Uhhh, I'm gonna say lock the hard drive?
Just a guess here -- some lock the hard drive to annoy thieves. Problem then of course is lost passwords.
Intel is trumpeting a recent study that shows businesses and other organizations risking billions of dollars annually due to lost or stolen laptops. But worry not: it has a "third pillar" to prop up those losses. "Looking at these results, you can barely fathom the significant financial impact of missing laptops," the general …
I thought the current generation of hardware-encrypted HDD provide a pretty good answer to this, so long as the laptop enforces its use with a non trivial password when ever it is closed/idle for long?
Of course, that alone is a problem as users don't like password-locked screen savers, but at least there should be little performance loss, and no worries about the OS caching sensitive stuff outside of your chosen encrypted folders.
Presumably you can get those supporting two (or more) passwords, the user's one and a separate admin one to fix it when the users forgets/reveals their password?
If so, WTF is Intel gaining from $billions of McAfee?
What's in it for Intel? Presumably when laptops are lost or stolen they're replaced, ie a new order for a new shiny laptop with new Intel parts.
If laptops aren't getting lost then aren't Intel going to lose their share of 86,455 from the 329 firms - granted it won't be all of them but Intel's still a large share of the market, especially corporate.
So they've spent $7.68 billion to reduce sales? And before someone jumps in and says that the $7.68 billion is to increase market share in corporate sales with this new fancy tech please go back and read the article where Intels research makes it clear no one gives a shit and won't pay the premium for it.
Even if they do the competition will just follow suit making no differentiator at all, nice for consumers with lovely new security, sod all difference to the manufacturers - which I believe was Intel's primary business last I checked.
My theory... protection of their market share and margins, now for both AV *and* CPU (probably MOBO too). They'll sell their solution as more secure than the competition, and if they run their patents right they very well could lock the competition out of doing a me-too on it.
Like the previous commenters, this seems like overkill to me... but all it would really take is a legal precedent stating, more or less, that hard drive encryption by itself was an inadequate protection against data loss (*points in general direction of multiple massive class action suites filed against companies for data loss) - if something like that happened, and the new legal bar was set for Intel's solution then they could essentially lock out the other CPU and AV vendors from corporate laptops.
That's my conspiracy theory at least... FWIW
And they expect us to take this study seriously?
My guess is that the small minority of laptops that are properly secured overlaps quite significantly with the small minority that have such a high value.
My guess is also that they've concocted this estimate by adding up every worst case estimate they could pull out of their arses and this would include accepting at face value some CEO's over-inflated opinion of his own (and therefore, his laptop's) value.
It's been done. Not long(?maybe) after "don't die of ignorance" we had this: http://www.wellcomecollection.org/explore/sickness--health/topics/aids-posters/video.aspx?view=geronimo
Got a spectacular "ewww" from cinema audiences, did that - and was almost certainly all the more effective for it.
"We have concluded that security has now become the third pillar of computing, joining energy-efficient performance and Internet connectivity in importance."
That's right - connect millions of computers to the internet and THEN worry about security several years later. You couldn't make it up.
Then again, Intel do have a long history of working rather closely with MS so it's understandable.
A usb key that also includes an rfid chip, they could then build the pairing into the hardware, so that when a master key (owned by the company and sold to them for $$$) is plugged in and the laptop is started it will register with that master key and ask for a slave key to be inserted, which will then be registered too.
And to ensure that the users don't lose it, the rfid chip can be configured to open all the doors (that they're allowed to access).
That is : educating the user.
No amount of hardware thingamajigs or encypto-magic voodoo is going to beat a user who just couldn't be bothered - and if there is one thing that the Internet has proven beyond all discussion, it's that there's always a better idiot.
And if the security is transparent to the user, than that means it is tied into the physical object and thus available for decryption to the criminal mastermind.
No, I'm sorry, but you will not be able to ensure 100% security with a dongle, encryption or any other technobabble excuse. To pretend otherwise is just a bald-faced lie.
What most of these studies don't address, is that the average laptop thief not only couldn't care less about your data, but is probably not clued up enough to find and extract the data from the device anyway.
All the thief will care about, is how much he can sell the laptop for and how many hits of whatever drugs he wants can be bought with the resulting cash.
But if you want some fun, get some laptop bags (preferably obvious ones with a manufacturer name printed prominently on the side so its obvious what the bag contains), some really old (ie worthless) laptops and a few hidden cameras and watch people steal these things from bars, trains, etc, basically anywhere you might put your laptop down.
Yes, the thief will just sell the laptop on, but the buyer will be much more keenly aware that such devices might contain personal information (like passwords for online banking) and will be in the business of identity theft.
Lost a laptop? Probably time to change a few passwords. (But as I said earlier, we're still not talking $50,000.)
The problem you have with a lot of laptops is Windows, and its tendency to 'bleed' information all over the file system.
While you can, as a smart users, make sure your documents & email are in the truecrypt drive, only to find stuff like password hashes, etc, stored elsewhere. And you need to boot windows first to run truecrypt...
Hence the advantage of hardware encrypted HDD - no real performance penalty and the whole OS, of any choice, is secured.
I haven't used it (yet), but according to their site you can encrypt the Windows partition just like McAfee and PointSec (two software HDD encryption solutions I am familiar with).
No doubt the performance of a hardware-based solution would be better, but your statement that "you need to boot windows first to run truecrypt" appears to be wrong.
Yes, there appears to be the full-disk mode, but reading the section about the rescue disk, it brings up the issues that dual-boot had with some software - they bugger-up the boot area for "activation" reasons (i.e. worse-than-usual DRM), and the problems of fixing a broken system (for whatever reason):
http://www.truecrypt.org/docs/?s=rescue-disk
So while it is possible, it may prove to be unreliable in practice. Also, from my own experience of dual-booting XP, sometimes it gets screwed by AV which assumes (incorrectly) that a boot loader change is an infection.
There are already plenty of solutions to data security on lost laptops. Truecrypt for example.
Plus are already plenty of laptops with built in hardware level encryption.
Unfortunately until they are used and enabled by default they won't help.
Even when they are, you just know the idiots in the public service will be walking about with unencrypted data either on a memory stick or a CD/DVD which will spend their entire life in the laptop bag until the day they are left in the back of the taxi.
I just had someone lose over 3 years of baby pictures because someone convinced him that he needed to use encryption to "protect" his data. Then tech support had him do a factory restore. He never exported the encryption keys so the data was lost forever.
I had to explain that making his data permanently inaccessible to everyone, including himself was what was meant by protection.
There are some people who have sensitive information on their laptops, but those people should have IT support staff assisting them with that.
What we don't need is for the average user to be presented with a "click here to protect your data using encryption" pop up.
I can't quibble with the fact that one can crack a laptop login password and find all sorts of useful information, both the info itself and that which leads one to other information in a domain. I use similar cracking tools for 100% legitmate and legal purposes. It just illustrates the old maxim that without physical security, you've got nothing.
But how valuable is that lost data? That is the real question that needs answers before we all stampede to McAfee security software to help Intel to make back its bundle... Ben Myers
Give the successful thief an option. Three tries. A fourth try will totally wipe the system with military encryption and simply present him with a working computer...with a damaged core file of some sort. Have that core file only repairable with verifying information or some sort of storage. Then he uses the computer, and thinks he's destroyed it. Loss of equipment but hopefully not loss of data.