Win 7 new tool reveals: mobile data protection can be achieved

Among the many new features of Windows 7, my favorite is Bitlocker To Go. Compared with Bitlocker in Vista, Microsoft has further expanded its functionality in Windows 7, making BitlockerToGo included in the Enterprise and Ultimate versions of Windows 7 capable of supporting USB storage devices.

Bitlocker ToGo Function Overview

Bitlocker To Go (BtG) supports mouse right-click menu encryption, as shown in Figure 1. The Lexar 512MB U disk is selected in the figure.

The encryption process is very fast, and the encrypted mobile hard disk or USB flash drive can only be accessed after being verified by password or PIN code. And this protection is not limited to Windows 7 systems.

BtG protected files on mobile devices are not only accessible through Windows 7. These files can also be accessed on Windows XP and Vista. Files that are written after encryption can also be protected, as shown in Figure 2. If the Windows system does not open automatically after the mobile device is plugged in (automatic operation should be disabled from a security perspective), we can display the BtG encryption device through WindowsExplore, as indicated by the arrow. The files in the figure are the only files that are visible after the mobile device is encrypted.

After decrypting a BtG-encrypted mobile device in a Windows 7 system, the user can use the mobile device as a normal storage device, including full write and read capabilities. However, in XP or Vista systems, the decrypted mobile device only has read capability, and the user needs to copy the files to the local hard disk to edit and write these files.

In addition, any connected USB storage device is subject to Group Policy control when using BtG.

So, is there any shortage of BtG? In my opinion, it has few shortcomings. The biggest problem I encountered during testing was that I could not restore the encrypted mobile device to not. Encrypted device. Maybe this feature exists, but like many of the new features of Windows 7, it's hard to find. Other than that, I think this feature is quite good, and it would be best if you could add this feature to all versions of Windows 7 and Vista.

If you are interested in how to use BtG, you can continue reading down.

Settings and Testing

In my test environment, I used a Dell desktop to run Windows 7 beta (Ultimate version) and a Dell laptop to run Windows XP SP2. Other than that, there is no work to download and install, because BtG itself is part of Windows 7.

I first plugged in a 512MB LexarU disk on my desktop and waited for Win7 to recognize and apply the device. The next step is to open the drive list, right click on the Lexar device and select TurnonBitlocker, as shown in Figure 1.

The first screen appears as shown in Figure 3. I have to choose to encrypt by password or smart card, or both. In the test, I chose to encrypt only with a password. The program checks the strength of the password we entered. If the entered password does not meet the password strength requirements, it will be modified by the program. If you don't know what kind of password is strong enough, you can click the help link next to it. Win7's help file will teach users how to set a strong password, as shown in Figure 4.

After entering the password, the USB flash drive is encrypted (the 512 USB flash drive is less than two minutes), and I will be asked how to store my decryption code. The decryption code is usually used when the user forgets the password or the smart card is lost. As shown in Figure 5, we can choose to print it or save it to a file. Although Microsoft recommends that users print and save the decrypted code as a file at the same time, I just saved it in a text file and saved it on the laptop.

The process of testing and decrypting is very simple. I unplug the USB flash drive from the computer and wait for a few seconds before plugging it in. Win7 immediately detected that this was a BtG-encrypted device, and the dialog shown in Figure 6 popped up.

In the first decryption, I entered the correct password and the USB flash drive will be available immediately. In the second test, I chose to forget the password, so the system pops up the window to enter the decryption code, as shown in Figure 7.

The second part of the reply code identification code needs to be noted. This code is written to the removable storage device when it is encrypted. In addition, this code is also included in our saved text files or printed documents. With this code, we can more clearly know which recovery code is the corresponding mobile device. So I copied the decryption code from the previously saved text document and pasted it into the corresponding text box. Next we can choose to change the password or verification method to make it easier to decrypt the device in the future.

BtG in Windows 7 can be said to be almost perfect, so I tested it on my XP laptop. Since autorun has been disabled, I can only manually run BtG through the resource manager, as shown in Figure 2. The window after running is shown in Figure 8.

We can see that the decryption window of XP is different from the Win7 decryption window shown in Figure 6. In Windows 7, I can choose to automatically decrypt when I insert a USB flash drive later, but not in XP.

After entering the password, a browser-like window appears, telling me that I need to copy the required files to my local hard disk for reading and writing. For non-Windows 7 systems, this step is required, otherwise full read and write permissions are not available. I also tried to write the file back to the USB flash drive, but it didn't work (this feature is not currently supported).

In short, in my opinion, BtG in Windows 7 is an excellent feature for both corporate and home users.