Today i took my first steps into the world of Linux by creating a bookable Mint Cinamon USB stick to fuck around on without wiping or portioning my laptop drive.
I realised windows has the biggest vulnerability for the average user.
While booting off of the usb I could access all the data on my laptop without having to input a password.
After some research it appears drives need to be encrypted to prevent this, so how is this not the default case in Windows?
I’m sure there are people aware but for the laymen this is such a massive vulnerability.
Windows does support encrypted drives with Bitlocker, unfortunately Bitlocker’s default settings leave it vulnerable to many different attacks.
Yup. You’ll need to tkinker with Linux too if you want disk encryption. At the very least, set a BIOS password.
so how is this not the default case in Windows?
It actually is now
And people are pissed because they don’t realize, and when they don’t have the key any more, all their data is gone!
The encryption key is stored remotely and can be retrieved through the Microsoft account
That assumes they know which Microsoft account it was attached to, the password, and have another device to access that account and retrieve the recovery key. If they did the setup five years ago, they’ve probably forgotten all that info.
IIRC, this is one of the reasons that Windows 11 requires TPM 2.0, so that the drive can be encrypted using the TPM as the key.
Good practice is putting anything important on an encrypted USB drive (as that stuff usually isn’t very big), and just treating the machine as “kinda insecure”
If you set up a BIOS password, someone at least needs to unscrew your computer to get stuff. But this is generally not setup because people, well, forget their passwords…
While booting off of the usb I could access all the data on my laptop without having to input a password.
This is entirely expected behavior. You didn’t encrypt your drive, so of course that data is available if you sidestep windows login protections. Check out Bitlocker for drive encryption.
deleted by creator
Are you saying the performance hit is from running off an encrypted drive?
deleted by creator
Given that AES instructions have been implemented directly in the CPU since 2008, any performance penalty should be negligible.
Yeh. But also this allowed me to save my files from my dying windows drive while moving to linux, so sometimes giant security holes can be handy.
How old is your laptop? Pretty much every Windows machine I’ve ever owned after a certain year requires you to type in your Bitlocker key, including my first-gen Surface Go from 2018.
Also, you often have to manually set up encryption on most Linux installs as well - I did it for my Thinkpad. I need to do it for my desktop as well - I should probably do a reinstall, but I’m thinking of backing everything up and trying to do it in-place just for fun. On top of that, we can finally transition to btrfs.
Pretty much every Windows machine I’ve ever owned after a certain year requires you to type in your Bitlocker key, including my first-gen Surface Go from 2018.
This is interesting. I had a work computer require this ~4 years ago, but not one of the three since have (personal and different employers.)
I think my laptop is from 2018 so is getting old. It’s an asus predator gaming laptop
Microsoft used to have a division for testing windows on various hardware configurations. They stopped doing that when they could just put different versions of windows on people’s computers and use telemetry to check the differences. This could be an artifact of that.
Most Linux users run fully unencrypted drives as well. Its a vulnerability and a risk but its not a massive threat to the average person.
Idk if the average person is a laptop user but laptop users would definitely place a higher value on disk encryption.
A secure future proof Whenblows 11 is akin to a healthy wealthy fentynal addict.
This is not that big of a deal most of the time, since you are the only person interacting with your computer, but it’s worth remembering when you decide to recycle or donate – you have to securely wipe in that case. Also bear in mind, if you do encrypt your drive, there are now more possibilities for total data loss.
Oh, fun fact: you can change a users windows password inside Linux. Comes in handy for recovery, ie, user forgot their password.
I still remember years ago one time windows fucked itself and god knows why I couldn’t fix it even with USB recovery or stuff like that (long time ago, I don’t remember).
Since I couldn’t boot into recovery mode the easiest way to backup my stuff to a connected external drive was “open notepad from the command line -> use the GUI send to… command to send the files to the external drive -> wait and profit” lol.
By the way, no different for Linux, if you boot off of USB you can mount partitions and access anything if not encrypted and linux windows, encryption is not the default.
Anon discovers computers
Yes, any laptop without an encrypted storage drive will have its data accessible by someone booting from a live USB.
It really is a massive vulnerability, but it’s not well known because so few people even understand the concept of a ‘live USB’ to make it a widespread threat or concern.
So yeah, if you’re ever in possession of a Windows machine that doesn’t have an encrypted disk, you can view the users’ files without knowing their password via a live USB.
It’s also not limited to laptops.
