A day in the life: using a T61 delivered early '08:
My Password Manager used to produce a window offering to remember websites etc. Although I picked up on this offer a few times, and although Password Manager continues to log me on to the few sites I asked it to remember for me, it has quit offering to remember any additional sites. The following is a recital of trying to get this working again, concluding with the
query as to whether Password Manager serves any security function in the first place.
Seeking to regain the Password Manager functionality on the presumption it may be worth having, I used the support questionaire at
https://www-930.ibm.com/support/esc/signin.jspto ask about this, and did get a phone call back from a technician, but he noted this issue he would have to pass up to more senior techs, who he thought would get back to me in a few days. That would have been late March, so maybe this is something nobody's been able to figure out yet.
This forum is a pleasant way to ventilate and seek solidarity, though my expectations for help are nil. Anyway, to continue:
Without a meanginful response from Lenovo/IBM, I asked a tech office at the local university who suggested I try to find out if there's a more recent version of the problem software. Low and behold, though I only bought this machine about 3 months ago, there is indeed a "Client Security Solution 8.1" available now. (My machine currently has version 8.0) 8.1 is only compatible with Rescue and Recovery 4.0 or later, however. Fortunately, it turns out I have 4.0 on this machine, so maybe I can give this a whirl to see if it solves the problem.
http://www-307.ibm.com/pc/support/site.wss/document.do?lndocid=MIGR-46391goes on to say 8.1 needs ThinkVantage Productivity Center 2.0 or later. Since my ThinkVantage Productivity Center software doesn't give a version number in the properties, I'm going to leap to the conclusion I have 1.0, and therefore need to install 2.0
When I click on the link for 2.0, I see a Readme about 8.1 which notes as "Consideration 1" [and only, that] The Client Security Solution 8.0 Secure Logon feature might not prompt the user to create a new passphrase on computers running Windows Vista." With nothing else to go on, I'm going to leap to another conclusion that this means that all 2.0 is supposed to do is remedy the noted deficiency, which is not the deficiency I'm currently trying to remedy. So I will for now try to not upset the applecart any more than it's currently upset, but just keep on writing here:
I suppose if I reinstall the factory configuration for the whole drive I will regain the lost functionality of Password Manager. Of course I would have to learn how to do this, and how to back up all my stuff, etc etc. So, I rhetorically ask, is this worth the effort. Maybe I could decide, if I only knew the answers to a few questions:
Considering that I'm using a fully encrypted HD (the Seagate fde), with Passphrase protection, I'm going to assume anybody with physical access to my HD is not going to learn my website etc logon info. But if a hacker is interested while I'm on the internet, then:
Does the Password manager function of putting-login-info-in-an-encrypted-form-on-the- TPM-chip-separate-from-the-HD defeat any would-be eaves dropper, whereas otherwise he might succeed, where the "otherwise" of course is either
1) the logon info is typed in by the user (me) or
2)the logon info is remembered by the website at my request.
Are the answers to these questions the same regardless of how one is connecting to the internet: wireless router, cell modem, dial-up, landline DSL, cable?
Considering that the Password Manager function also enables the placement of other stuff in an encrypted form besides website login info on the separate TPM chip, stuff such as files you want to keep extra secure, what does this say about the security of files that are "only" on the encrypted/password protected HD?
Are those files equally secure, or less secure? Are they secure from hackers only when they're not open in their unencrypted state? Or are they just as secure when they're open such that the owner can read them while online?
Well, thanks for partaking. I guess I'll go to bed now. Can't figure it out, and don't really expect to be told. Which is unsettling, knowing that hackers who've managed to collect thousands of social security numbers from the VA and consumate many other "pranks" are probably as well financed as anybody in the world to discover ways to find out all they care to about anybody, and fraud 'em out of whatever they're good for. Hey, who needs Al Qaida....
Message Edited by Cripes on
05-07-2008 09:30 PM
