Q: How does Windows Vista’s BitLocker Drive Encryption compare with Windows XP’s Encrypting File System (EFS) for protecting data on a laptop?
A: I was a long-time EFS user, but I recently stopped using it in favor of BitLocker. EFS works on a file-by-file basis, whereas BitLocker encrypts the entire volume and eliminates many of the laptop vulnerabilities that let information leak out of encrypted folders and into unencrypted folders. EFS is also vulnerable to sophisticated attacks that insert malicious code into the startup files in the Windows OS and wait for the user to enter a password and access encrypted files. A laptop equipped with the Trusted Platform Module and BitLocker can mitigate this risk.
BitLocker also supports storing the encryption key on a USB flash drive for added security. You can even use certain USB flash drives that support biometric authentication, such as those from MXI Security, to require two-factor user authentication before allowing access to encrypted drives. Note that only Vista Ultimate and Vista Enterprise support BitLocker.