#1 By: Chris Hoffman, October 12th, 2013 06:40
Originally published at: http://www.howtogeek.com/173592/windows-8.1-will-start-encrypting-hard-drives-by-default-everything-you-need-to-know/
Windows 8.1 will automatically encrypt the storage on modern Windows PCs. This will help protect your files in case someone steals your laptop and tries to get at them, but has important ramifications for data recovery.
#2 By: Alejandro Roger Ull, October 12th, 2013 07:21
I find this info really important, specially from the file recovery perspective. I'll have to think about this to decide if it's good or not and how to handle this for the people I help using their computer. I have a question though... What would you have to do if Windows does not boot?
Thanks for this update.
#3 By: Andrew, October 12th, 2013 08:32
I was thinking about that too, and I would think that that is why Microsoft is going to start encouraging Skydrive even more.
#4 By: Bill Harder, October 12th, 2013 09:46
I find this quite disturbing. I am wondering if the tin foil hat crowd hasn't been right all along. The Men in Black are not quirky clones of Tommy Lee Jones and Will Smith but much more like the shadowy ones from The X-Files, only more so.
Mandated full disk encryption, like the gadget phones and and phablets, seems to me to be another challenge to the black hat hackers. They will rise to this and defeat it, just as it ever was. Malware will be developed to run in the user space that uploads the desired info to the back end servers, just as it ever was. Browser and HTML exploits will steal all needed info and subvert the OS, just as it ever was. Users will grant system wide privileges to dubious software allowing every bit and byte of the system to be read, copied, spindled and folded, just as it ever was.
I really don't see this as a solution to anything other than allowing full access to the 3 letter acronym government agencies who don't need it. The downside of lost data due to corruption and/or lost and/or forgotten passwords seems a rather large danger in this. Anyone who has ever had a log in problem knows exactly what I am talking about. Anyone who has had an archive corrupt knows what I am talking about. The idea of enabling full disk encryption by default for EVERY one by default is just asking for trouble. The final reason to never use Windows 8, in any incarnation.
#5 By: Katie Reese, October 12th, 2013 10:54
I find the implementation of SkyDrive and now Encryption Keys on Microsoft Servers very problematic as long as there are no fixed laws protecting users and their privacy. As it is, government agencies technically can access even your data on SkyDrive, Dropbox, etc. So the idea that sensitive data would be secure on an encrypted harddrive for example is an illusion if governments and authorities can still access your recovery keys on cloud drives.
Don't know, especially since the entire NSA spy affair, and the unwillingness of governments to pass laws to protect the privacy of citizens, cloud drives have become a huge no-no for me. And the implementation of cloud drives into systems to the point where systems don't work anymore without a server account and password kinda worries me in that light.
I can see the advantages of the technology, but as long as governments and intelligence agencies are allowed to free reign over our data, there's no chance I'll be using it.
#6 By: Mike L, October 12th, 2013 10:54
Naw, actually the loony-left was wrong all along. They're just starting to realize that. But I do agree with you about Windows 8.
#7 By: Bilal Qadir, October 12th, 2013 11:18
Features after features of which very few consumers really asked for. Thanks MS for providing/ imposing it FREE in this age of no-free-lunch. I have stopped wondering why?
#8 By: Hector_Javier_Roman, October 12th, 2013 13:13
What about a computer that have multiple and different kind of profiles (local, Microsoft and domain)? The encryption is by folders, volumes, partitions or physical device? What about external (USB, ESATA) hard drives? The data recovery tools (in case of a hard drive malfunction) will work?
#9 By: Sebastian., October 12th, 2013 13:14
While this has of course some benefits, I fear that this will become a problem for a lot of end users. Especially the less tech savvy ones. Think malware messing up Windows rendering the pc inaccessible. User never configured the Microsoft account’s security settings properly. Boom. Problem. No live cd usable. Slaving the drive won't help either. Nothing will. A lot of end users tend to skip this kind of stuff. It doesn't seem important to them. That or it is to complicated. I can think of plenty other ways how this could go sour. And it does this to ALL internal drives! OMG
I think the chances that your computer gets stolen are way smaller than malware messing up your system or even worse, hijacking it. IMO drive encryption should be turned off by default. Not on.
Just my 2 cents.
Good article by the way
#10 By: Jeff Burns, October 12th, 2013 13:38
Wake up home users! Microsoft has just guaranteed that large numbers of you will lose your family pictures, music files and all those documents you care about. Way to go, Microsoft!
I do support for people in their homes. I can guarantee you that no matter how many times you tell the general public that they need to be backed up, the majority of them DON'T. I get calls like this all the time. "I can't boot my computer. Can you recover my files?" "Are you backed up? "I think so." "When did you last back up?" "Let's see ... I think last year sometime." And those are the good ones. More often I get a much shorter answer, "No".
Home users often can't even tell you their sign-on password. On my first call to a new customer, I have learned to give them a free spiral bound blue notebook in which I write down every password, code, SSID, and critical configuration information I can find. A year later, I end up asking, "Where's your blue book?" when they can't remember any of this.
And Microsoft pretends to think that home users will be organized enough to save this absolutely essential encryption information? Right. Microsoft is nuts.
#11 By: Naman Sood, October 12th, 2013 13:39
Microsoft is assuming we all have 12-inch tablets. Apparently the idea of a larger, will-be-noticed-immidiately-if-stolen 15-inch laptop or (cue MS shuddering) a desktop is too improbable.
#12 By: Rodney Copeland, October 12th, 2013 16:41
"How to Disable Encryption"
Is this initial setup only, or will this setting un-encrypt a drive that was previously encrypted?
#13 By: Justin Dunn, October 12th, 2013 17:47
There is an error at the end of the article:
they’d be very upset if they lost all thief files because they had to reset their passwords. It’s also an improvement over Windows PCs being completely unprotected by default.
It appears instead of thief it should be their.
Interestingly, it it appears that just switching the i and e positions changes the word.
#14 By: Justin Dunn, October 12th, 2013 18:03
I don't see how this allows full access by government agencies as it this feature just encrypts the local hard drives, the government agencies would still need physical access to the computer to access it's files and now they need the encryption key too.
Windows 8.1 doesn't allow remote access to the local hard drives, something that you could setup with the SkyDrive Desktop client for older versions of Windows.
#15 By: , October 12th, 2013 18:32
Thanks for the warning !!!!
There is NO real need for the feature.
I don't understand why MS keeps Pxxxxx Off Windows 8 Users.
#16 By: Justin Dunn, October 12th, 2013 20:39
I just thought of something, with this encryption being tied to your Microsoft Account login then if you used a simple password that was easy to guess then this wouldn't be as helpful though it would make brute-force methods harder because you would have to use the login screen to to check passwords instead of directly against the password database on the hard drive.
#17 By: Justin Dunn, October 12th, 2013 21:20
#18 By: Lady Fitzgerald, October 12th, 2013 21:55
They're doing a good job of doing the same with Win 7 users.
#19 By: Alejandro Roger Ull, October 13th, 2013 04:48
Yeah, but all of those were laptops from companies and their employees (except Prince Charles ). Companies should have their laptops encrypted. Where I work, they lost a few laptops before making full disk encryption mandatory. Also, companies typically have a lot of backups to restore their files if the encryption key is lost, so that's not a problem there.
But this is different. Home users probably don't need this, and in case the computer does not boot or has any problem, they usually don't have backups of their important files. Also, with the keys stored in the cloud there's the problem of privacy and, what I think is most important, security. As it has been said, most people don't worry about password recovery methods offered by Microsoft, Google and others. Security questions, for instance, are either easy to guess or completely forgettable. E-mail accounts are hacked everyday. I've seen a lot of people giving their e-mail address and password to obscure websites, with the subsequent spam messages from their e-mail accounts to their contacts. And so on.
And what to say about desktop computers...
#20 By: Justin Dunn, October 13th, 2013 09:08
Yeah, I agree. There do some to be some issues with this idea.
I don't use disk encryption myself for recovery reasons. If a hard drive is failing and you need to get data from or you lose the encryption key then your data is just gone.
I think Microsoft should have a setup screen that asks if users want the encryption turned listing the advantages and disadvantages of it.
Sadly, I don't think they will. Windows 8 and 8.1 don't even ask what you time zone you are in when setting up the computer.
Microsoft seems to have decided against letting users decide on features they want to use by default or even use at all.
I've found that in the Windows 8.1 setup, while it lets you decide to not save files to SkyDrive by default if you select custom, they is no way to turn SkyDrive off (in setup or afterwords).
next page →