imnuts' Blog
Random stuff from my mind…

Really Securing your Data with BitLocker

Since we are supposed to be looking for bugs in the various new features of Vista, I figured that I’d give BitLocker a shot again. I tried using it in a previous build when it wasn’t really working yet, and it didn’t work out for me as nothing happened. I also tried it out a little later, but since I had one drive and one partition, it would not allow me to encrypt the data since it would have no place to put boot files. So, until recently, I hadn’t really done much with Vista and BitLocker.

For a background of what BitLocker is, for anyone who may not know, it is encryption for your drive. While XP Pro had encryption, it was meant for small scale applications, such as encrypting a single file or folder to prevent others from reading it or accessing it. Windows Vista still has this encryption feature as well, but BitLocker is basically it’s bigger brother so to speak. BitLocker is full hard drive encryption, securing everything on the encrypted partition. While this probably isn’t really necessary for home users, it will likely be a good thing in some business environments for computers that contain personal information that shouldn’t really be out in the public. To keep things secure, you store the encryption key on a removeable device, such as a USB drive or floppy disk and just insert that to boot the system so that it can decrypt the drive and unlock it for use. To safe gaurd the key so that you have at least a backup just in case, you have several options for backup copies during the process of enabling BitLocker.

So, on to the setup of BitLocker. It is really a fairly simple process to do. You go into the Control Panel and then to Security, where BitLocker lies, since it is a security feature. Then, you can just follow the wizard and enable BitLocker. A note is that it will need a partition on the drive you are booting from to put the boot files on since you can’t access boot files on the encrypted drive as it unlocks the drive after selecting the operating system you will be booting into. Then, just save the encryption key to a removeable device, and then back it up to an appropriate location, or several locations if you wish, and restart. In the process of restarting, BitLocker will start to encrypt the drive. This is all well and good, and really expected by the user.

You may be wondering what is wrong then. Well the problem is that as soon as you restart, the system becomes extremely slow. I sort of expected it would slow down some, I mean the entire drive is encrypted and would have to be unencrypted before everything was back up to speed. There is more than just a small slow down though, the system is basically slowed to the point of being unusable. In the process of encrypting, next to nothing was responsive and several times, Explorer and other running programs would freeze. It took about 3 times longer to boot after BitLocker was first enabled before the drive was actually secured. Applications would take forever to load and pretty much nothing worked. Luckily, I started this up just before going to bed, so it stayed on overnight. In the morning, I awoke to find that the system was still extremely slow and unresponsive to nearly everything.

So, it’s Windows, if things aren’t working, you restart and look again. Big mistake there. Upon rebooting, the system was much slower at starting up than when BitLocker was encrypting the drive. It went through the loading screen normally, so I figured all was well, but boy was I wrong. The loading/boot screen was the only thing that proceded normally. From there, everything else was much slower. The black screen that shows for a short time just after the loading screen stayed up for a good 2-3 minutes, if not longer. Then I got a funny colored screen just before the large orb shows up, and that stayed there for another 2-3 minutes before getting to the start orb. It then goes to the blank screen with the mouse cursor and the build information in the bottom corner and proceded to stay there for a good 5 minutes.

BitLocker is so good that it prevents the user for using their own system, talk about secure. I’m not sure if the system would become responsive eventually after letting it sit for a while, but given the issues that I had before the drive was encrypted with stability and responsiveness and the slowness I was seeing after restarting, I was not about to attempt waiting. There was constant hard drive activity after restarting, so for 10 minutes straight the hard drive light was on as I was waiting to see something, which never happened. Instead, I put the install DVD back into the system, used the reset button and just reinstalled. The really nice thing about BitLocker was then found out, in that it prevents Vista Setup from properly formatting the drive. So I used the advanced option of Format to try and clear the drive and reinstall. That appeared to work, but didn’t and in setup I got sent back to the first screen and had to go through the install sequence again. The nice thing is that you can still delete the partition and recreate it to get things back. So, now back to reinstalling programs again. Luckily I didn’t get to much stuff installed prior to using BitLocker and it was just the downloadable programs installed.
Windows Vista courtesy of Microsoft

No Responses to “Really Securing your Data with BitLocker”

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: