A day in the life: using a T61 delivered early '08:
My Password Manager used to produce a window offering to remember websites etc. Although I picked up on this offer a few times, and although Password Manager continues to log me on to the few sites I asked it to remember for me, it has quit offering to remember any additional sites. The following is a recital of trying to get this working again, concluding with the
query as to whether Password Manager serves any security function in the first place.
Seeking to regain the Password Manager functionality on the presumption it may be worth having, I used the support questionaire at https://www-930.ibm.com/support/esc/signin.jsp to ask about this, and did get a phone call back from a technician, but he noted this issue he would have to pass up to more senior techs, who he thought would get back to me in a few days. That would have been late March, so maybe this is something nobody's been able to figure out yet.
This forum is a pleasant way to ventilate and seek solidarity, though my expectations for help are nil. Anyway, to continue:
Without a meanginful response from Lenovo/IBM, I asked a tech office at the local university who suggested I try to find out if there's a more recent version of the problem software. Low and behold, though I only bought this machine about 3 months ago, there is indeed a "Client Security Solution 8.1" available now. (My machine currently has version 8.0) 8.1 is only compatible with Rescue and Recovery 4.0 or later, however. Fortunately, it turns out I have 4.0 on this machine, so maybe I can give this a whirl to see if it solves the problem. http://www-307.ibm.com/pc/support/site.wss/document.do?lndocid=MIGR-46391
goes on to say 8.1 needs ThinkVantage Productivity Center 2.0 or later. Since my ThinkVantage Productivity Center software doesn't give a version number in the properties, I'm going to leap to the conclusion I have 1.0, and therefore need to install 2.0
When I click on the link for 2.0, I see a Readme about 8.1 which notes as "Consideration 1" [and only, that] The Client Security Solution 8.0 Secure Logon feature might not prompt the user to create a new passphrase on computers running Windows Vista." With nothing else to go on, I'm going to leap to another conclusion that this means that all 2.0 is supposed to do is remedy the noted deficiency, which is not the deficiency I'm currently trying to remedy. So I will for now try to not upset the applecart any more than it's currently upset, but just keep on writing here:
I suppose if I reinstall the factory configuration for the whole drive I will regain the lost functionality of Password Manager. Of course I would have to learn how to do this, and how to back up all my stuff, etc etc. So, I rhetorically ask, is this worth the effort. Maybe I could decide, if I only knew the answers to a few questions:
Considering that I'm using a fully encrypted HD (the Seagate fde), with Passphrase protection, I'm going to assume anybody with physical access to my HD is not going to learn my website etc logon info. But if a hacker is interested while I'm on the internet, then:
Does the Password manager function of putting-login-info-in-an-encrypted-form-on-the- TPM-chip-separate-from-the-HD defeat any would-be eaves dropper, whereas otherwise he might succeed, where the "otherwise" of course is either
1) the logon info is typed in by the user (me) or
2)the logon info is remembered by the website at my request.
Are the answers to these questions the same regardless of how one is connecting to the internet: wireless router, cell modem, dial-up, landline DSL, cable?
Considering that the Password Manager function also enables the placement of other stuff in an encrypted form besides website login info on the separate TPM chip, stuff such as files you want to keep extra secure, what does this say about the security of files that are "only" on the encrypted/password protected HD? Are those files equally secure, or less secure? Are they secure from hackers only when they're not open in their unencrypted state? Or are they just as secure when they're open such that the owner can read them while online?
Well, thanks for partaking. I guess I'll go to bed now. Can't figure it out, and don't really expect to be told. Which is unsettling, knowing that hackers who've managed to collect thousands of social security numbers from the VA and consumate many other "pranks" are probably as well financed as anybody in the world to discover ways to find out all they care to about anybody, and fraud 'em out of whatever they're good for. Hey, who needs Al Qaida....
My name is Victor & I find a lot of symmetry to what I am currently going through with these T61 Laptops.
I have been trying for 3 months now to get some answers to how the encryption works on the FDE drives, as well as what the limitations are. For instance with the FDE drives I am finding that the "encrypted" data can be read by any of the T61 systems when there is not a HDD password set.
This HDD password I assume is the ATA Password for the HDD. If this is the case then the data is not all that secure at this time. Since the methods for cracking an ATA Password are out on the net & accessable. When I purchased these laptops I was not informed that they could come with 2 different HDD's in them. 1 is the Hitachi & the other is Segate. Both these drives say they are FDE drives. Yet they work differently according to the manufacturers sites. I have also noticed that in the BIOS when using a Hitachi drive, the reset crypto key is not there. I just found an .exe on Lenovo's site to supposedly add that functionality in.
One wonders why this was not put in there in the 1st place?
I am also very dissatisfied with the customer support on this.
If Lenovo is going to sell this technology, it would seem to me that they should know how it works & support it as well.
Anyhow, I am sure I will be posting more here soon. I now have to get back on the phone to Lenovo & start round 34 of lets get transfered to someone else who will not be able to help me...
In addition to what it says, I will here add that stuff you put on a Seagate fde drive that you haven't password protected is readable by ANY computer which you will see by taking out the drive and hooking it to any machine with usb.
Before I bought my machine I researched the Seagate fde and satisfied myself that it's the way to go when you also have the TPM chip. I later encountered the Hitachi but concluded even though it comes in bigger GB, it's not as effective in the encryption department. (I'd have to look up my notes to say why, but I am sure about the conclusion/decision.)