Filed under: Analysis / Opinion, Portables, Apple, Security
Your data is safer on a Mac
Ok, so I'm using a dash of hyperbole in the title of this post, but Simson Garfinkel (writing for Computerworld) does recommend Apple portables based on security functionality alone. He highlights Filevault, secure virtual memory, and secure empty trash as the features of OS X that make Apple portables so secure. Sure, as he points out, one can get Windows up to this level of security (Lenovo does include similar utilities with their ThinkPads) but not without tinkering with Windows. OS X has it all built right in.The one thing that Simson would like to see Apple do? Enable all of these features by default.
How many folks out there are using a combo of these features on their Macs?
![TUAW [Cafepress]](http://www.blogsmithmedia.com/www.tuaw.com/media/tuaw-cafepress-promo.png)
Reader Comments (Page 1 of 2)
Jon said 4:42PM on 9-20-2006
I can't see them switching FileVault by default. It uses loads of space. I switched it off and saved 30 GB.
Reply
rob said 5:06PM on 9-20-2006
It's Lenovo.
Reply
randy said 5:12PM on 9-20-2006
I use FileVault and occasionally Secure Empty Trash. Yes, FileVault takes up more space, especially if you're constantly creating and deleting files. However, when you log out, the system should release the used up space and resize your secured home folder (which I believe is nothing more than an encrypted disk image). I can't see FileVault taking up 30GB of space... did you ever log out after deleting all that pr0n? ;)
Reply
avixe said 5:17PM on 9-20-2006
I have FileVault turned on on my work powerbook, and it does seem to work, releasing the extra space upon logout as a previous poster noted. Seems to suffer from an irritating feature, though: about once a week my FV account forgets *all* of my program defaults, e.g. "Would you like to make Safari your default browser?" "Would you like to make NetNewsWire your default RSS reader?" etc. Kind of unsettling.
(Also, the encrypted drive image takes up 20GB, so SuperDuper's Smart Backup isn't very useful when it needs to copy the whole drive image every day. But oh well.)
Reply
Gandhi said 5:30PM on 9-20-2006
Recent switcher here (less then a week, actually). Last Mac I used was 15 years ago when I was in 9th grade. There are so many features and software to OS X that I have not explored most, if not all, of them. I saw filevault and secure empty trash, but have not had the chance of messing around with them. Still busy transferring over my word, ppt and xcel files from the windoze machine.
The thing that blows me away the most - program install/uninstall.
Reply
Scott La Plant said 5:26PM on 9-20-2006
Because of the nature of my work, I use these features - they're mandated by one of my clients. I agree with one poster who noted that FV seems to forget user preferences, however mine isn't once a week - it's more like once a month, but it only seems to affect Safari and Net News Wire so it's not too big a deal for me. The security is!
Reply
Kasei said 5:29PM on 9-20-2006
I've been using FileVault since the day I turned my PowerBook on. It work fines for me and yes it does reclaim used space when the user logs out. I've only experienced one problem with FileVault. You cannot run FinalDraft's latest version with FileVault turned on.
I was using secure virtual memory, but experienced a lot of files being swapped and saw a major slow down in my systems performance. I only turn it on when I have to run through an airport or visit a client on site.
Reply
Kasei said 5:30PM on 9-20-2006
I've been using FileVault since the day I turned my PowerBook on. It works fine for me and yes it does reclaim used space when the user logs out. I've only experienced one problem with FileVault. You cannot run FinalDraft's latest version with FileVault turned on.
I was using secure virtual memory, but experienced a lot of files being swapped and saw a major slow down in my systems performance. I only turn it on when I have to run through an airport or visit a client on site.
Reply
Patrick Cheung said 5:34PM on 9-20-2006
I know it is safe in the sense of keeping files inaccessible by others... it's just that some files are not even accessible my me sometimes. What I am saying is that two times when I copy/move files around, some folders gone missing. Of course my friends say it's me who did something wrong but what better things are there in the world to blame than computers? :) Seriously I believe Mac OS X has a solid foundation but Finder is definitely not. I think my data is not that safe... in the sense of avoiding data loss.
Reply
Jon said 5:34PM on 9-20-2006
It would always ask me if I wanted to reclaim space and if I clicked yes, it would show a blank screen for AGES. I'm not sure that it was actually doing anything. In the end, I gave up and stopped clicking "yes".
Reply
George said 5:47PM on 9-20-2006
The biggest problem with FileVault accounts is that Migration Assistant won't work with them. Hope Apple fixes that issue asap (Leopard). It should ask for your password and there you go.
Reply
Deacon Nikolai said 5:54PM on 9-20-2006
DileVault had eatten all on my data more than once on various machines. NO THANK YOU!
Reply
Chris W. said 6:37PM on 9-20-2006
Sorry I can't say that I'm thrilled with Apple's implementation of FileVault. I tried using it for my home folder's security, since I had some important financial info in there. Yes, I'll admit I'm a slacker when it comes to backup, and I only backed up really important projects, but I was unprepared for the mess it made of my home folder. I won't go into details, but you can read it on my blog. It was great for a few days, though!
However, I love the alternative I found; creating a secure disk image with Disk Utility and putting sensitive info in there instead. Also, I love looking at the Console logs and seeing all the attempted break-ins to my system. Not one hacker or adware/malware site could get in. I'm a contently secure user!
I only hope Apple makes FileVault-ed info more stable, maybe even options to only secure selected folders. This would go a long way to restoring my confidence in FileVault.
Reply
Iain Foulds said 6:00PM on 9-20-2006
Another issue with FileVault that will probably keep it turned off by default for ever and a day is the requirement for a master password on top of the standard account password. Even if you forget one password, it's a chew on to reset one password, reset permissions on files, etc. and most users probably have auto-login with no password on their user account as, by and large, users are crap at remembering passwords. Anyone working in IT support will know that! Imagine Joe Public needing to set 2 passwords and having to jump through hoops to reclaim their files back when they forget!
That said, secure virtual memory could be on by default without *too* many issues, though secure delete might cause problems, again, with Joe Public accidentally deleting files and being unable to recover them.
Reply
Don Wilson said 6:03PM on 9-20-2006
"Apple portables based on security functionality alone."
Haha, because if he focused on the batteries as well, it wouldn't exactly be the same result now would it? :)
Reply
Nick said 6:29PM on 9-20-2006
Off-topic: I first read "Simson Garfinkel" as "Simon [and] Garfunkel". o_O
Reply
Mark D. said 7:07PM on 9-20-2006
I haven't much had a need for most of the built-in security features, but secure deleting is something I use. It was a feature I was ignorant about until I was waiting in the Apple Store about a year ago (before I bought my MBP) and saw it on the screen above the Genius Bar. I always had a copy of BCWipe on my Windows systems, so this was something nice to see standard in OS X. I wish you could add custom pass numbers, or make it part of the normal file conext menu (features I grew acustomed to with BCWipe), though that would be a bit above the normal user's needs, not to mention probably lead to accidental deletions.
Reply
Torsten said 7:25PM on 9-20-2006
I'm staying far away from FileVault in its current implementation.
By default it unnecessarily encrypted my whole 30GB iTunes library (yes I realize some people want their whole mp3 collection encrypted, but there should be a way to limit FileVault's scope during setup) and subsequently ate all my files because the computer was missing some key part of FileVault during booting up some day...
Reply
Shig the Unmentionable said 8:01PM on 9-20-2006
I use secure empty trash for some business-related things, but FileVault just scares me. I've already had to trash two or three keychains because I forgot the I'll-never-forget-it this-time-for-sure password.
Reply
hunter said 8:35PM on 9-20-2006
yep, eats some GBs, but it saves you from a terrible disaster I once suffered on an MS-DOS system, and, after a week, on Win98 - a boot virus was extremely vital, so I had to format and repartitrion my HDD several times... so now i prefer secure systems!
Reply