Laptop Security?

Discussion in 'Windows OS and Software' started by Drew1, Aug 22, 2017.

  1. kokies

    kokies Notebook Guru

    Reputations:
    2
    Messages:
    52
    Likes Received:
    3
    Trophy Points:
    16
    Well when I tried to Bitlocker my C drive it has TPM. And my fault I got mixed up on the password. Therefore I had to reformat and restore from disk image. However the drive even after reformat does not work properly bsod and in the end I had to replace the drive. It was an m2 nvme 512gb drive. I guess it's the TPM but can't be sure until today.
     
  2. kokies

    kokies Notebook Guru

    Reputations:
    2
    Messages:
    52
    Likes Received:
    3
    Trophy Points:
    16
    I think you totally hit the right spots !!! It's those passwords that I'm concerned on and they are all in C. I'm outside now & can't elaborate much but you read my mind.
     
  3. 6730b

    6730b Notebook Evangelist

    Reputations:
    142
    Messages:
    375
    Likes Received:
    327
    Trophy Points:
    76
    Yes the bios pw is just a basic against some tampering, not security.

    The important bit in "bios password + bios hd password" was about the hd, no known instances of that ever being compromised (afaik) in products from HP, Lenovo, Dell etc.
     
    t456 likes this.
  4. kokies

    kokies Notebook Guru

    Reputations:
    2
    Messages:
    52
    Likes Received:
    3
    Trophy Points:
    16
    agree, learned something here, those banking, emails, etc passwords are what i think i would like to secure. For the data i do have a lot but i don't think they will be valuable, i have loads of back up on data so it is not a real concern when it is stolen.
     
  5. kokies

    kokies Notebook Guru

    Reputations:
    2
    Messages:
    52
    Likes Received:
    3
    Trophy Points:
    16
    OK I think it is encouraged to have Bitlocker and this is what I ran into today. I have upgraded to Creators windows 10 and in the TPM console I cannot see the TPM management anymore, the error is 'cannot load management console, exception hresult 0x80090030'. I was thinking had I Bitlocked with TPM of my C drive I would have locked myself out from my laptop. This is what I meant by disastrous, this is for both the Dell Precisions.
    Perhaps should post this at the Precision forum and see if anyone is having this issue.
     
  6. 6730b

    6730b Notebook Evangelist

    Reputations:
    142
    Messages:
    375
    Likes Received:
    327
    Trophy Points:
    76
    ^^^ Sorry for your problems, and cannot provide any useful info for your particular setup.

    Am only providing basic info what works here, what I experience is a good routine for my situation \ laptops. May give someone som useful hints or ideas to adapt.

    Example from Dell 7440:

    - Bios hd (ssd) password. Not encryption, but AFAIK one would need to remove the platters from the hd and place them into another hd body to try to read content. About ssd, probably de-solder the memory chips or something like that lol (don't know). Anyway, not work for the average thieve, and a first line of defense.

    - Disk 1 (a 250 msata) partitioned into C & D. The bitlocked D is where everything sensible\personal\important goes. See attachment.

    - In addition, some specific files encrypted (axcrypt) and saved on bitlocker partition. That should give anyone trying anything some real headaches :O)

    The whole thing (reflect images + individual folders) regularly backed up to cloud + external hd (bitlocked), that's the remedy against eventual loss, theft, virus, hardware failure, ransomware, personal error etc.

    Using decent passwords (a dozen+ characters) easy to remember but very difficult to guess + written copy hidden "in the attic" just in case age and chemicals takes away (more of) memory :O)

    Good luck.
     

    Attached Files:

    • dr.PNG
      dr.PNG
      File size:
      18.3 KB
      Views:
      16
    Last edited: Aug 28, 2017
    t456 likes this.
  7. ArazelEternal

    ArazelEternal Notebook Enthusiast

    Reputations:
    5
    Messages:
    42
    Likes Received:
    16
    Trophy Points:
    16
    I understand the concept of encrypting only the files that are sensitive and important, but I just encrypt everything. Never had an issue with my current machine. Been through a BIOS update, multiple OS updates, never had any issues show up. Bitlocker doesnt seem to effect performance at all and in my opinion, it just makes it easier. Encrypting individual files requires doing it manually, and if one of those files is updated, it requires remembering to encrypt the file once again after its modified. With Bitlocker, encryption happens transparently. The biggest thing is making sure the Bitlocker keys are backed up in case of an issue.
     
    Jarhead likes this.
  8. t456

    t456 1977-09-05, 12:56:00 UTC Moderator

    Reputations:
    1,022
    Messages:
    2,062
    Likes Received:
    1,242
    Trophy Points:
    181
    Yes, did exactly that on a 'dead' ssd. Worked nicely to recover the data, but if it had been encrypted with an unknown password it'd been a different story.

    Also recovered data from spinnies that had defective controller boards. However, that needs transplanting the firmware chip as well, so would guess that also takes the hd password along with it (unless that's a bios option?). Yet, that wouldn't be hard to tackle. Just read out stock fw, set password, read again and do a hex compare. Then read the target drive's fw, set the same location to all FF and write back.

    So if drive passwords work without encrypting the data itself then these provide token security only.

    The rest of your security+backup schedule looks great though, very nice :vbsmile: .
     
    6730b likes this.
  9. kokies

    kokies Notebook Guru

    Reputations:
    2
    Messages:
    52
    Likes Received:
    3
    Trophy Points:
    16
    hey no problem, lots of insight reading your posts. :))
    I am contacting Windows for support, I have Assure(subscription for Windows remote access) but they are saying this is Pro support level in which I have to pay GBP99 for this !?
    Anyone here have any suggestions is greatly appreciated
     
    6730b likes this.
Loading...

Share This Page