Yes, any laptop without an encrypted storage drive will have its data accessible by someone booting from a live USB.

It really is a massive vulnerability, but it's not well known because so few people even understand the concept of a 'live USB' to make it a widespread threat or concern.

So yeah, if you're ever in possession of a Windows machine that doesn't have an encrypted disk, you can view the users' files without knowing their password via a live USB.

It's also not limited to laptops.

This is not that big of a deal most of the time, since you are the only person interacting with your computer, but it's worth remembering when you decide to recycle or donate -- you have to securely wipe in that case. Also bear in mind, if you do encrypt your drive, there are now more possibilities for total data loss.

Oh, fun fact: you can change a users windows password inside Linux. Comes in handy for recovery, ie, user forgot their password.

I'm happy that you're on a journey of discovery. This is not an insult. The word is partition. Someone corrected me on the spelling of something last night. We all make mistakes.

(especially with reference to a country with separate areas of government) the action or state of dividing or being divided into parts.

And this is why we say physical access is root access.

Modern windows machines will be installed with bitlocker (full disk encryption). With manual installs it might not be.

Same in Linux. No disk encryption and everything is easy accessible if you have physical access.

Anon discovers computers

I thought BitLocker was enabled by default on Windows 11, which is a terrible idea imo. Full disk encryption by default makes sense in professional settings, but not for the average users who have no clue that they'll lose all their data if they lose the key. If I had a penny for every Windows user who didn't understand the BitLocker message and saved the key on their encrypted drive, I'd have a lot of pennies. At the very least it should be prompted to give the user a choice.

While booting off of the usb I could access all the data on my laptop without having to input a password.

This is entirely expected behavior. You didn't encrypt your drive, so of course that data is available if you sidestep windows login protections. Check out Bitlocker for drive encryption.

Windows does support encrypted drives with Bitlocker, unfortunately Bitlocker's default settings leave it vulnerable to many different attacks.

It's the same situation with Linux just a simple login only has very basic protection you need to encrypt your disk if you want to make sure no one can read it.

I'm sure there are people aware but for the laymen this is such a massive vulnerability.

This is only a vulnerability if you suspect a threat actor might physically access your computer. For most people, this is not a concern. There's also the issue that it has processing overhead, so it might make certain operations feel sluggish.

Encryption is not a panacea, because if someone ever forgets their password (something common for the layperson), the data on that drive is inaccessible. No chance for recovery. Certain types of software may not like it either. It's one of many considerations someone should make when determining their own threat model, but this is not a security flaw. It's an option for consideration, and most people are probably better off from a useability standpoint with encryption disabled by default.

bookable Mint Cinamon USB stick

Does book still mean cool?

so how is this not the default case in Windows?

It actually is now

How old is your laptop? Pretty much every Windows machine I've ever owned after a certain year requires you to type in your Bitlocker key, including my first-gen Surface Go from 2018.

Also, you often have to manually set up encryption on most Linux installs as well - I did it for my Thinkpad. I need to do it for my desktop as well - I should probably do a reinstall, but I'm thinking of backing everything up and trying to do it in-place just for fun. On top of that, we can finally transition to btrfs.

Yep! They don't teach this stuff because consumer level cyber security is in the absolute pits of despair and moreover, they're trying to do away with what little we have access to. Governments and police agencies like how easy it is to access files.

Personally I don't bother with full disk encryption (FDE) since I don't really have anything private on my main computer. Just a bunch of game files, comics, movies, etc. Anything extremely important such as tax documents, personal data, etc. is honestly very small and I keep in a little Proton Drive folder, <1GB total. I think the best approach is to simply educate yourself and be aware of what's worth protecting and how best to protect that. Just enabling FDE and thinking you're safe ignores all the other avenues that personal data can be stolen.

My current pet conspiracy theory is that FDE with BitLocker isn't even worth it on Windows due to the TPM requirement. Why is that a bad thing? Your system probably has fTPM supported by the BIOS, why not just enable that?

https://techcommunity.microsoft.com/blog/windows-itpro-blog/tpm-2-0-%E2%80%93-a-necessity-for-a-secure-and-future-proof-windows-11/4339066

Integrating with features like Secure Boot and Windows Hello for Business, TPM 2.0 enhances security by ensuring that only verified software is executed and protecting confidential details.

https://ieeexplore.ieee.org/document/5283799 (I don't believe we'll see this EXACT implementation of DRM, I'm just providing an example of TPM being used for DRM and that these ideas have been in consideration since at least 2009).

Now, if I were Microsoft and I wanted to exert an excessive amount of control over your system by making sure you couldn't run any inauthentic or "pirated" software to bring it more inline with the walled garden Apple approach they've been salivating over for the past decade+, you'd first need to ensure you had a good baseline enabled. You know, kind of like the thing you'd do by forcing everyone into an OS upgrade and trashing a lot of old hardware.

It won't be instantaneous, I don't know exactly how or what it's going to look like when they start tightening their grip. Again, this is all speculation, but it's not hard to connect the dots and their behavior over the past couple years does not give them the benefit of the doubt. Microsoft is no longer a company that can be assumed to be acting in the best interest of the average consumer, they're not doing this for your security. They want to know that your computer is a "trusted platform".

EDIT: Further lunatic conspiracy theories: BitLocker is/will be backdoored so Microsoft forcing you into that ecosystem further guarantees they have access to your system. This all stinks to me, like your landlord telling you how you can arrange the furniture in your own apartment.

Yup. You'll need to tkinker with Linux too if you want disk encryption. At the very least, set a BIOS password.

I still remember years ago one time windows fucked itself and god knows why I couldn't fix it even with USB recovery or stuff like that (long time ago, I don't remember).

Since I couldn't boot into recovery mode the easiest way to backup my stuff to a connected external drive was "open notepad from the command line -> use the GUI send to.. command to send the files to the external drive -> wait and profit" lol.

Good practice is putting anything important on an encrypted USB drive (as that stuff usually isn't very big), and just treating the machine as "kinda insecure"

If you set up a BIOS password, someone at least needs to unscrew your computer to get stuff. But this is generally not setup because people, well, forget their passwords...