Sunday, December 13, 2009

Microsoft Dismisses BitLocker Threat

Microsoft claims recent Internet reports about vulnerabilities in its BitLocker security technology are exaggerated.
"Success comes at a price," wrote Microsoft senior director Paul Cooke, in a blog post Monday. That price, Cooke wrote, includes "greater scrutiny and misinterpretation of some of the technologies. One of those technologies is BitLocker," he said.

BitLocker is a drive encryption system that Microsoft introduced in 2007 with the introduction of Windows Vista. It's also included in some versions of the new Windows 7 operating system, which debuted in October.

Security bloggers, including researchers at Germany's Fraunhofer Institute for Secure Information Technology, in recent days have published reports that PCs and laptops protected with BitLocker could be compromised in certain circumstances.

But Cooke said those circumstances covered scenarios that were highly unlikely to occur in real life.

"This research is similar to other published attacks where the computer owner leaves a computer unattended in a hotel room and anyone with access to the room could tamper with the computer," wrote Cooke.

"This sort of attack poses a relatively low risk to folks who use BitLocker in the real world," he said.

Still, Cooke reminded Windows users that BitLocker is only one element of Microsoft's multi-tiered approach to security.

"Even with the great enhancements made in Windows 7 such as BitLocker To Go, it still remains that BitLocker alone is not a complete security solution," said Cooke.

"IT professionals as well as users must be diligent when protecting IT resources and the best protection against these sorts of targeted attacks requires more than just technology. It requires end user education and physical security also play important roles," Cooke wrote.

No comments:

Post a Comment