ThinkVantage - should it stay or should it go?

After considerable ordeal, I've just been returned my Thinkpad T61P as it was when purchased - i.e. Vista & factory preload. I was considering taking this opportunity to upgrade to a 64 bit OS & have read several posts here & elsewhere about "clean installs" - many of which specifically target the removal of ThinkVantage applications. However, events of the very recent past have persuaded me that not all ThinkVantage software is worthy of the label "bloatware" - some of it is very functional (e.g. rescue & recovery has saved my butt more than once). Which leads me to seek your opinions:

Which programs in the "ThinkVantage" & "Productivity Center" clusters do you think worth keeping (even on a lean clean machine) & which do you think a waste of space & boot time?

 

I personally only use drive protection, power manager, system toolbox and ultranav. I have no use for the others.

 

After a lot of reading & experimentation, I'm pretty convinced that most of the ThinkVantage utilities are now duplications of what is offered in Windows (certainly Vista) & have decided to do without Maintainence Manager, Access Connections & Productivity Center.

I am still a little confused about the Eject Utility though - is it necessary? My understanding is that it allows a running thinkpad to be ejected from its dock (as well as ejecting swappable drives) - can this be achieved any other way through Windows?

 

i only use power manager... and thats only to set battery thresholds.

i honestly dont need anything else at all except for the coasting feature in ultranav.

 

The most important feature of Thinkvantage solutions is security.

Lenovo (or anyone else for that matter) won't tell you about it; you'll have to look for it.

Thinkvantage security solutions make for the "safest notebooks on the planet".
What this means is that using proper applications; you can "lock" a notebook pc-for good.

If you download IBM's security solution (IBM not Lenovo) you'll be able to install a host of security features on pc's that feature the hardware encryption chip (upper right corner of the keyboard).
Once you install even the simplest password here, no-one and I mean no-one, not even Lenovo will be able to recover your system.
The odd thing is that these features not only lock your primary and or 2ndary
hdd's; they lock the entire system;
You'll have no use for the machine's parts; unless you actually detach them one by one; ex: remove the CPU; the fans....lol.

Everything else regarding the Thinkvantage idea is of secondary importance;
therefore; if you have no use for security; you could perhaps dispense with it. However; that partition does come in handy-no cd's to play with during recovery.

 

Access connections is actually handy if you are in multiple areas repeatedly and want specific wifi/wired connection settings and printers to go along with it.

 

Is that the same as ThinkVantage Client Security Solution? If you take out the hdd and put it in another computer or external enclosure the data is unreadable? What happens if your motherboard/TPM chip breaks, how do you read the data off the "locked" hdd? Does ThinkVantage Client Security Solution use full drive encryption or it just locks it to a specific computer? Is this encryption optional? Could I just use CSS to lock the computer from booting with a fingerprint without using encryption? Also, is the CSS encryption hardware-assisted by the TPM chip? So would encrypting/decrypting be faster than TrueCrypt? I would prefer to use TrueCrypt which I have been using on all my computers. Seems like it's the safer option if the computer dies, you can still get your data back on another computer.

 

First: Paragraphs are your friend.

The Client Security Solution is independent of the IBM software. Client Security solution is primarily used for storing sub passwords for applications/websites and recovering them with either a master password or biometric sensor.

I would think if your MOBO/TPM gets toasted then you may be in a world of hurt as each TPM is unique and its keys are not recoverable.

The TPM does NOT encrypt the entire drive. It is able to restrict access to components as well as store a small amount of data (e.g. an array of password strings) in its own heavily encrypted area (a physical chip on the MOBO). This answer invalidates your next few questions.

A TPM stored HDD access password would certainly be faster than TrueCrypt volume encryption, but it would be far less secure (the data is still there, so someone with the right equipment could recover it).

I recommend TrueCrypt wholeheartedly if you want something secure, free, flexible, and portable. The only downside of TrueCrypt is the moderate performance hit (only a problem on applications that are BOTH disk and CPU intensive).

 

jonlumpkin, thanks for answering my question, and sorry about the single paragraph thing

I was thinking of using TPM to lock the hdd to only boot on my hardware in addition to using TrueCrypt on a data partition (not the system partition). This is what I've been doing on my current laptop. This way, if my laptop is unattended for some reason, an imposter cannot take my hdd out, install some malware using another computer, then install my hdd back in. Either way my documents are still encrypted in another partition and safe. And the windows partition will retain its integrity and will not suffer from an encryption/decryption overhead.

Can the fingerprint AND password be used to boot the computer as two-factor authentication? and not just used for windows login?

So I can use TPM for locking hdd on boot without installing CSS? Because I would prefer not to install CSS if I could, but still be able to use fingerprint to let the system load the OS. I do not need the password recovery feature of CSS because I use KeePass to manage my passwords.

 

Yes, the ThinkVantage Fingerprint software along with the TPM will even do a "three-factor" authentication - Power On + Hard Drive + Windows Login. ALL from one swipe of your finger.

As jonlumpkin said, all CSS does for the individual user is provide a secure repository for passwords you use after Windows Login - web sites etc. You don't need it.

 

Is that the same as ThinkVantage Client Security Solution? If you take out the hdd and put it in another computer or external enclosure the data is unreadable? What happens if your motherboard/TPM chip breaks, how do you read the data off the "locked" hdd? Does ThinkVantage Client Security Solution use full drive encryption or it just locks it to a specific computer? Is this encryption optional? Could I just use CSS to lock the computer from booting with a fingerprint without using encryption? Also, is the CSS encryption hardware-assisted by the TPM chip? So would encrypting/decrypting be faster than TrueCrypt? I would prefer to use TrueCrypt which I have been using on all my computers. Seems like it's the safer option if the computer dies, you can still get your data back on another computer.
---------------------------------------------------------------------
If you take out the hdd and install it on another computer, after you've set BIOS passwords on it via the Lenovo machine, your other pc will either:
Not recognize the primary partition on the drive or, it won't recognize the hdd at all-not even as non-initialized.

You can in fact unlock the hdd from another Lenovo machine; the TPM regards the computer itself; access to all components; however the password installed can be read by other (TPM-featuring) machines.

The trick is not storing your personal data on the primary hdd.
Instead, use a 2nd hdd; either in the machine's internal 2nd bay (Ex: W700)
or via the Ultrabay device (you'll need a hdd adapter) or via an external hdd (ex: USB). Then, encrypt your secondary hdd via another program-NOT LENOVO'S TPM. This way, should something happen to the machine, you can always access your data from another pc and not have to wait forever to either fix the original machine or buy another Lenovo.
Remember: It' s usually better to use the primamy hdd for the O.S. and storing your data on a 2nd hdd; because this way, programs impose lighter loads on the primary hdd-hence more speed & less problems.

There's yet another, better encryption program than Truecrypt and better than Lenovo's S.Adv. solution.
Unfortunately, I got an infraction from notebookreview.com yesterday already and I can't I'm afraid of posting the name of the company here.
The reason for that is that 5 years ago, the creator of that software was prosecuted by the Feds (US) for creating what they deemed as "Weaponry".
Meaning that encryption programs may in fact be very, very illegal in the US.
Mere possession of some can in fact land you in jail.
Nevertheless; Google will show you the top 3.
Just remember; any "pass" over 28 times becomes geometrically void (meaning that an encryption pass over those times is a case of vastly diminished returns) & that any EAS algorithm over 256 in size should be worth its money.
Just imagine that until 1998, IBM created the encryption software for 72% of the world's ATM machines, which were using 128 bit encryption...
So, if your personal data is safer (exponentially more than 2* 128bit @ Eas 256 bit); it'll be harder for someone to break it open than say, opening an ATM code...

 

That's okay I will use TPM and lock the hdd in addition to using TrueCrypt to encrypt a single data partition for my documents. This will ensure there is no overhead for basic system tasks, and I get the safety of having my things that matter, my data, being encrypted. I do periodic backups of my data onto external media, so I would take the risk that if the mobo or TPM fails I still have backups.

BTW how did you get an infraction? It all sounds so hush hush. Isn't having encryption tools allowed in the US?

 

It will be interesting to see the effects on the end-user with the end of the ThinkVantage button functionality ( see here).

I personally do a clean install and only use the Fingerprint Software, Power Manager and I used to use the Access Connections when I traveled a lot since Vista's wireless solution can be less than stellar at times.

I suppose they will have to put something else in the buttons place, this might mean a reliance on native drivers to keep the laptop up and running. I know things such as sound, trackpoint, and even the light work without a hitch on a clean install.

 

Lenovo if you are reading this: Bring back TVSU!

 

It is doubtful they bring it back. I do not have any experience in expenses in regards to computing firms, but in regards to just simple economics, it I am able to cut the expenses of a service and put the burden onto others without any major consequence, than I don't see why not.

In this case, it looks like it will be easier to create future notebooks that rely on the part manufacturers for updates, the alleviates the burden of Lenovo having to constantly do the updating. Another plus is that the updates may become mainstream and be integrated into future Windows updates and so forth. The bad news is that if the updates are slow to come or don't come at all or the implementation is not rock solid, it paints a literal scarlet letter onto the Lenovo brand which of course loses its value to the end-user.

The other negative is if there is no comparable value-added feature to offset this loss, the current price point will be inflated and the laptop will need to be devaluated. No need of paying ThinkPad prices if I'm not getting ThinkPad features right? If you skim on this, what else did you skim on?

Thank goodness I'm not in the market for a laptop for another year or so.

 

I agree that it's not likely Lenovo will bring that back. Lenovo, though, still does a much better job than most OEMs out there at releasing new bug-fixed drivers and updates, and has an easy-to-use website for getting those updates.

The problem with relying on hardware manufacturers for drivers, however, is that there is no customization for particular laptops at all. Features such as the switchable graphics in the T400/500 and W500 would not be implemented well, or at all.