HOME
The Info List - BitLocker


--- Advertisement ---



BitLocker
BitLocker
is a full disk encryption feature included with Windows Vista and later. It is designed to protect data by providing encryption for entire volumes. By default it uses the AES encryption algorithm in cipher block chaining (CBC) or XTS mode[6] with a 128-bit or 256-bit key.[7][8] CBC is not used over the whole disk; it is applied to each individual sector.[9]

Contents

1 History 2 Availability

2.1 Device encryption

3 Encryption
Encryption
modes 4 Operation 5 Security concerns 6 See also 7 References 8 External links

History[edit] BitLocker
BitLocker
originated as a part of Microsoft's Next-Generation Secure Computing Base architecture in 2004 as a feature tentatively codenamed "Cornerstone",[10][11] and was designed to protect information on devices, particularly in the event that a device was lost or stolen; another feature, titled "Code Integrity Rooting", was designed to validate the integrity of Microsoft Windows
Microsoft Windows
boot and system files.[10] When used in conjunction with a compatible Trusted Platform Module (TPM), BitLocker
BitLocker
can validate the integrity of boot and system files before decrypting a protected volume; an unsuccessful validation will prohibit access to a protected system.[12][13] BitLocker
BitLocker
was briefly called Secure Startup prior to Windows Vista
Windows Vista
being released to manufacturing.[12] Availability[edit] BitLocker
BitLocker
is available on:

Ultimate and Enterprise editions of Windows Vista
Windows Vista
and Windows 7 Pro and Enterprise editions of Windows 8
Windows 8
and 8.1[1][2] Pro, Enterprise, and Education editions of Windows 10[3] Windows Server 2008[4] and later[5][1]

Initially, the graphical BitLocker
BitLocker
interface in Windows Vista
Windows Vista
could only encrypt the operating system volume. Starting with Windows Vista with Service Pack 1 and Windows Server 2008, volumes other than the operating system volume could be encrypted using the graphical tool. Still, some aspects of the BitLocker
BitLocker
(such as turning autolocking on or off) had to be managed through a command-line tool called manage-bde.wsf.[14] The latest version of BitLocker, first included in Windows 7
Windows 7
and Windows Server 2008
Windows Server 2008
R2, adds the ability to encrypt removable drives. On Windows XP
Windows XP
or Windows Vista, read-only access to these drives can be achieved through a program called BitLocker
BitLocker
To Go Reader, if FAT16, FAT32 or exFAT filesystems are used.[15] In addition, a new command-line tool called manage-bde replaced the old manage-bde.wsf.[16] Starting with Windows Server 2012 and Windows 8, Microsoft
Microsoft
has complemented BitLocker
BitLocker
with the Microsoft
Microsoft
Encrypted Hard Drive specification, which allows the cryptographic operations of BitLocker encryption to be offloaded to the storage device's hardware.[17][18] In addition, BitLocker
BitLocker
can now be managed through Windows PowerShell.[19] Finally, Windows 8
Windows 8
introduced Windows To Go
Windows To Go
in its Enterprise edition, which BitLocker
BitLocker
can protect.[20] Device encryption[edit] Windows Mobile 6.5, Windows RT
Windows RT
and core edition of Windows 8.1
Windows 8.1
include device encryption, a feature-limited version of BitLocker
BitLocker
that encrypts the whole system.[21][22][23] Logging in with a Microsoft account with administrative privileges automatically begins the encryption process. The recovery key is stored to either the Microsoft account or Active Directory, allowing it to be retrieved from any computer. While device encryption is offered on all versions of 8.1, unlike BitLocker, device encryption requires that the device meet the InstantGo (formerly Connected Standby) specifications,[23] which requires solid-state drives, non-removable RAM (to protect against cold boot attacks) and a TPM 2.0 chip.[21][24] Encryption
Encryption
modes[edit] There are three authentication mechanisms that can be used as building blocks to implement BitLocker
BitLocker
encryption:[25]

Transparent operation mode: This mode uses the capabilities of TPM 1.2 hardware to provide for a transparent user experience—the user powers up and logs into Windows as normal. The key used for disk encryption is sealed (encrypted) by the TPM chip and will only be released to the OS loader code if the early boot files appear to be unmodified. The pre-OS components of BitLocker
BitLocker
achieve this by implementing a Static Root of Trust Measurement—a methodology specified by the Trusted Computing Group (TCG). This mode is vulnerable to a cold boot attack, as it allows a powered-down machine to be booted by an attacker. User authentication mode: This mode requires that the user provide some authentication to the pre-boot environment in the form of a pre-boot PIN or password. USB Key Mode: The user must insert a USB device that contains a startup key into the computer to be able to boot the protected OS. Note that this mode requires that the BIOS
BIOS
on the protected machine supports the reading of USB devices in the pre-OS environment. The key may also be provided by a CCID for reading a cryptographic smartcard. Using CCID provides additional benefits beyond just storing the key file on an external USB thumb drive, because the CCID protocol hides the private key using a cryptographic processor embedded in the smartcard; this prevents the key from being stolen by simply being read off the media on which it is stored.

The following combinations of the above authentication mechanisms are supported, all with an optional escrow recovery key:

TPM only[26] TPM + PIN[27] TPM + PIN + USB Key[28] TPM + USB Key[29] USB Key[30] Password only[31]

Operation[edit] BitLocker
BitLocker
is a logical volume encryption system. (A volume spans part of a hard disk drive, the whole drive or more than one drive.) When enabled, TPM and BitLocker
BitLocker
can ensure the integrity of the trusted boot path (e.g. BIOS
BIOS
and boot sector), in order to prevent most offline physical attacks and boot sector malware.[32] In order for BitLocker
BitLocker
to encrypt the volume holding the operating system, at least two NTFS-formatted volumes are required: one for the operating system (usually C:) and another with a minimum size of 100 MB, which remains unencrypted and boots the operating system.[32] (In case of Windows Vista
Windows Vista
and Windows Server 2008, however, the volume's minimum size is 1.5 GB and must have a drive letter.)[33] Unlike previous versions of Windows, Vista's "diskpart" command-line tool includes the ability to shrink the size of an NTFS volume so that this volume may be created from already allocated space. A tool called the BitLocker
BitLocker
Drive Preparation Tool is also available from Microsoft
Microsoft
that allows an existing volume on Windows Vista to be shrunk to make room for a new boot volume and for the necessary bootstrapping files to be transferred to it.[34] Once an alternate boot partition has been created, the TPM module needs to be initialized (assuming that this feature is being used), after which the required disk encryption key protection mechanisms such as TPM, PIN or USB key are configured.[35] The volume is then encrypted as a background task, something that may take a considerable amount of time with a large disk as every logical sector is read, encrypted and rewritten back to disk.[35] The keys are only protected after the whole volume has been encrypted, when the volume is considered secure.[36] BitLocker
BitLocker
uses a low-level device driver to encrypt and decrypt all file operations, making interaction with the encrypted volume transparent to applications running on the platform.[35] Encrypting File
File
System (EFS) may be used in conjunction with BitLocker to provide protection once the operating system is running. Protection of the files from processes and users within the operating system can only be performed using encryption software that operates within Windows, such as EFS. BitLocker
BitLocker
and EFS, therefore, offer protection against different classes of attacks.[37] In Active Directory
Active Directory
environments, BitLocker
BitLocker
supports optional key escrow to Active Directory, although a schema update may be required for this to work (i.e. if the Active Directory
Active Directory
Services are hosted on a Windows version previous to Windows Server 2008). BitLocker
BitLocker
and other full disk encryption systems can be attacked by a rogue boot manager. Once the malicious bootloader captures the secret, it can decrypt the Volume Master Key (VMK), which would then allow access to decrypt or modify any information on an encrypted hard disk. By configuring a TPM to protect the trusted boot pathway, including the BIOS
BIOS
and boot sector, BitLocker
BitLocker
can mitigate this threat. (Note that some non-malicious changes to the boot path may cause a Platform Configuration Register check to fail, and thereby generate a false warning.)[32] Security concerns[edit] According to Microsoft
Microsoft
sources,[38] BitLocker
BitLocker
does not contain an intentionally built-in backdoor; without a backdoor there is no way for law enforcement to have a guaranteed passage to the data on the user's drives that is provided by Microsoft. In 2006 the UK Home Office expressed concern over the lack of a backdoor[39] and tried entering into talks with Microsoft
Microsoft
to get one introduced, although Microsoft
Microsoft
developer Niels Ferguson and other Microsoft
Microsoft
spokesmen state that they will not grant the wish to have one added.[40] Microsoft engineers have said that FBI agents also put pressure on them in numerous meetings in order to add a backdoor, although no formal, written request was ever made; Microsoft
Microsoft
engineers eventually suggested to the FBI that agents should look for the hard-copy of the key that the BitLocker
BitLocker
program suggests its users to make.[41] Although the AES encryption algorithm used in BitLocker
BitLocker
is in the public domain, its implementation in BitLocker, as well as other components of the software, are proprietary; however, the code is available for scrutiny by Microsoft
Microsoft
partners and enterprises, subject to a non-disclosure agreement.[42][43] The "Transparent operation mode" and "User authentication mode" of BitLocker
BitLocker
use TPM hardware to detect if there are unauthorized changes to the pre-boot environment, including the BIOS
BIOS
and MBR. If any unauthorized changes are detected, BitLocker
BitLocker
requests a recovery key on a USB device. This cryptographic secret is used to decrypt the Volume Master Key (VMK) and allow the bootup process to continue.[44] Nevertheless, in February 2008, a group of security researchers published details of a so-called "cold boot attack" that allows full disk encryption systems such as BitLocker
BitLocker
to be compromised by booting the machine off removable media, such as a USB drive, into another operating system, then dumping the contents of pre-boot memory.[45] The attack relies on the fact that DRAM retains information for up to several minutes (or even longer if cooled) after power has been removed. There is the Bress/Menz device described in US Patent 9,514,789 that can accomplish this type of attack.[46] Use of a TPM alone does not offer any protection, as the keys are held in memory while Windows is running. Similar full disk encryption mechanisms of other vendors and other operating systems, including Linux
Linux
and Mac OS X, are vulnerable to the same attack. The authors recommend that computers be powered down when not in physical control of the owner (rather than be left in a sleep mode) and that the encryption software be configured to require a password to boot the machine.[45] Once a BitLocker-protected machine is running, its keys are stored in memory where they may be susceptible to attack by a process that is able to access physical memory, for example, through a 1394 or Thunderbolt DMA channel.[47] Starting with Windows 8
Windows 8
and Windows Server 2012 Microsoft
Microsoft
removed the Elephant Diffuser from the BitLocker
BitLocker
scheme for no declared reason.[48] Dan Rosendorf's research shows that removing the Elephant Diffuser had an "undeniably negative impact" on the security of BitLocker
BitLocker
encryption against a targeted attack.[49] Microsoft
Microsoft
later cited performance concerns, and noncompliance with the Federal Information Processing Standards (FIPS), to justify the diffuser's removal.[50] Starting with Windows 10
Windows 10
version 1511, however, Microsoft added a new FIPS-compliant XTS-AES encryption algorithm to BitLocker.[6] On 10 November 2015, Microsoft
Microsoft
released a security update to mitigate a security vulnerability in BitLocker
BitLocker
that allowed authentication to be bypassed by employing a malicious Kerberos key distribution center, if the attacker had physical access to the machine, the machine was part of domain and had no PIN or USB protection.[51] In October 2017, it was reported that a flaw in a code library developed by Infineon, which had been in widespread use in security products such as smartcards and TPMs, enabled private keys to be inferred from public keys. This could allow an attacker to bypass BitLocker
BitLocker
encryption when an affected TPM chip is used.[52] Microsoft released an updated version of the firmware for Infineon
Infineon
TPM chips that fixes the flaw via Windows Update.[53] See also[edit]

Features new to Windows Vista List of Microsoft Windows
Microsoft Windows
components Vista IO technologies Next-Generation Secure Computing Base FileVault

References[edit]

^ a b c d "What's New in BitLocker
BitLocker
for Windows 8
Windows 8
and Windows Server 2012". TechNet Library. Microsoft. February 15, 2012. Retrieved 2012-03-02.  ^ a b "Windows BitLocker
BitLocker
Drive Encryption
Encryption
Frequently Asked Questions". TechNet Library. Microsoft. March 22, 2012. Retrieved 2007-09-05.  ^ a b "Compare Windows 10
Windows 10
Editions". Windows for Business. Microsoft. Archived from the original on November 17, 2016.  ^ a b " BitLocker
BitLocker
Drive Encryption
Encryption
in Windows Vista". TechNet. Microsoft. Archived from the original on November 17, 2016.  ^ a b " BitLocker
BitLocker
Drive Encryption
Encryption
Overview". TechNet. Microsoft. Archived from the original on November 17, 2016.  ^ a b Hakala, Trudy (29 November 2016). "What's new in Windows 10, versions 1507 and 1511". TechNet. Microsoft. Retrieved 15 December 2016.  ^ "Windows BitLocker
BitLocker
Drive Encryption
Encryption
Frequently Asked Questions". TechNet Library. Microsoft. March 22, 2012. Retrieved 2007-09-05.  ^ Ferguson, Niels (August 2006). "AES-CBC + Elephant Diffuser: A Disk Encryption
Encryption
Algorithm for Windows Vista" (PDF). Microsoft. Retrieved 2008-02-22.  ^ Ferguson, Niels (August 2006). "AES-CBC + Elephant diffuser: A Disk Encryption
Encryption
Algorithm for Windows Vista" (PDF). Retrieved 7 October 2016.  ^ a b Biddle, Peter (2004). "Next-Generation Secure Computing Base". Microsoft. Archived from the original (PPT) on August 27, 2006. Retrieved January 30, 2015.  ^ Thurrott, Paul (September 9, 2005). "Pre-PDC Exclusive: Windows Vista Product Editions". Supersite for Windows. Penton. Retrieved March 14, 2015.  ^ a b Microsoft
Microsoft
(April 22, 2005). "Secure Startup – Full Volume Encryption: Technical Overview" (DOC). Retrieved March 14, 2015.  ^ Microsoft
Microsoft
(April 21, 2005). "Secure Startup – Full Volume Encryption: Executive Overview" (DOC). Retrieved June 9, 2015.  ^ Hynes, Byron (June 2008). "Advances in BitLocker
BitLocker
Drive Encryption". TechNet Magazine. Microsoft. Retrieved 2008-07-18.  ^ "Description of BitLocker
BitLocker
To Go Reader". Microsoft. Retrieved 2013-09-07.  ^ "Enabling BitLocker
BitLocker
by Using the Command Line". TechNet. Microsoft. 2 November 2009.  ^ "Encrypted Hard Drive". TechNet. Microsoft. 23 August 2012.  ^ "Encrypted Hard Drive Device Guide". MSDN. Microsoft. 13 September 2011.  ^ " BitLocker
BitLocker
Cmdlets in Windows PowerShell". TechNet. Microsoft. Retrieved 12 December 2016.  ^ "Windows To Go: Frequently Asked Questions". TechNet. Microsoft. Retrieved 2016-10-07.  ^ a b "Device Encryption". Windows Mobile 6.5
Windows Mobile 6.5
Dev Center. Microsoft. 8 April 2010. Retrieved 6 July 2014.  ^ Cunningham, Andrew (17 October 2013). " Windows 8.1
Windows 8.1
includes seamless, automatic disk encryption—if your PC supports it". Ars Technica. Condé Nast. Retrieved 6 July 2014.  ^ a b " Help protect your files with device encryption". Windows Help portal. Microsoft. Archived from the original on May 2, 2016.  ^ Thurrott, Paul (June 4, 2013). "In Blue: Device Encryption". Paul Thurrott's SuperSite for Windows. Penton Media. Retrieved June 10, 2013.  ^ " BitLocker
BitLocker
Drive Encryption". Data Encryption
Encryption
Toolkit for Mobile PCs: Security Analysis. Microsoft. April 4, 2007. Retrieved 2007-09-05.  ^ "ProtectKeyWithTPM method of the Win32_EncryptableVolume class". MSDN Library. Microsoft. February 19, 2008. Retrieved 2008-07-18.  ^ "ProtectKeyWithTPMAndPIN method of the Win32_EncryptableVolume class". MSDN Library. Microsoft. February 19, 2008. Retrieved 2008-07-18.  ^ "ProtectKeyWithTPMAndPINAndStartupKey method of the Win32_EncryptableVolume class". MSDN Library. Microsoft. February 19, 2008. Retrieved 2008-07-18.  ^ "ProtectKeyWithTPMAndStartupKey method of the Win32_EncryptableVolume class". MSDN Library. Microsoft. February 19, 2008. Retrieved 2008-07-18.  ^ "ProtectKeyWithExternalKey method of the Win32_EncryptableVolume class". MSDN Library. Microsoft. February 19, 2008. Retrieved 2008-07-18.  ^ "ProtectKeyWithNumericalPassword method of the Win32_EncryptableVolume class". MSDN Library. Microsoft. February 19, 2008. Retrieved 2008-07-18.  ^ a b c " BitLocker
BitLocker
Drive Encryption
Encryption
in Windows 7: Frequently Asked Questions". TechNet. Microsoft. March 22, 2012.  ^ "Windows BitLocker
BitLocker
Drive Encryption
Encryption
Step-by-Step Guide". TechNet. Microsoft. April 30, 2007.  ^ "Description of the BitLocker
BitLocker
Drive Preparation Tool". Microsoft. September 7, 2007. Archived from the original on February 19, 2008.  ^ a b c Andrew, Bettany (2013). Exam Ref 70-687: Configuring Windows 8. Microsoft
Microsoft
Press. p. 307. ISBN 978-0-7356-7392-2. OCLC 851209981.  ^ Jerry, Honeycutt (2012). Introducing Windows 8: An overview for IT professionals. Microsoft. p. 121. ISBN 978-0-7356-7050-1. OCLC 819519777.  ^ Ou, George (June 8, 2007). "Prevent data theft with Windows Vista's Encrypted File
File
System (EFS) and BitLocker". TechRepublic. CBS Interactive.  ^ "Back-door nonsense". System Integrity Team Blog. Microsoft. March 2, 2006. Archived from the original on February 9, 2010.  ^ Stone-Lee, Ollie (February 16, 2006). "UK holds Microsoft
Microsoft
security talks". BBC. Retrieved 2009-06-12.  ^ Evers, Joris (March 3, 2006). "Microsoft: Vista won't get a backdoor". CNET. CBS Interactive. Retrieved 2008-05-01.  ^ Franceschi-Bicchierai, Lorenzo. "Did the FBI Lean On Microsoft
Microsoft
for Access to Its Encryption
Encryption
Software?". Mashable. Retrieved 2016-10-07.  ^ Thurrott, Paul (2015-06-10). "No Back Doors: Microsoft
Microsoft
Opens Windows Source Code to EU Governments – Petri". Petri. Retrieved 2016-10-07.  ^ Microsoft. "Shared Source Initiative". www.microsoft.com. Retrieved 2016-10-07.  ^ Byron, Hynes. "Keys to Protecting Data with BitLocker
BitLocker
Drive Encryption". TechNet Magazine. Microsoft. Retrieved 2007-08-21.  ^ a b Halderman, J. Alex; Schoen, Seth D.; Heninger, Nadia; Clarkson, William; Paul, William; Calandrino, Joseph A.; Feldman, Ariel J.; Appelbaum, Jacob; Felten, Edward W (February 21, 2008). Lest We Remember: Cold Boot Attacks on Encryption
Encryption
Keys (PDF) (Thesis). Princeton University. Archived from the original (PDF) on September 4, 2011.  ^ "Systems and methods for safely moving short term memory devices while preserving, protecting and examining their digital data". USPTO.gov. Retrieved 2017-04-01.  ^ "Blocking the SBP-2 driver and Thunderbolt controllers to reduce 1394 DMA and Thunderbolt DMA threats to BitLocker". Microsoft. March 4, 2011. Retrieved 2011-03-15.  ^ " BitLocker
BitLocker
Overview". technet.microsoft.com. Retrieved 2016-10-07.  ^ Rosendorf, Dan (May 23, 2013). "Bitlocker: A little about the internals and what changed in Windows 8" (PDF). Archived from the original (PDF) on May 22, 2016. Retrieved 7 October 2016.  ^ Lee, Micah (4 June 2015). " Microsoft
Microsoft
Gives Details About Its Controversial Disk Encryption". The Intercept. Retrieved 2016-10-07.  ^ " Microsoft
Microsoft
Security Bulletin MS15-122 – Important". Security TechCenter. Microsoft. 10 November 2015. Retrieved 12 November 2015.  ^ Goodin, Dan (16 October 2017). "Millions of high-security crypto keys crippled by newly discovered flaw". Ars Technica. Condé Nast.  ^ Busvine, Douglas (16 October 2017). " Infineon
Infineon
says has fixed encryption flaw found by researchers". Reuters. Retrieved 2017-10-20. 

External links[edit]

BitLocker
BitLocker
Drive Encryption
Encryption
Technical Overview Download BitLocker
BitLocker
Drive Preparation Tool Windows Hardware Developer Central BitLocker
BitLocker
Hub Page System Integrity Team Blog Attacking the BitLocker
BitLocker
Boot Process

v t e

Microsoft Windows
Microsoft Windows
components

Management tools

App Installer Command Prompt Control Panel

Applets

Device Manager Disk Cleanup Disk Defragmenter Driver Verifier Event Viewer IExpress Management Console Netsh Performance Monitor Recovery Console Resource Monitor Settings Sysprep System Configuration System File
File
Checker System Information System Policy Editor System Restore Task Manager Windows Error Reporting Windows Ink Windows Installer PowerShell Windows Update

Windows Insider

WinRE WMI

Apps

Alarms & Clock Calculator Calendar Camera Character Map Cortana Edge Fax and Scan Feedback Hub Get Help Groove Music Magnifier Mail Messaging Maps Media Player Movies & TV Mobility Center Money News Narrator Notepad OneDrive OneNote Paint Paint 3D People Phone Companion Photos Quick Assist Snipping Tool Speech Recognition Skype Sports Sticky Notes View 3D Store Tips Voice Recorder Wallet Weather Windows To Go Windows Story Remix WordPad Xbox

Shell

Action Center Aero AutoPlay AutoRun ClearType Explorer Search

Indexing Service IFilter Saved search Namespace Special
Special
folder

Start menu Taskbar Task View Windows Spotlight Windows XP
Windows XP
visual styles

Services

Service Control Manager BITS CLFS Multimedia Class Scheduler Shadow Copy Task Scheduler Error Reporting Wireless Zero Configuration

File
File
systems

CDFS DFS exFAT IFS FAT NTFS

Hard link Junction point Mount Point Reparse point Symbolic link TxF EFS

ReFS UDF

Server

Domains Active Directory DNS Group Policy Roaming user profiles Folder redirection Distributed Transaction Coordinator MSMQ Windows Media Services Rights Management Services IIS Remote Desktop Services WSUS SharePoint Network Access Protection PWS DFS Replication Remote Differential Compression Print Services for UNIX Remote Installation Services Windows Deployment Services System Resource Manager Hyper-V Server Core

Architecture

Architecture of Windows NT Startup process

NT Vista

CSRSS Desktop Window Manager Portable Executable

EXE DLL

Enhanced Write Filter Graphics Device Interface hal.dll I/O request packet Imaging Format Kernel Transaction Manager Library files Logical Disk Manager LSASS MinWin NTLDR Ntoskrnl.exe Object Manager Open XML Paper Specification Registry Resource Protection Security Account Manager Server Message Block Shadow Copy SMSS System Idle Process USER WHEA Win32 console Winlogon WinUSB

Security

Security and Maintenance BitLocker Data Execution Prevention Family Safety Kernel Patch Protection Mandatory Integrity Control Protected Media Path User Account Control User Interface Privilege Isolation Windows Defender Windows Firewall

Compatibility

COMMAND.COM Virtual DOS machine Windows on Windows WoW64 Windows Subsystem for Linux

API

Active Scripting

WSH VBScript JScript

COM

ActiveX ActiveX
ActiveX
Document COM Structured storage DCOM OLE OLE Automation Transaction Server

DirectX .NET Framework Universal Windows Platform Windows Mixed Reality Windows Runtime WinUSB

Games

Solitaire Collection

Discontinued

Games

3D Pinball Chess Titans FreeCell Hearts InkBall Hold 'Em Purble Place Reversi Spider Solitaire Solitaire Tinker

Apps

ActiveMovie Anytime Upgrade Address Book Backup and Restore Cardfile CardSpace Contacts Desktop Gadgets Diagnostics DriveSpace DVD Maker Easy Transfer Fax File
File
Manager Food & Drink Help and Support Center Health & Fitness HyperTerminal Internet Explorer Journal Media Center Meeting Space Messaging Messenger Mobile Device Center Movie Maker MSN Dial-up NetMeeting NTBackup Outlook Express Travel Photo Gallery Photo Viewer Program Manager Steps Recorder WinHelp Write

Others

ScanDisk File
File
Protection Media Control Interface Next-Generation Secure Computing Base POSIX subsystem Interix Video for Windows Windows SideShow Windows Services for UNIX Windows System Assessment Tool WinFS

Spun off to Microsoft
Microsoft
Store

DVD Player Hover! M

.