I heavily use both and this is objectively untrue.

I don’t deal with hardware much anymore, but I’d take Aruba over Cisco any day. But for everything else, yeah fuck HP.

And what about taking a nice drive down Jean Baptiste Pointe du Sable Lake Shore Drive?

Microsoft uses TPM PCRs 7+11 for BitLocker which is more secure than the Linux implementations mentioned in the article.

PCR 7 is the Secure Boot measurement which means it can’t be unlocked unless every signed boot component has not been tampered with up to the point of unlock by the EFI bootloader. PCR 11 is simply flipped from a 0 to a 1 by the bootloader to protect the keys from being extracted in user land from an already booted system.

The article is correct that most Linux implementations blindly following these kinds of “guides” are not secure. Without additional PCRs, specifically 8 and 9 measuring the grub commands (no single-user bypass) and initrd (which is usually on an unencrypted partition), it is trivial to bypass. But the downside of using these additional PCRs is that you need to manually unlock with a LUKS2 password and reseal the keys in TPM whenever the kernel and or initrd updates.

Of course to be really secure, you want to require a PIN in addition to TPM to unlock the disk under any OS. But Microsoft’s TPM-only implementation is fairly secure with only a few advanced vulnerabilities such as LogoFAIL and cold boot attacks.

Linux on enterprise user endpoints is an insane proposition for most organizations.

You clearly have no experience managing thousands of endpoints securely.

Looks like they found someone.

I’d be careful about completely trusting any AV to give you any certainty that you aren’t infected.

As I mentioned in another comment, Pegasus is comprised of many different exploits. So just because Bitdefender can detect some older Pegasus variants, doesn’t mean it can detect all of them.

In fact it’s quite unlikely they can detect the latest variants.

I don’t know the full answer, but Pegasus isn’t one single piece of spyware, but rather a toolkit of many, many zero-day exploits.

A lot of them (the majority maybe?) are non-persistent meaning that they don’t survive a reboot.

That said, aside from keeping your phone up to date with security patches and rebooting frequently, I’m not sure there’s much the average person can do if you’re actively being targeted.

Yeah Win11 will probably be a noticeable performance hit on that. Especially Explorer which they made dog slow when adding tabs and the new context menu.

The Office apps and browser will probably be about the same.

I’m running Windows 11 on a 12 year old X79 platform. Runs just fine.

But it was definitely top of the line in its day and 48GB of RAM keeps any system relatively snappy.

Did you have to install an app called Company Portal or Intune? If no, then they probably don’t have access to your device, except for possibly being able to selectively wipe school data. They could also be using another MDM solution like Airwatch, but again, you would have had to have installed something (and unlikely, since universities get massive discounts on Microsoft licensing).

Even if you do have Company Portal, it doesn’t necessarily mean it’s managed as it’s still used to broker communication and authentication between Office apps on Android. The app itself would be able to tell you if the device is managed.

And as the other poster mentioned, if they had you install a root certificate for the university they can intercept and inspect HTTPS traffic from your device while on their network. But that still doesn’t give them access to the data-at-rest on your device.

The rootkit is easy enough to turn off in the BIOS but I highly, highly recommend G-Helper instead of Armoury Crate.

Moving to it from AC is like leaving a prison cell full of screaming children and entering a calm beach.

Oh yeah. They all do/will. But they are still better firewalls than ASAs.

ASAs are still way more prevalent than they should be when Palo Alto and others are much better options. Still, I’m glad I barely have to deal with them any more.