IgNiTeD SoUL

Screaming headlines in recent years have made the public aware of stolen laptops and

desktop computers that contained the personal records of thousands of millions of individuals.

These thefts might not have exposed anyone’s personal data if the hard drives in

the stolen computers had been encrypted and protected by strong passwords.

Various third-party solutions have long been available to encrypt sensitive data folders

and entire hard drives. With Vista, Microsoft now enters this market with BitLocker Drive

Encryption.

BitLocker has some advantages over competing encryption products because, integrated

as it is into Windows, it can check the integrity of a computer system before the Windows

user interface is ever loaded. BitLocker can tell when a hard drive has been moved to a

different computer—as would be the case if a drive had been stolen—and can defend

against brute-force attacks.

BitLocker also integrates with Microsoft’s Active Directory domain service scheme. The

remote storage of digital keys that can unlock or restore data if a user forgets a password is

a difficult and labor-intensive chore for IT administratrors. BitLocker handles this by using

Active Directory to escrow the keys securely, while still being able to help an authorized

(but forgetful) user access crucial data that’s stored in a password-protected drive.

BitLocker is available only in Vista Ultimate Edition, which can be purchased separately

or upgraded to from the Home and Business Editions, and Vista Enterprise Edition, which

can be purchased separately or upgraded to from the Business Edition.