Microsoft Dismisses BitLocker Threat - InformationWeek
IoT
IoT
Mobile // Mobile Applications
News
12/8/2009
03:17 PM
50%
50%

Microsoft Dismisses BitLocker Threat

Software maker claims vulnerability exposed by researchers unlikely to occur in "real world."

Microsoft claims recent Internet reports about vulnerabilities in its BitLocker security technology are exaggerated.




Windows 7 screen shot
(Click for larger image and for full photo gallery)

"Success comes at a price," wrote Microsoft senior director Paul Cooke, in a blog post Monday. That price, Cooke wrote, includes "greater scrutiny and misinterpretation of some of the technologies. One of those technologies is BitLocker," he said.

BitLocker is a drive encryption system that Microsoft introduced in 2007 with the introduction of Windows Vista. It's also included in some versions of the new Windows 7 operating system, which debuted in October.

Security bloggers, including researchers at Germany's Fraunhofer Institute for Secure Information Technology, in recent days have published reports that PCs and laptops protected with BitLocker could be compromised in certain circumstances.

But Cooke said those circumstances covered scenarios that were highly unlikely to occur in real life.

"This research is similar to other published attacks where the computer owner leaves a computer unattended in a hotel room and anyone with access to the room could tamper with the computer," wrote Cooke.

"This sort of attack poses a relatively low risk to folks who use BitLocker in the real world," he said.

Still, Cooke reminded Windows users that BitLocker is only one element of Microsoft's multi-tiered approach to security.

"Even with the great enhancements made in Windows 7 such as BitLocker To Go, it still remains that BitLocker alone is not a complete security solution," said Cooke.

"IT professionals as well as users must be diligent when protecting IT resources and the best protection against these sorts of targeted attacks requires more than just technology. It requires end user education and physical security also play important roles," Cooke wrote.


InformationWeek has published an indepth report on Windows 7. Download the report here (registration required).

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
IT Success = Storage & Data Center Performance
Balancing legacy infrastructure with emerging technologies requires laying a solid foundation that delivers flexibility, scalability, and efficiency. Learn what the most pressing issues are, how to incorporate advances like software-defined storage, and strategies for streamlining the data center.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of November 6, 2016. We'll be talking with the InformationWeek.com editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll