Today i took my first steps into the world of Linux by creating a bookable Mint Cinamon USB stick to fuck around on without wiping or portioning my laptop drive.
I realised windows has the biggest vulnerability for the average user.
While booting off of the usb I could access all the data on my laptop without having to input a password.
After some research it appears drives need to be encrypted to prevent this, so how is this not the default case in Windows?
I’m sure there are people aware but for the laymen this is such a massive vulnerability.
I’m happy that you’re on a journey of discovery. This is not an insult. The word is partition. Someone corrected me on the spelling of something last night. We all make mistakes.
(especially with reference to a country with separate areas of government) the action or state of dividing or being divided into parts.
bookable Mint Cinamon USB stick
Does book still mean cool?
It’s the same situation with Linux just a simple login only has very basic protection you need to encrypt your disk if you want to make sure no one can read it.
This is a case where Windows-bashing is hypocritical. Almost no Linux distro has disk encryption turned on by default (PopOS being the major exception).
It’s dumb and inexcusable IMO. Whatever the out-of-touch techies around here seem to think, normies do not have lumbering desktop computers any more. They have have mobile devices - at best laptops, mostly not even that.
If an unencrypted computer is now unacceptable on Android, then it should be on Linux too. No excuses.
Almost no Linux distro has disk encryption turned on by default (PopOS being the major exception).
it’s usually an option in the guided disk partition
If an unencrypted computer is now unacceptable on Android, then it should be on Linux too. No excuses.
Linux is about choice, not whatever someone else thinks it’s acceptable
I always turn on LUKS during install. The only exceptions are when I’m doing tests of different distros on my machine that I lovingly call “FuckAround”.
It really is the best way to find out.
I think on laptops Windows i trying to encrypt the drives. Maybe online if you are logged in to a Microsoft account for bitlocker to save the encryption key. Encrypting the drives should be your decision to take.
Yes, my sister bought a laptop it had windows and bitlocker installed.
She doesn’t know what any of those things are nor does she have an encryption key.
So she was not able to resize her partition to try to dual boot linux - she’d have to totally kill windows (which I suggested, of course, but you know. . . ).
It stops her doing what she wants because she was given something she doesn’t understand by people who didn’t explain it. At least she is “safe” though according to someone else’s definition. I guess coud’ve just said “Basically, microsoft” for short.
Microsoft makes all the decisions for you.
Try using a virtual machine before doing a full switch
Yup. You’ll need to tkinker with Linux too if you want disk encryption. At the very least, set a BIOS password.
Windows does support encrypted drives with Bitlocker, unfortunately Bitlocker’s default settings leave it vulnerable to many different attacks.
Anon discovers computers
I still remember years ago one time windows fucked itself and god knows why I couldn’t fix it even with USB recovery or stuff like that (long time ago, I don’t remember).
Since I couldn’t boot into recovery mode the easiest way to backup my stuff to a connected external drive was “open notepad from the command line -> use the GUI send to… command to send the files to the external drive -> wait and profit” lol.
By the way, no different for Linux, if you boot off of USB you can mount partitions and access anything if not encrypted and linux windows, encryption is not the default.
A secure future proof Whenblows 11 is akin to a healthy wealthy fentynal addict.
How old is your laptop? Pretty much every Windows machine I’ve ever owned after a certain year requires you to type in your Bitlocker key, including my first-gen Surface Go from 2018.
Also, you often have to manually set up encryption on most Linux installs as well - I did it for my Thinkpad. I need to do it for my desktop as well - I should probably do a reinstall, but I’m thinking of backing everything up and trying to do it in-place just for fun. On top of that, we can finally transition to btrfs.
I think my laptop is from 2018 so is getting old. It’s an asus predator gaming laptop
Microsoft used to have a division for testing windows on various hardware configurations. They stopped doing that when they could just put different versions of windows on people’s computers and use telemetry to check the differences. This could be an artifact of that.
Pretty much every Windows machine I’ve ever owned after a certain year requires you to type in your Bitlocker key, including my first-gen Surface Go from 2018.
This is interesting. I had a work computer require this ~4 years ago, but not one of the three since have (personal and different employers.)
While booting off of the usb I could access all the data on my laptop without having to input a password.
This is entirely expected behavior. You didn’t encrypt your drive, so of course that data is available if you sidestep windows login protections. Check out Bitlocker for drive encryption.
Yeh. But also this allowed me to save my files from my dying windows drive while moving to linux, so sometimes giant security holes can be handy.
I thought BitLocker was enabled by default on Windows 11, which is a terrible idea imo. Full disk encryption by default makes sense in professional settings, but not for the average users who have no clue that they’ll lose all their data if they lose the key. If I had a penny for every Windows user who didn’t understand the BitLocker message and saved the key on their encrypted drive, I’d have a lot of pennies. At the very least it should be prompted to give the user a choice.
This is true - it is enabled by default in win11. I disagree with you it being a terrible idea - imagine all the sentistive data people put on their hard drives - would they want to to fall in the wrong hands if they lose their computer? Or if their hard drives fails so they can do a secure wipe?
I’m not a fan of Microsoft, but they did solve the key issue in the enterprise setting by storing the key in they entrance identity. Same should be done for home consumers, since having a Microsoft account is being shoved in everyone’s throat anyway…
Yeah, should be noted that bitlocker is only default enabled if you set windows up with a Microsoft account, since it then saves the recovery info on that account “in the cloud”.
If you set it up with a local account, you still need to enable it manually, so that you can save the recovery info somewhere else.
Windows does not let you save the key to the drive being encrypted. (Unless you access it via SMB share, which I’ve done a number of times during setup before moving it off.)
You mean it prevents people from writing the key on a piece of paper when they get the BitLocker message, then copy it on a text file once their session is running and throw the paper away or lose it later ?
