Ravindra Kulkarni
In Windows XP and previous NT-based versions of Windows, Microsoft offered a feature
called Encrypting File System (EFS) that enabled users to encrypt important folders or
files. This prevents thieves from accessing sensitive data should your computer be physically
stolen: If the thief removes your hard drive and attaches it to a different computer,
any encrypted files cannot be read. EFS has proven to be a popular feature with businesses
that have many roaming executives with laptops, with IT administrators, and the
security conscious.
EFS is still present in Windows Vista and works as before, but it’s been augmented by a
new technology called BitLocker. Like EFS, the new BitLocker feature in Windows Vista
lets you encrypt data on your hard drive to protect it in the event of physical theft. But
BitLocker offers a few unique twists.
_ First, BitLocker is full-disk encryption, not per-file encryption. If you enable
BitLocker, it will encrypt the entire hard disk on which Windows Vista resides,
and all future files that are added to that drive are silently encrypted as well.
_ Second, BitLocker protects vital Windows system files during bootup: If
BitLocker discovers a security risk, such as a change to the BIOS or any startup
files (which might indicate that the hard drive was stolen and placed in a different
machine), it will lock the system until you enter your BitLocker recovery key
or password (discussed shortly).
_ Third, BitLocker works in conjunction with new Trusted Platform Module (TPM)
security hardware in some modern PCs to provide a more secure solution than is
possible with a software-only encryption routine. BitLocker may not be theoretically
impregnable, but in the real world the chances are that no hacker will ever
defeat a BitLocker-protected PC.
IgNiTeD SoUL 