this post was submitted on 26 Apr 2025
126 points (92.6% liked)

Linux

53615 readers
2321 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
nooter692@lemmy.ml
AgreeableLandscape@lemmy.ml
MarcellusDrum@lemmy.ml
cypherpunks@lemmy.ml
cyclohexane@lemmy.ml
d3Xt3r@lemmy.nz
126
The power of Linux (aussie.zone)
submitted 1 day ago by Aussiemandeus@aussie.zone to c/linux@lemmy.ml
82 comments fedilink hide all child comments
 

Today i took my first steps into the world of Linux by creating a bookable Mint Cinamon USB stick to fuck around on without wiping or portioning my laptop drive.

I realised windows has the biggest vulnerability for the average user.

While booting off of the usb I could access all the data on my laptop without having to input a password.

After some research it appears drives need to be encrypted to prevent this, so how is this not the default case in Windows?

I'm sure there are people aware but for the laymen this is such a massive vulnerability.

(page 2) 32 comments
sorted by: hot top controversial new old
[–] audaxdreik@pawb.social 7 points 1 day ago* (last edited 1 day ago) (1 children)

Yep! They don't teach this stuff because consumer level cyber security is in the absolute pits of despair and moreover, they're trying to do away with what little we have access to. Governments and police agencies like how easy it is to access files.

Personally I don't bother with full disk encryption (FDE) since I don't really have anything private on my main computer. Just a bunch of game files, comics, movies, etc. Anything extremely important such as tax documents, personal data, etc. is honestly very small and I keep in a little Proton Drive folder, <1GB total. I think the best approach is to simply educate yourself and be aware of what's worth protecting and how best to protect that. Just enabling FDE and thinking you're safe ignores all the other avenues that personal data can be stolen.

My current pet conspiracy theory is that FDE with BitLocker isn't even worth it on Windows due to the TPM requirement. Why is that a bad thing? Your system probably has fTPM supported by the BIOS, why not just enable that?

https://techcommunity.microsoft.com/blog/windows-itpro-blog/tpm-2-0-%E2%80%93-a-necessity-for-a-secure-and-future-proof-windows-11/4339066

Integrating with features like Secure Boot and Windows Hello for Business, TPM 2.0 enhances security by ensuring that only verified software is executed and protecting confidential details.

https://ieeexplore.ieee.org/document/5283799 (I don't believe we'll see this EXACT implementation of DRM, I'm just providing an example of TPM being used for DRM and that these ideas have been in consideration since at least 2009).

Now, if I were Microsoft and I wanted to exert an excessive amount of control over your system by making sure you couldn't run any inauthentic or "pirated" software to bring it more inline with the walled garden Apple approach they've been salivating over for the past decade+, you'd first need to ensure you had a good baseline enabled. You know, kind of like the thing you'd do by forcing everyone into an OS upgrade and trashing a lot of old hardware.

It won't be instantaneous, I don't know exactly how or what it's going to look like when they start tightening their grip. Again, this is all speculation, but it's not hard to connect the dots and their behavior over the past couple years does not give them the benefit of the doubt. Microsoft is no longer a company that can be assumed to be acting in the best interest of the average consumer, they're not doing this for your security. They want to know that your computer is a "trusted platform".

EDIT: Further lunatic conspiracy theories: BitLocker is/will be backdoored so Microsoft forcing you into that ecosystem further guarantees they have access to your system. This all stinks to me, like your landlord telling you how you can arrange the furniture in your own apartment.

[–] ReversalHatchery@beehaw.org 3 points 1 day ago (1 children)

they're not doing this for your security. They want to know that your computer is a "trusted platform".

security in terms of Trusted Computing is never about your security, and neither about your trust

EDIT: Further lunatic conspiracy theories: BitLocker is/will be backdoored so Microsoft forcing you into that ecosystem further guarantees they have access to your system. This all stinks to me, like your landlord telling you how you can arrange the furniture in your own apartment.

a backup of your bitlocker key is in your Microsoft account, and normally nowhere else. It's pretty easy for Microsoft to lock you out of your ow computer and data completely, if they wanted. Because you supposedly violated a license, or the terms of use or anything. just sayin', Microsoft already has (and had for a few years now) a scandal about extorting for your personal phone number by locking down your account a few days after registration, until you hand it over. and even there they justify it with a ToS violation, which is just a lie

[–] audaxdreik@pawb.social 3 points 1 day ago (2 children)

For those not in the know, "Trusted Computing" is a very specific THING and maybe not what you'd expect, https://en.wikipedia.org/wiki/Trusted_Computing

TC is controversial as the hardware is not only secured for its owner, but also against its owner, leading opponents of the technology like free software activist Richard Stallman to deride it as "treacherous computing",[3][4] and certain scholarly articles to use scare quotes when referring to the technology.[5][6]

You can pretty much guess where I land.

a backup of your bitlocker key is in your Microsoft account, and normally nowhere else. It’s pretty easy for Microsoft to lock you out of your ow computer and data completely, if they wanted.

You make a good point, I'm missing the forest for the trees. Why even bother theorizing that BitLocker may be compromised when they're removing local accounts for consumers and forcing the key to be uploaded to their servers anyway?

[–] catloaf@lemm.ee 0 points 1 day ago (1 children)

They're not forcing it. You can still create local accounts (though it takes some work) and it doesn't require you to upload any keys. I have bitlocker enabled with a local account and no Microsoft account connection.

[–] ReversalHatchery@beehaw.org 0 points 23 hours ago

they are forcing it. if you are not determined, you won't be able to get an offline account. many are not determined. many don't even realize that it's not for their benefit, even after onedrive starts announcing it daily that their drive is full

load more comments (1 replies)
[–] Mensh123@lemmy.world 2 points 1 day ago

Yup. You'll need to tkinker with Linux too if you want disk encryption. At the very least, set a BIOS password.

[–] whysofurious@lemmy.dbzer0.com 1 points 1 day ago* (last edited 1 day ago)

I still remember years ago one time windows fucked itself and god knows why I couldn't fix it even with USB recovery or stuff like that (long time ago, I don't remember).

Since I couldn't boot into recovery mode the easiest way to backup my stuff to a connected external drive was "open notepad from the command line -> use the GUI send to.. command to send the files to the external drive -> wait and profit" lol.

[–] brucethemoose@lemmy.world 3 points 1 day ago

Good practice is putting anything important on an encrypted USB drive (as that stuff usually isn't very big), and just treating the machine as "kinda insecure"

If you set up a BIOS password, someone at least needs to unscrew your computer to get stuff. But this is generally not setup because people, well, forget their passwords...

[–] Mio@feddit.nu 0 points 1 day ago (2 children)

I think on laptops Windows i trying to encrypt the drives. Maybe online if you are logged in to a Microsoft account for bitlocker to save the encryption key. Encrypting the drives should be your decision to take.

load more comments (2 replies)
[–] softcat@lemmy.ca 1 points 1 day ago (1 children)

Previous versions of Windows only permitted drive encryption in their premium tiers, and it seems like the current one possibly requires a TPM chip for it, so a lot of hardware won't even support it. So basically greed or greed.

For what it's worth it's not always a default with Linux installations either. There's a usually minor performance hit, though I can't say it ever bothered me. Personally I have less fear of bad actors obtaining physical access than I do myself breaking something catastrophically and losing my access, so I don't use it now.

[–] Aussiemandeus@aussie.zone 0 points 1 day ago (1 children)

Are you saying the performance hit is from running off an encrypted drive?

[–] softcat@lemmy.ca 3 points 1 day ago (1 children)

There will be some additional time and resources required to read and write encrypted data, even if minor.

[–] catloaf@lemm.ee 2 points 1 day ago (1 children)

Given that AES instructions have been implemented directly in the CPU since 2008, any performance penalty should be negligible.

[–] softcat@lemmy.ca 1 points 1 day ago

Thank you for the info! I like your username.

load more comments
view more: ‹ prev next ›