BitLocker vs Dell Embassy Trust Suite

Back in ye olde days of Windows XP if you wanted hard drive encryption, you could either use some form of software encryption (most probably TrueCrypt) or you could buy a hard drive with a TPM chip soldered to the side of it to give you hardware encryption.

Obviously hardware encryption is better, especially if you want to encrypt your boot drive (i.e. the C:\) because its faster, a lot easier to setup and less prone to becoming broken. If you were using hardware encryption, chances are you were also using Wave Embassy Trust Suite to administer it. And if you were lucky enough to own a Dell this came bundled for free (with the Latitude series at least) as the rebranded Dell Embassy Trust Suite.

The Embassy software is needed to administer the TPM chip and do such jobs as creating user accounts and setting it up to sync with active directory. This was a bit clunky and it reminded me of the Windows 98se/Novell days but otherwise it worked pretty well.

The two most notable annoyances that the Embassy software had were that…

  1. The user has to login to access the hard drive before the laptop booted into Windows. And then had to login again to get into Windows – so this means that the user has to login twice. There was an option in the Embassy software so that it automatically logs into Windows for you but I’ve never used this option as I think it would just introduce problems of its own.
  2. The password sync with active directory didn’t always work.

However when Windows 7 arrived that all changed. Because if you bought the Ultimate or Enterprise  version of Window’s you also got MS’s BitLocker for free and its brilliant. After you enable BitLocker it encrypts your drive for you and then you just log into the computer as per usual so its seamless from the user’s point of view.

In my opinion if you want to encrypt a computer (using hardware encryption) use BitLocker. Even Wave, the people that make the Embassy software agree with me “BitLocker outperforms add-on, third-party FDE software solutions in two ways. First, it takes advantage of the Trusted Platform Module (TPM) — a security chip embedded in virtually all PCs available today — for strong key protection and system integrity verification. Second, its tight integration with Windows 7, Ultimate and Enterprise editions, puts less strain on a computer’s operating resources than third-party software solutions” . And have now created a management application for Bitlocker –