You still haven't provided any factual information that clarifies your statements, in fact your statement of:

DE FACTO = REQUIRED FOR FULL FUNCTIONALITY

Bitlocker uses certain functionality provided by a TPM chip, and thus, does not function to the fullest of its ability in its absence.

is simply your opinion until you provide links to information supporting your position.

It is certainly more secure (and convienent) to have the keys stored in TPM vs a USB key, but to say Bitlocker requires TPM is completely false.

 

[M11]

You still haven't provided any factual information that clarifies your statements, in fact your statement of:

See wiki link and MS link.

is simply your opinion until you provide links to information supporting your position.

See wiki link and MS link.

It is certainly more secure (and convienent) to have the keys stored in TPM vs a USB key

Oh wow, holy shit, that sounds like functionality right there. Not having to keep track of a USB key at all times is indeed a feature, as is the inaccessibility of master encryption keys to malware running with adminsitrator privledges.

but to say Bitlocker is less functional in terms of providing encryption without TPM is completely false.

Are you illiterate? What part of "The first two modes require a cryptographic hardware chip called a Trusted Platform Module (version 1.2 or later) and a compatible BIOS" do you not understand?

Thus, without the TPM present, the first two modes are not even an option, and Bitlocker becomes yet another dongle based system, because we all know those have never been tried before.



...that is, assuming you aren't just trolling

 

[SJConsultant]

Are you illiterate? What part of "The first two modes require a cryptographic hardware chip called a Trusted Platform Module (version 1.2 or later) and a compatible BIOS" do you not understand?

I understand it completely, you just seem to miss the point that Bitlocker can still be used *without* TPM.

...that is, assuming you aren't just trolling

No, however you might want to take a look in the mirror and reread your first post.

 

[M11]

I understand it completely, you just seem to miss the point that Bitlocker can still be used *without* TPM.

And I can use my car without gasoline, if all I want is a place to sit out of the rain. This is not what cars were designed for, however.

No, however you might want to take a look in the mirror and reread your first post.

Suggesting that users seek out an open, third party system, unencumbered by hardware of dubious good faith is hardly trolling. Not many people are well versed in security, let alone encryption, which is why I provided an alternative to Bitlocker which, for the vast majority of users, provides a superior level of functionality.

Contradicting material you just quoted, when you know better, is trolling.


Anyway, I'm done with this thread. What could have been an informative discussion on quality encryption systems and the nature of Bitlocker has been derailed by yet another troll.

 

[SJConsultant]

And I can use my car without gasoline, if all I want is a place to sit out of the rain. This is not what cars were designed for, however.

Not even a close analogy.

Why do you insist that using a USB dongle as a built in option for storage of encryption keys somehow reduces the encryption capabilities of bitlocker?

The end result is the same whether TPM or USB dongles are used.

Suggesting that users seek out an open, third party system, unencumbered by hardware of dubious good faith is hardly trolling. Not many people are well versed in security, let alone encryption, which is why I provided an alternative to Bitlocker which, for the vast majority of users, provides a superior level of functionality.

Yet, Truecrypt cannot natively enrcypt the OS partition like Bitlocker can.

Contradicting material you just quoted, when you know better, is trolling.

Nothing I said is contradictory. Microsoft provides *three* different ways of using bitlocker with or *without* TPM. You simply refused to acknowledge the end result is the same.

Anyway, I'm done with this thread. What could have been an informative discussion on quality encryption systems and the nature of Bitlocker has been derailed by yet another troll.

Trolling? Let's see who the troll is.....

Why anyone would trust Bitlocker, or any other TPM-based and Microsoft backed encryption scheme is beyond me.

Strictly your opinion, but I must say you have an awful lot of resentment towards MS and/or TPM in general which obviously means you are going to see things one sided,

Do yourself a favor and get an open encryption system free of any possible interference by Microsoft or the government. While I'm certainly not implying there are any backdoors or weaknesses (intentional or unintentional) in Bitlocker, I'm not about to trust my security to something I can't inspect..

If you had no intentions of implying, why even say it?

One is open to inspection, the other isn't. This is a no-brainer.

Let's see, if people choose to use a closed source software, they are somehow what? less intelligent? stupid even? How is this comment not trolling?

Not to mention, Bitlocker has a de facto requirement of a TPM chip, which no sane person would want to begin with.

This comment is the sole source of the problem, Microsoft provides three methods of unlocking a system encrypted with Bitlocker, yet you insist the third option is not even an option in later arguements.

Your own link to wikipedia does not say anything about reduced functionality, neither does the MS webpage linked by that yet you still refused to acknowledge it.

Remind me again who is the troll?

 

[Whatsisname]

they've been working on it for 5 years, microsoft's put it out in the open, comparisons are fair game.

Always fun comparing Linux to an operating system that is 6+ months from launch.

 

[Valnar]

I use TrueCrypt myself and have it on all my computers. Some file/drives are only a couple hundred meg, but I have one that's 100Gb. There is always something on every PC that should be protected.

We use 3DES and AES for VPN, WPA for wireless, so why not also protect the physical computer's data? In a couple years, programs like this will be ubiquitous and this conversation will seem silly. 'Might as well start now.

I've never had an issue with TrueCrypt. Works great.

Robert

 

[HHunt]

I've thought about drive encryption, but ultimately decided not to. I just don't have any data that's worth it. The only thing remotely interesting on my drives is probably my paypal password.
I have to ask: What does the average home user need to protect that badly?

 

[Drudenhaus]

Does drive encryption really matter for 99.999% of end users? No...

Maybe if you use financial software and/or save passwords for websites or something, then maybe. Personally, I don't save passwords/form info (to websites and such) and I don't save any of my tax return info or anything of that sort on my computers.

 

[Whatsisname]

who knows, who cares? Why shouldn't everyone always have the full capability of their computers at their disposal?

I have to ask: What does the average home user need to protect that badly?

 

[HHunt]

who knows, who cares? Why shouldn't everyone always have the full capability of their computers at their disposal?

If we are to belive a previous poster, it's already fairly easy to set up, and by all means, I'm not stopping anyone. I'm just wondering if it's ever going to be something the (mythical, I know) average user will ever need. I would even go so far as to say that the average user would probably prefer his data to be easy to recover if anything happens to the drive (or key storage).

IOW: I don't think this is a killer feature or even a very important one, even less because it's already solved by 3rd-party applications for those who desire it.