Today i took my first steps into the world of Linux by creating a bookable Mint Cinamon USB stick to fuck around on without wiping or portioning my laptop drive.

I realised windows has the biggest vulnerability for the average user.

While booting off of the usb I could access all the data on my laptop without having to input a password.

After some research it appears drives need to be encrypted to prevent this, so how is this not the default case in Windows?

I’m sure there are people aware but for the laymen this is such a massive vulnerability.

  • phantomwise@lemmy.ml
    link
    fedilink
    English
    arrow-up
    23
    arrow-down
    1
    ·
    6 months ago

    I thought BitLocker was enabled by default on Windows 11, which is a terrible idea imo. Full disk encryption by default makes sense in professional settings, but not for the average users who have no clue that they’ll lose all their data if they lose the key. If I had a penny for every Windows user who didn’t understand the BitLocker message and saved the key on their encrypted drive, I’d have a lot of pennies. At the very least it should be prompted to give the user a choice.

    • catloaf@lemm.ee
      link
      fedilink
      English
      arrow-up
      5
      arrow-down
      1
      ·
      6 months ago

      Windows does not let you save the key to the drive being encrypted. (Unless you access it via SMB share, which I’ve done a number of times during setup before moving it off.)

      • phantomwise@lemmy.ml
        link
        fedilink
        arrow-up
        4
        arrow-down
        2
        ·
        6 months ago

        You mean it prevents people from writing the key on a piece of paper when they get the BitLocker message, then copy it on a text file once their session is running and throw the paper away or lose it later ?

    • krash@lemmy.ml
      link
      fedilink
      arrow-up
      3
      ·
      6 months ago

      This is true - it is enabled by default in win11. I disagree with you it being a terrible idea - imagine all the sentistive data people put on their hard drives - would they want to to fall in the wrong hands if they lose their computer? Or if their hard drives fails so they can do a secure wipe?

      I’m not a fan of Microsoft, but they did solve the key issue in the enterprise setting by storing the key in they entrance identity. Same should be done for home consumers, since having a Microsoft account is being shoved in everyone’s throat anyway…

      • fatalicus@lemmy.world
        link
        fedilink
        arrow-up
        2
        ·
        6 months ago

        Yeah, should be noted that bitlocker is only default enabled if you set windows up with a Microsoft account, since it then saves the recovery info on that account “in the cloud”.

        If you set it up with a local account, you still need to enable it manually, so that you can save the recovery info somewhere else.

      • phantomwise@lemmy.ml
        link
        fedilink
        arrow-up
        1
        ·
        6 months ago

        It’s a matter of perspective I guess. I’m not a fan of overkill security measures that get too much in the way of usability and risk creating problems for you, especially when physical access is a minor risk in most cases. I agree that having a Microsoft account to backup your key is a solution, but not a very good one since you trade vulnerability to a possible physical access that probably is never going to happen for the absolute certainty of your data being spied on by Microsoft…