Windows 11 PC Health Check

Started 4 months ago | Discussions thread
abelits
abelits Contributing Member • Posts: 810
Re: Windows 11 PC Health Check
1

AnthonyL wrote:

abelits wrote:

AwkwardSwine wrote:

This was me, AnthonyL - please take care quoting

I had to tell Windows I was the new owner of the drive but other than that and some sharing issues it works.

Are you saying that such a move isn't going to be easy or even possible in the future?

You just need to decrypt the Bitlockered drive before moving it to a new computer. Nothing to do with TPM really.

It will have everything to do with TPM if the reason why the user is moving the drive is that the original motherboard with TPM is broken, compromised, or the user is locked out of it. Then the key is gone.

Can you clarify please? In what circumstances can I or can't I move a drive to another computer?

When the computer's motherboard or CPU is broken, but hard drive survived.

I think, I have said that in the most unambiguous terms already.

What about backed up data copied to a USB drive/NAS?

Yes, backups can be very useful. There are, however, two problems:

1. Usually people don't do them often enough.

2. Sometimes it's important to restore the full environment including OS, as soon as possible, and it happens that there is a spare computer with a matching hardware configuration. Too bad, it's useless because the key was lost with the original one.

Oh, and -- SURPRISE -- backups on USB drives and NAS also can be used to steal or alter users' data and software stored on them by the same hypothetical wrongdoers who rewrite people's computers bootloaders when the owners are asleep. Or, more realistically, by those who exploit vulnerabilities to mess with backed up data while those devices are attached.

As expected, nothing was done recently to improve security of local backups for consumers. No one creates a list of demands to include things like incremental backups, recoverable on the device, or filesystem checkpoints, or even plain old procedure to automatically shut down the device after the backup is done, so the window of vulnerability will be shorter, and the data will more likely survive if, say, ransomware will activate soon after backup is done but while the drive is connected.

The security of many NAS devices is, again, abysmal, everyone can just look at another thread in this forum about an exploit against WD devices. I would be happy to see an "industry standard" that specifies solutions that would be effective against completely real, dangerous and widespread ransomware attacks that would reliably protect NAS and backup devices. However I guess, the best thing I can expect would be "don't use your own NAS, copy your terabytes to the cloud!" And sooner or later someone will have the bright idea to encrypt those cloud backups with a key that is stored only in TPM. Because that's "secure".

 abelits's gear list:abelits's gear list
Fujifilm X-Pro1 Fujifilm X-T2 Fujifilm XF 35mm F1.4 R Fujifilm XF 14mm F2.8 R Fujifilm XF 18-55mm F2.8-4 R LM OIS +16 more
Post (hide subjects) Posted by
MOD Austinian
MOD Austinian
MOD Austinian
MOD Austinian
MOD Austinian
MOD Austinian
MOD Austinian
brn
MOD Austinian
MOD Austinian
MOD Austinian
MOD Austinian
MOD Austinian
MOD Austinian
MOD Austinian
MOD Austinian
MOD Austinian
MOD Austinian
MOD Austinian
Keyboard shortcuts:
FForum PPrevious NNext WNext unread UUpvote SSubscribe RReply QQuote BBookmark MMy threads
Color scheme? Blue / Yellow