Security Chip Questions

[Tõnis]

I have never activated my ThinkPad's integral security chip. I'm wondering, are the chips reliable? What kind of risks (besides forgotten passwords) would I run if I were to activate it? I mean, have they been known to fail, and, if and when they do, do affected ThinkPads become unusable? My Thinkpad is not at a high risk of theft, but, even so, I wouldn't mind having the extra security if the risk is low or none. Right now, the ThinkPad's hardware and operating system seem to be working perfectly, so I don't want to invite problems by taking unnecessary risks in pursuit of potentially small gains. I'm wondering if it's worth it ...

TIA for your thoughts,

Tõnis

[Tõnis]

Nobody has some thoughts on this one?

[GomJabbar]

...I don't want to invite problems by taking unnecessary risks in pursuit of potentially small gains. I'm wondering if it's worth it ...

For me, I decided the risks of a snafu with the Client Security Software outweighed the risks of theft. I would use the security chip with the fingerprint scanner (if I had one), but otherwise I would leave it alone. YMMV

I did experiment with the Client Security Software about 3 years ago for about a month, but I ended up deciding to take it off my T42.

[Tõnis]

For me, I decided the risks of a snafu with the Client Security Software outweighed the risks of theft. I would use the security chip with the fingerprint scanner (if I had one), but otherwise I would leave it alone. YMMV

Thanks for the reply, GomJabbar. I'm inclined to go the same route as far as Client Security goes. (I specifically didn't order the fingerprint reader with my R61, because I feared there could be problems with it.) At this point, I think the security chip itself is disabled in the unit's BIOS. I'll leave it that way ...

Tõnis

[mpcook]

For me, I decided the risks of a snafu with the Client Security Software outweighed the risks of theft. I would use the security chip with the fingerprint scanner (if I had one), but otherwise I would leave it alone. YMMV

I did experiment with the Client Security Software about 3 years ago for about a month, but I ended up deciding to take it off my T42.

I have exactly the same opinion. I also experimented with it, on an X31, and then removed it. For me, the risks outweighed the benefit.

Mike

[Tony's X60s]

A few years ago, I had a lot of problems getting CSS7 to work with the security chip on my X60s and finally uninstalled CSS and turned the chip off. I relied instead on BIOS passwords (power-up, hard disk and supervisor) and whole-of-disk encryption using TruCrypt.

My trawling the forum indicated that if I set the BIOS supervisor password and forgot it, the motherboard must be replaced, whereas if it is not set, I could get my PC to forget the power up and hard disk passwords, simply by dismantling the PC and removing the CMOS battery for a while. So if you want to make the PC totally useless to a thief, set all three passwords and if you want the hard drive data to be unreadable, encrypt it. I did both and had no problems at all apart from a slight nuisance in the occasional BIOS upgrade where I had to remove the supervisor password to flash the BIOS.

Since I got my new X300 a few months back, CSS (release 8 I think) has operated flawlessly and a I find Password Manager a real convenience. I haven't bothered to encrypt the SSD as I'm not sure it would be very readable to a thief anyway (I'd be interested in other's views on this). I have set the BIOS passwords as before.

[RealBlackStuff]

There's no need to use any encryption if you use Hard Disk passwords.
These are unbreakable, unless you have a forensic laboratory.

EDIT: The above is only valid for IBM and Hitachi Hard Drives!
Other hard disk brands passwords can be broken with commercially available software!

[Tony's X60s]

It's just that if I do a google on "hard disk password" I get a few sites (and they sound very plausible) that offer to unlock a locked hard drive while preserving its data for about $US50.

I would love to read a full explanation of how the Thinkpad hard drive lock works so I could satisfy myself about its strength. I don't believe in 'security through obscurity' - all it means is that only serious criminals go the the trouble of obtaing the 'secrets' required to attack the data protection. And when I see a Windows program sold for a $50 dollar licence to unlock one drive, it makes me wonder - a criminal wouldn't have to be very serious to venture that much.

[RealBlackStuff]

If you have an IBM or Hitachi drive, the password is unbreakable, except in above lab.
I have tried everything to "break" into a locked IBM HD and a Hitachi HD, using every possible program I could find (legally or not so legal). NO WAY!
Fujitsu, Toshiba, Western Digital, Seagate, Maxtor and Samsung on the other hand can be broken!

[Tony's X60s]

Link Sent. I understood that Thinkpads (at least my X60s) use Toshiba hard drives with IBM firmware. Does the firmware change the inherent security level of the ATA password that the Toshiba drive has?

[ajkula66]

ThinkPads use a variety of drives, including Hitachi, Seagate, Fujitsu and Toshiba...

Personally, I find security chip to be an annoyance that can cause the laptop's premature death. I just parted out a very pretty A31p which had the security chip go nuts out of the blue...

Also, if RBS says that something can't be broken into I'd very much tend to believe him...having seen just minute bits and pieces of his tremendous knowledge in action...

Now, if I had anything that I'd want to hide that bad, it wouldn't be residing on my laptop's HD to begin with, but that's me...