XPost: alt.comp.os.windows-11, alt.comp.microsoft.windows   
   From: mariasophia@comprehension.com   
      
   Paul wrote:   
   >> In summary, Veracrypt is the solution that is designed by users for users,   
   >> while, IMHO, Bitlocker is a marketing abomination designed for MS lock-in.   
   >   
   > One problem with the protection placed on Home, is users   
   > not being aware it is present.   
   >   
   > That's a pretty big issue.   
   >   
   > Encryption involves a cost:benefit analysis. If   
   > a given implementation is mostly cost, and no benefit,   
   > why is it even there ?   
   >   
   >    manage-bde -status   
   >   
   > Either don't use encryption, or design your own encryption   
   > scheme that meets your requirements. If that means upgrading   
   > to Pro as a solution, then fine, disable the Home version   
   > of encryption, then do the Upgrade. Or, go with Veracrypt   
   > or something similar.   
   >   
   > When an OS has strange policies, you're pretty well forced   
   > to stay on top of every subsystem :-/   
      
   This is intended to be a discussion of the benefits of alternative choices   
   to Bitlocker on Microsoft Windows (both Home & Pro/EDU/Enterprise) such as   
   Veracrypt.   
      
   On older desktops (such as mine), TPM isn't an option, so BitLocker   
   can work on my non-TPM desktop but BitLocker has nowhere secure to store   
   the key for auto-unlock. So Bitlocker will only work with a manual   
   configuration and with weaker protection than on a TPM-equipped machine.   
      
   VeraCrypt, by contrast, works normally with full strength on any hardware   
      
   Still, Paul makes a good point about the cost:benefit side of encryption.   
   The biggest problem with the BitLocker implementation on Home is exactly   
   what he said, which is that users often do not even know it is enabled, how   
   it works, or what its limitations are. Hidden security is not the same as   
   controlled security.   
      
   That is where the difference between BitLocker and VeraCrypt becomes clear.   
      
   BitLocker changes behavior depending on edition, TPM version, and Microsoft   
   account defaults. VeraCrypt does none of that. It behaves the same on every   
   machine and always requires the user to make an explicit decision about the   
   boot password and key handling.   
      
   So I agree with Paul that strange OS policies force users to stay on top of   
   every subsystem. My point in the PSA is simply that VeraCrypt avoids those   
   policy traps by giving the user full visibility and full control, which is   
   why it ends up being the more predictable FDE solution on both older and   
   newer hardware (IMHO).   
      
   I don't discount that there are other solutions which may be just as good.   
   --   
   My conclusions follow the simplest model that fits every known fact.   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)