14 DAY TRIAL // Microsoft extensive overhauling of the security architecture in Windows Vista extends outside of the scope of traditional anti-malware technologies to ensuring data integrity and protection. This is where the Vista BitLocker technology comes into play, for the Enterprise and Ultimate editions of the operating system. And although BitLocker is intimately connected with the Trusted Platform Module, the fact of the matter is that users will be able to encrypt their data even in the absence of the TPM.
"BitLocker Drive Encryption is a new security feature integrated into the Windows Vista operating system that provides considerable protection to the OS and data stored on the operating system volume. BitLocker ensures that data stored on a computer running Windows Vista remains encrypted even if the computer is tampered with when the operating system is not running. This helps protect against "offline attacks" -- those made by disabling or circumventing the installed operating system, or by physically removing the hard drive to attack the data separately. In other words, attacks made when the system is not running," revealed Nick White, Microsoft Product Manager.
Essentially, BitLocker is designed to encrypt all the contents of your hard drive. The technology will protect the data, the installed applications and even the code of the operating system from being accessed by unauthorized users. The connection between BitLocker and a TPM 1.2 chip is limited to the functionality of the system integrity checking. No trusted Platform Module equals no system integrity check.
"BitLocker is designed for systems that have a compatible TPM microchip and BIOS. (A compatible TPM is defined as a version 1.2 TPM.) A compatible BIOS must support the TPM and the Static Root of Trust Measurement as defined by the Trusted Computing Group. When available, BitLocker uses a system's Trusted Platform Module (TPM) to provide enhanced protection for your data and to assure early boot component integrity. The chip performs a system integrity check -- a process that verifies your computer system has not been tampered with -- before unlocking your drive and allowing access to the data stored on it. This helps protect data from theft or unauthorized viewing by encrypting the entire Windows volume," White added.