Windows 11 Pro's On-By-Default Encryption Slows SSDs Up To 45% 120
An anonymous reader shares a Tom's Hardware report: Unfortunately, a default setting in Windows 11 Pro, having its software BitLocker encryption enabled, robs as much as 45 percent of the speed from your SSD as it forces your processor to encrypt and decrypt everything. According to our tests, random writes and reads -- which affect the overall performance of your PC -- get hurt the most, but even large sequential transfers are affected.
While many SSDs come with hardware-based encryption, which does all the processing directly on the drive, Windows 11 Pro force-enables the software version of BitLocker during installation, without providing a clear way to opt out. (You can circumvent this with tools like Rufus, if you want, though that's obviously not an official solution as it allows users to bypass the Microsoft's intent.) If you bought a prebuilt PC with Windows 11 Pro, there's a good chance software BitLocker is enabled on it right now. Windows 11 Home doesn't support BitLocker so you won't have encryption enabled there.
To find out just how much software BitLocker impacts performance, we ran a series of tests with three scenarios: unencrypted (no BitLocker), software BitLocker (the Windows 11 Pro default), and with hardware BitLocker (OPAL) enabled. While the software encryption increased latency and decreased transfer rates, hardware encryption and no encryption at all were basically tied. If you have software BitLocker enabled, you may want to change your settings.
While many SSDs come with hardware-based encryption, which does all the processing directly on the drive, Windows 11 Pro force-enables the software version of BitLocker during installation, without providing a clear way to opt out. (You can circumvent this with tools like Rufus, if you want, though that's obviously not an official solution as it allows users to bypass the Microsoft's intent.) If you bought a prebuilt PC with Windows 11 Pro, there's a good chance software BitLocker is enabled on it right now. Windows 11 Home doesn't support BitLocker so you won't have encryption enabled there.
To find out just how much software BitLocker impacts performance, we ran a series of tests with three scenarios: unencrypted (no BitLocker), software BitLocker (the Windows 11 Pro default), and with hardware BitLocker (OPAL) enabled. While the software encryption increased latency and decreased transfer rates, hardware encryption and no encryption at all were basically tied. If you have software BitLocker enabled, you may want to change your settings.
Is it worthwhile? (Score:2, Interesting)
Re:Is it worthwhile? (Score:4, Insightful)
Is there anything on your computer that you would like to protect from an evil maid or equivalent attacker? Browser history, website login details, personal pictures, bank account statements? Having TPM-linked encryption at least makes it possible to keep those details from someone with moderate resources trying to break your privacy. Storing that data in plaintext exposes it. Storing your system executables without at least one of encryption or cryptographic MAC allows your computer to be backdoored.
Re:Is it worthwhile? (Score:5, Insightful)
The thing about that is most of the time I'm the one who needs to perform an evil maid attack, often on my own hardware. I need to be able to swap hard drives, recover data, etc. This makes that impossible. If a person somehow gets windows all screwed up so it won't boot or hardly runs (which never happens, oh no), there's no way to get the data off the drive the way we've been doing for decades. Sure you can berate them for not doing backups. But that doesn't help things. I guess MS expects everyone to pay for OneDrive.
Re: (Score:1)
Also if you want to upgrade your hardware and put the drive in the new machine, you can't, since it was locked to the old machine's TPM and there's no way to transfer the keys. So just plan to format the drive if you do a mainboard update.
Re:Is it worthwhile? (Score:4, Informative)
Five seconds on Google [microsoft.com]
You're welcome.
Re: (Score:2)
Yup, as long as you can boot windows. If you need to use a Linux LiveCD to rescue a Windows machine, you're out of luck.
Re:Is it worthwhile? (Score:4, Informative)
You can read/mount/do anything bitlocker in Linux with dislocker https://packages.debian.org/si... [debian.org] (it says Vista to Windows 10, there's nothing special with 11 beside not being in the description). I think one of the UIs (Ubuntu?) was even offering it to do it in the GUI (mount disk directly asking for key) when you click the disk icon.
Not that the installers need work and certainly it would be good to offer all options clearly, sure. See the recent post where Ubuntu ISO with the new fancy installer was pulled (for some other reasons), one of the fancy new features zfs encryption with TPM. Guess what, they took out the option to do zfs encryption with passphrase (or, with anything if you don't have TPM) which was present in the classic install. But the classic install (for the very same version) doesn't offer TPM. Crazy house.
Re: (Score:2)
Also if you want to upgrade your hardware and put the drive in the new machine, you can't, since it was locked to the old machine's TPM and there's no way to transfer the keys. So just plan to format the drive if you do a mainboard update.
How to prove to the world that you don't know what you're talking about. When enabling bitlocker you're given an option to back the key up including to your MS account. When you put the drive in another machine and try to open it you're asked for the key which you can retrieve the backup of from your MS account.
Re: (Score:3)
Isn't the point of this article that bitlocker isn't optional in Windows 11? And if you don't like MS snooping on you and don't want to use your MS account to log in, you're out of luck. I'm sure you can add the account later and do a backup.
Re: (Score:2)
At this point you're just playing dumb/trolling. You have the OPTION to save your key to a Microsoft account. You can also print it out, save to a small text file, whatever. Note that it'll be nearly impossible for the regular consumer to opt out from having a Microsoft account with Windows 11, without any relationship with the machine having or not bitlocker, or with the option to save your key in other way(s), including just writing it on a paper or something.
Re: Is it worthwhile? (Score:2)
Formatting an old drive before putting it in another computer - my god, the horror!
Are you serious? Do you simply refuse to perform a backup on your data or even do a fresh OS install on new hardware?
Back up the Bitlocker key to the cloud (Score:1)
Bitlocker lets you back up your Bitlocker key to your Microsoft account.
There are obvious downsides to this - Microsoft is no immune from being hacked - but it is an option.
Corporate/Enterprise admins can automatically back up client-machine Bitlocker keys.
Re: Is it worthwhile? (Score:2)
That's horse shit.
You can ask windows for the recovery key and use that to mount the disk in any other computer. Source: I mount the Windows BL partition on the Linux dual boot just fine without using the TPM to unseal it.
The default that MS forces on people (most people don't know better) is to back up the recovery key to their MS account, so you can usually ask there too
Just because you refuse to understand the technology doesn't mean it's bad.
Re: Is it worthwhile? (Score:2)
Note that it is possible for the key never to be held. If you don't sign into a work domain nor do you have a Microsoft account, it will lose the key.
That said, Microsoft is very aggressive about seizing any chance to stick a recovery key into some account or another. I have however seen folks manage to have their drive forever lost for lack of an account with a recovery key.
Re: (Score:1)
I think my work is paying for OneDrive but I refuse to use it. I tried it once (I have a work-issued MacBook Pro) and it choked on Unix-type file names. That made it worthless. I disabled it and will intentionally never use it again. What a waste!
Re: (Score:2)
You're not locked out of any data until you lose the decryption key, which is stored far out of reach of Windows and the user, if someone competent set it up.
Re: (Score:2)
In the past I've occasionally sent mostly-dead disks to data recovery places if I really really needed something back.
Is this security from outsiders really worth giving up on the potential for that?
Re: (Score:1)
In the past I've occasionally sent mostly-dead disks to data recovery places if I really really needed something back.
Is this security from outsiders really worth giving up on the potential for that?
Like all things in life, it literally depends entirely on what the data is and what the computer is used for.
If you keep your data on a single drive without backups, needing to utilize recovery services, then disk encryption is not suitable to your use case.
My main PC has my browser cache and some credentials to my NAS on it. Nothing I would need recovered, but not stuff I want others to have access to.
I'm sure I do have some copies of projects on it I might not want others to have, but completely recovera
Re: (Score:2)
Personally my laptop is nothing more than a VPN client and remote access to my main desktop.
Probably don't need disk encryption there as it has nothing on it.
Encryption is still useful to help protect Integrity of the client OS instance - that is the media being encrypted helps establish that nobody used physical access to tamper with files on the device and Installed a keylogger program to capture VPN credentials while you weren't at the machine.
Re: (Score:2)
Sure there are people that need to worry about that. That they industrial espionage or get state actors after them.
But for normal people? They are not interesting enough for an attack like that.
If you work for a company like ASML, work with government secrets, are a spy, etc, sure.
Re:Is it worthwhile? (Score:4, Informative)
Even if you are a business is bitlocker really that necessary?
Yes. You may lose the machine to theft, but the data is secure. I was involved in a case where a machine was found tossed in a park in a city because the thief couldn't get into it. Why they didn't just remove the drive and install a new one I don't know, but the encryption did its job.
This assumes the machine wasn't stolen while the user was logged in [theguardian.com]. In that case, everything is fair game.
Re:Is it worthwhile? (Score:4, Insightful)
I was involved in a case where a machine was found tossed in a park in a city because the thief couldn't get into it. Why they didn't just remove the drive and install a new one I don't know, but the encryption did its job.
Probably because the thief lacked the technical skills to swap a drive and just saw it as something they could sell to a fence for some crack money. Chances are if you're a criminal with enough computer savvy to profit from ID theft schemes, you're also probably smart enough to realize breaking and entering and physically stealing computers involves too much risk to life and limb.
Certainly, businesses might have machines where the risk is worth the reward to a criminal, but the average home user's PC they're likely to just score a hard drive full of furry porn.
Re: (Score:2)
Probably because the thief lacked the technical skills to swap a drive
There's a tendency for nerds to notice all the potential holes and then conclude something is useless. Most people, most time will be subject to low effort, low skill crime. Criminals are like everyone else: most of them are average at best at their jobs.
Certainly, businesses might have machines where the risk is worth the reward to a criminal, but the average home user's PC they're likely to just score a hard drive full of furry porn.
Mo
Re: (Score:2)
I was involved in a case where a machine was found tossed in a park in a city because the thief couldn't get into it. Why they didn't just remove the drive and install a new one I don't know, but the encryption did its job.
You don't need drive encryption to keep a thief from booting your computer. You can just configure the BIOS to require a password or fingerprint scan at power on. Doesn't prevent installing the drive in another computer, but I think most thieves are looking for a useable computer, not for information stored on your drive.
Re:Is it worthwhile? (Score:4, Informative)
Yes. My personal PC has my tax returns. Whole bunch of other sensitive/confidential information too, won't list it all, and really, does the question need to be asked? I feel like it wouldn't be if the discussion was VeraCrypt or LUKS, but we're here talking about a M$ product, so, different rules. The business use case, again, yes, and very probably mandated by your cyber insurer to get the best rates.
Kind of questioning TFA's methodology here but on my phone and not in a position to do my own testing. When I've tested FDE implementations, to include LUKS, VeraCrypt, Bitlocker, and FileVault, I haven’t seen appreciable performance hits, and some of my testing occurred on older CPUs that omit the AES Instruction Set.
Re: (Score:2)
Yes. My personal PC has my tax returns. Whole bunch of other sensitive/confidential information too, won't list it all, and really, does the question need to be asked? I feel like it wouldn't be if the discussion was VeraCrypt or LUKS, but we're here talking about a M$ product, so, different rules.
Sure, but, that said, you could simply use a utility, like AxCrypt, etc... to just encrypt your sensitive files. I'm sure not everything on the system needs to be encrypted, at least from a sensitively standpoint.
Re: (Score:1)
I'm sure not everything on the system needs to be encrypted, at least from a sensitively standpoint.
I assume you're aware of the memory paging [wikipedia.org] concept? Do you know enough about the internals of your OS'es memory management to say with certainty that no confidential information will be swapped out? In the worst case, that might include the encryption keys for your encrypted files/volume.
Remember too that every OS leaks a non-trivial amount of data to its system volume. Might be as silly as a recently opened list of files but that right there can be damning, imagine one of them is "Terrorist Attack Plan
Re: (Score:2)
I assume you're aware of the memory paging concept?
Yes. My BSCS specialization was in systems software and operating systems.
Do you know enough about the internals of your OS'es memory management to say with certainty that no confidential information will be swapped out?
Yes, or at least I'm aware of the capabilities and limitations. Windows, for example, has a setting to clear the swap space on shutdown. Noting that it makes shutting down the system take *much* longer...
At my former job, at a *large* defense contractor, one of my projects was the automated, unattended installation (OS and all software), configuration and lock down of Windows, Solaris and Linux systems from bare metal to ready to
Re: (Score:2)
Re: (Score:2)
Indeed.
I now routinely install all new builds with LUKS because why not? It's safe by default. On the off chance I'm doing something really really really performance sensitive with NVMe SSDs, I guess I could use LVM to make an unencrypted partition just for that data.
Never needed it.
My guess is that the result is I pay a slight penalty on boot speeds, which is something I do rarely anyway.
With that said the penalty seems high. On LUKS it's much lower, and perversely some of the benchmarks actually run faste
Re: (Score:2)
The desktop: not so much.
Because that heavy desktop is in my house, bolted to the desk en the drives aren't hot swappable from the outside. So you need tools to access it.
And my windows and doors are strong, with strong locks. And the top on the cherry: visible alarm
Re: (Score:2)
Fair enough.
I don't have my data drive encrypted, since it's from an older install. It does have non critical data and my borg backups, but those are encrypted anyway.
My doors and windows aren't as strong as they could be, but neither are my neighbors ones (the appearance of the front of my house is controlled). There are sometimes burglaries, but the most common one is to smash get in and out fast with car keys before anyone can respond to the alarm. Either that or just steal the catalytic converter off a
Re: (Score:3)
The data partition of my private desktop PC is encrypted (I use dm-crypt). If a burglar breaks in and steals my PC, I lose the hardware but they won't screw me over by accessing my passwords, financial data, etc. that can be recovered from a non-encrypted data disk. Also no risk of data leak if I need to send the ssd back for repair or replacement. My workplace activated the encryption on business laptops several years ago for the same reasons.
It is useful to activate it by default such that most people wil
Re:Is it worthwhile? (Score:4, Insightful)
However, full-disk encryption is only for the paranoid, say if your attack scenario includes secret services getting into your hotel room while you're out, to plant malware directly into your OS folders.
Every OS I've ever used leaks a non-trivial amount of private data to the OS drive in the case of a separated data/OS volume. It's not significantly harder to encrypt both volumes even if you're using a passphrase unlock rather than TPM/T2/other hardware solution.
Re: (Score:2)
(Clicked submit too early)
You should also consider the swap file / partition, which very likely exists on the unencrypted volume in your example, and may contain all manner of private data -- including the encryption keys for your data volume -- you think is protected.
Re: (Score:3)
I solved this issue by not having a swap and temporary/runtime files are in tmpfs (my cost is having to consider enough RAM). But you're right as this ste of option is not offered as standard by OSes, FDE is the only safe option for most.
Re:Is it worthwhile? (Score:4, Insightful)
What you say is true, and I certainly do that. However basic encryption on the home drive covers 99.9% of the attack surface.
The vast majority of the time, people aren't specifically attacking you. If your machine gets nicked it's probably going to be sold for cash to some dodgy bloke for his teenage kid. It'll then get infested with virii and etc and the automatic botnet data scraper identity theft stuff will get the data on the machine (yours) and that's where the problem lies.
The chance of someone specifically trawling for your data on a stolen machine is low I reckon.
Someone specifically hunting for keys in a swap partition of a stolen machine to crack a disk they have no idea contains anything is valuable is essentially zero.
If the machine doesn't just boot it'll be junked or maybe sold to someone who owns one of those weird dodgy tech shops who will wipe it and resell it. As long as whatever you have is enough to trigger that then your data is safe in almost all cases.
But I do agree, unless you have really really specific performance needs just check the "encrypt fucking everything" box on install. Anything else is pointless fuckery.
Re: (Score:2)
After checking: /run, where secrets could leak, is tmpfs in linux installs nowadays. Not sure how much information leaks from /var/cache, it did not seem anything important, it's mostly package manager related stuff; also nobody fetches emails into /var/spool/mail/ anymore. So making /tmp as tmpfs is the only step I found necessary to avoid leakages.
Re: (Score:1)
Yes, your SSD will fail catastrophically and you won't have a chance to wipe it but when it gets recycled in China somebody can use a chip reader to pull your sensitive data (passwords, bitcoin wallet, financials, etc.) and sell it to the highest bidder.
AES-NI is so fast that most people won't even notice so they're doing the right thing.
Re: Is it worthwhile? (Score:2)
Really? You can conceive of a few simple scenarios where you'd want to be sure your data was safe?
How about the highly probable disk failure requiring RMA? If the disk is encrypted your data is safe to RMA. If not the you're SOL and you need to have the drive securely shredded and just buy a new one.
Re: Is it worthwhile? (Score:1)
Re: (Score:2)
Because I still run a stationary computer at home.
With the amount of data I have I'd have to pay a lot for storage in the cloud - with questionable protection of what I have. "Sorry, our AI Bot decided that your family photos were illegal so we deleted all your files to protect you from yourself and we have now notified the police and social services about your questionable content"
Re: (Score:2)
SSD encryption protects you if someone were to remove the SSD and remove the flash chips and read them out. This only really happens during data recovery. Or if you have an Apple Mac.
BitLocker is a disk encryption system and protects you if someone removes the disk (HDD or SSD) from the computer and moves it to another computer. If it's encrypted, the disk cannot be read and
Who is surprised? (Score:2)
Microsoft Compatibility Telemetry is also evil. It consumes CPU and decreases battery life. Bad software written by incompetent software engineers.
Re: (Score:2)
What software doesn't consume CPU and decrease battery life? Are you going to tell me that Linux software is beautifully written and efficient? Right.
Re: (Score:3)
Generally speaking, with Linux you're trading cycles and power for something you want. With Windows, there's tons of stuff burning cycles and power (and bandwidth) for what Microsoft wants... without asking and without an easy way to disable it even if you're aware of it happening.
Re: (Score:2)
Linux trades CPU cycles only for "what you want" if you happen to be a full-fledged computer nerd. For those who struggle to figure out a TV remote control, not so much. That crowd--the ones who aren't good at technology--they can use Windows to do what they want, right out of the box. They're never going to get Linux to do that, without a technical person first spending a good bit of time setting it up for them.
And speaking of easy ways to disable things...are you kidding me? Are you suggesting that, on Li
Re: (Score:2)
Windows starts with everything and makes it difficult to remove what you don't want.
Linux distro usually start with what you need and you have to add extra. There's usually no need to remove anything.
Re: (Score:2)
Why would you think the Linux approach is better?
Install bookkeeping software. Installation fails because you didn't install some subsystem or another. Locate the subsystem and figure out how to install it. Now try installing the bookkeeping software again. Find out that some other component is missing.
How's that better, exactly?
That's why you have an OS partition/drive... (Score:2)
This has always been the case (Score:4, Interesting)
This has always been the case with Windows. Get a nice shiny new computer only to find it's true power hobbled by Window is some way, shape, or form. The solution used to be to go back one version of Windows. Now the only solution is advance to Linux and never look back.
Re: (Score:2)
So what happens when somebody steals your nice, fast Linux system? Is there anything on that hard drive that you wouldn't want others to see? Security (encryption) *always* trades security for speed, whatever OS you are using.
Re: (Score:2)
If you buy a new Windows machine the encryption will probably be using the SSD's built in stuff, which has no effect on performance.
Most SSDs have encrypted data for many years now. It's built into the controller. The key is stored in the SSD. All enabling BitLocker with "eDrive" (Microsoft's name for OPAL v2) does is move the key into the computer's TPM, where on Windows can access it (with an optional PIN or other authentication).
TFA is talking about people who install their own copy of Windows, rather th
Good intentions (Score:1)
Re: (Score:2)
Bitlocker is their encryption, the drive's is not. No as easy to "reverse engineer" if you know what I mean.
Incorrect (Score:2)
Windows 11 Home doesn't support BitLocker so you won't have encryption enabled there.
That's incorrect. While "bitlocker" is pro, Windows 11 home supports encryption and most Windows home laptops ship with it enabled. "Bitlocker" but with fewer supported mechanisms for managing the key material.
Disable! (Score:2)
If you are using Windows 11 in a VM on a host that already implements hardware disk encryption, you can disable Windows disk encryption with the following steps:
1. Open cmd as Administrator
2. Type manage-bde -off C: (or whatever drive is your encrypted data drive)
3. Profit
Maybe (Score:1)
I have Windows 11 (Enterprise) at home.
4x 2TB NVMe drives in RAID0, Bitlocker enabled. I also have i9-12900K and 64GB of DDR5 RAM.
I'm getting:
- 17704 MB/s read, 16008 MB/s write (SEQ1M Q8T1)
- 5933 MB/s read, 7543 MB/s write (SEQ1M Q1T1)
- 683 MB/s read, 918 MB/s write (RND4K Q32T1)
- 64 MB/s read, 137 MB/s write (RND4K Q1T1)
Theoretical max random read should be 28000 MB/s, so I'm only getting 63% of that.
On By Default? (Score:3)
Two boxes, clean installs of Windows 11 Pro, neither one has BitLocker enabled. I did not disable it - it was not on by default.
Re: (Score:3)
If you install using a local account it's not enabled. Maybe this is what you did?
There was a reason (Score:5, Informative)
There was a reason they switched to software encryption:
https://hardware.slashdot.org/... [slashdot.org]
Why? Because SSD makers were lazy, and did not implement good crypto. And Microsoft's own software implementation was for most users would be good enough: https://it.slashdot.org/story/... [slashdot.org] (even recommended by our old pal TrueCrypt)
Now, the article explains how to enable hardware encryption. (Very easy! Just requires a complete wipe and reinstall, using third party tools like Rufus, should be piece of cake for end users), or how to disable bitlocker altogether (Very useful if you use online banking or have other important accounts on your laptop. What could possibly go wrong?).
What would I recommend instead? Use VeryCrypt to convert your existing Windows install (might require some partition move):
https://www.makeuseof.com/encr... [makeuseof.com]
And choose the fastest / most secure combination you want using their benchmark on your own system.
Re: (Score:2)
or how to disable bitlocker altogether (Very useful if you use online banking
Bitlocker doesn't protect against online attacks.
Re: There was a reason (Score:3, Informative)
Class 0 (Score:2)
SSDs are all encrypted all the time whether you use OPAL, Class 0 or not the SSD runs the same crypto operations in all cases.
Personally a big fan of Class 0 and use it on my laptop to guard against theft. 100% transparent, no overhead, no OS dependencies. If you don't enter passphrase on boot the disk becomes a paper weight and you literally can't read or write a single byte. Only downside is you have to check model/vendor implementation first because some of them store encryption keys anyway and can be
Windows Technology GAH! (Score:2)
Is this actually on by default? (Score:2)
Looks like I won't be moving off Win10 again... (Score:2)
Not for a good, long while.
Re: (Score:2)
Re: (Score:2)
Win 10 does the same, this is not an 11 thing.
Re: (Score:2)
The last I checked, my Win10 machine hasn't annihilated desk subsystem performance the way the same machine running Win11 has.
Full disk encryption = no (Score:2)
Unless you are doing really sensitive work, there's just no reason to use full disk encryption. If you have a set of sensitive files, use something like Veracrypt to contain the files.
Encrypting everything - of course that slows things down, it doesn't matter that it's Windows. It also makes it much more difficult to do hardware-level work. For example: maybe your computer dies, and you'd like to move the SSD or disk to another computer.
Absolutely horrible! Until it isn't (Score:2)
On the same note, why do we keep insuring our house and the stuff we own. It costs a lot of money each month, slowing down our economy by maybe 10%. At least this does not come as a default. That money would be spent better elsewhere! Until the time when your house burns or is flooded, and that insurance policy is ... well, not priceless, but when it represents an amount of money you would not otherwise be able to raise, then somehow it *is* priceless.
What is the value of keeping your information private, i
Information is incorrect. (Score:2)
> Windows 11 Home doesn't support BitLocker so you won't have encryption enabled there.
If you log in with a microsoft account, and hey if you use windows you probably need to so your things are there, they both home and pro turn on encryption by default.
Unfortunately the implementation on home is a nightmare since it does not tell you about it and you don't get the key! First you know it that you computer breaks and you cannot access the files on anopther machine. It's called "device encryption" And it i
Almost as if MS doesn't want Windows for Gaming (Score:2)
M$! Y U Do Dis? (Score:2)
Re: (Score:1)
lots of software is windows only and for apple hardware lock in is bad.
Re: (Score:2)
So how does BitLocker performance compare to FileVault? If businesses need this kind of security (and most do), it's not fair to compare Windows with BitLocker, against Mac without FileVault. Both are going to cause a performance hit.
Re: (Score:3, Interesting)
They've got other ways.
For example, on one of my laptops about half the time I'm powering it up, it would require me to enter my recovery key. Which would require me to use my phone, log into their service, then copy a 48 character key from my phone to my laptop. It's a complete and total pain in the ass, but if I want my drive encrypted, I have to leave it enabled. Thanks, Microsoft.
Re: (Score:2)
Woah, now that is a weird one. That is definitely a "something else" issue, not the normal way it functions. I know the process you're talking about it well-- it popped up a lot when I tried to get around bitlocker on my corporate laptop to give myself admin privileges :D
Re:Most customer-unfriendly OS in history goes to. (Score:4, Informative)
That process you are blaming on Microsoft...it's not normal or typical. My company uses BitLocker. I have to type a 6-digit PIN on startup. Nothing else. If your system is requiring you to do some other mumbo-jumbo "about half the time," you have an issue with your system that needs to be fixed.
Re:Most customer-unfriendly OS in history goes to. (Score:4, Informative)
Mine does that whenever I use my (company issued) thunderbolt docking station. Apparently when I switch between booting with that station plugged in or not, that changes the "hardware configuration" enough that it needs the recovery key. I've basically memorized the stupid recovery key at this point.
Re: (Score:2)
Yep, I hate docking stations, I've yet to see one that isn't flaky, and doesn't introduce needless complexity such as what you are experiencing. What I do instead, is use a USB hub to switch all my USB devices (keyboard, mouse, headset, etc.). My monitor is a single 42" 4K TV in computer mode, so no need for multiple monitors, and I use the TV's remote control to switch inputs. One more step than using a docking station, but it works a whole lot more reliably.
Re: (Score:2)
I do have a Thunderbolt docking station connected, it's never really occurred to me that that might be the culprit.
Is there any way to prevent this with the docking station, beyond always turning the machine on while it's either connected or disconnected?
Re: (Score:2)
Just make sure that you come early and manually force the updates before the movies.
Then remove the internet connection before the computer has booted up and it won't mess with your movie. It's a mess, but sometimes you need to work around the way M$ decides that you shall do it.
Re: Most customer-unfriendly OS in history goes to (Score:2)
You can defer windows updates for weeks by simply choosing to do so in the settings application. That you rely so completely on a system and suffer with such an easily avoidable 'issue' is quite interesting.
Re: (Score:3)
What is the "unfriendly" part again? This article is about the performance hit when implementing full-disk encryption, there's nothing here about how "friendly" or "unfriendly" Windows is.
By the way, Mac OS also takes a performance hit when you enable FileVault2. And FileVault2 doesn't offer the flexibility that BitLocker does. https://www.micronicsindia.com... [micronicsindia.com].
Re: (Score:2)
Re: (Score:2)
Well you're in luck then, because Microsoft *does* allow you to turn off Bitlocker. Sure, it's on by default, but you can turn it off if you don't want it.
https://www.manageengine.com/p... [manageengine.com].
Re: (Score:2, Flamebait)
What is the "unfriendly" part again? This article is about the performance hit when implementing full-disk encryption, there's nothing here about how "friendly" or "unfriendly" Windows is.
By the way, Mac OS also takes a performance hit when you enable FileVault2. And FileVault2 doesn't offer the flexibility that BitLocker does. https://www.micronicsindia.com... [micronicsindia.com].
Liar.
Although when it was first introduced in 2003, in OS X 10.3 Panther(!) as a mostly software method, FileVault used to affect disk performance about 3 percent or less. Later, any Intel-based Mac with a T2 Chip, and all Apple Silicon-based Macs, have no performance hit from their hardware-based FileVault.
Also, even without enabling the "belt and suspenders" additional protection of FileVault2, Mac Volumes are automatically and transparently Encrypted by the T2 chip/storage controller in the Apple Silicon
Re: (Score:2)
Maybe you should actually read the article I linked to. More options include things such as encrypting only parts of the disk, for example. I didn't make this stuff up.
Re: (Score:2)
Maybe you should actually read the article I linked to. More options include things such as encrypting only parts of the disk, for example. I didn't make this stuff up.
Maybe that's why the MS scheme is glacially-slow.
Re: (Score:2)
So turn it off then!
And no, it's not that slow. If you read the article, it indicates that the slow speeds were only seen when doing random access reads and writes, which is not in any way a typical use case.
Re: Most customer-unfriendly OS in history goes to (Score:2)
This is only an issue on certain OEM computers shipped with Win11 Pro where the users DON'T do custom installs on the system...
So if you re-install/re-image the system, it's a non-issue.
If you build your own system, it's a non-issue.
If you upgrade your Win10 system to Win11, it's a non-issue.
But if you buy a new system from Dell, HO, Lenovo, etc and run the manufacturers OEM Win11 Pro OS install, it's an issue.
Who here runs the OEM Win11 Pro OS install on their systems?
Re: (Score:2)
I'm wondering how else they can make this unpleasant for those stuck with it.
They could make it do triple-verify on write so it kills the SSD faster.
Re: (Score:2)
Reading doesn't kill the SSD, only writing does. Here is a great explanation of wear leveling and over provisioning that explained a few things I didn't know.
Explaining Computers -- SSD Life Expectancy [youtube.com]
Re: (Score:2)
Then just make it write the data three times and skip the verification. Problem solved!
Re: (Score:2)
What do you replace it with?
Re: (Score:2)
Re: (Score:2)
It's wonderful that you only use the computer as a tabulating machine, as God intended.
Let the rest of us know when Linux can run Starfield.
Re: (Score:2)