Your data is safer on a Mac
Ok, so I'm using a dash of hyperbole in the title of this post, but Simson Garfinkel (writing for Computerworld) does recommend Apple portables based on security functionality alone. He highlights Filevault, secure virtual memory, and secure empty trash as the features of OS X that make Apple portables so secure. Sure, as he points out, one can get Windows up to this level of security (Lenovo does include similar utilities with their ThinkPads) but not without tinkering with Windows. OS X has it all built right in.The one thing that Simson would like to see Apple do? Enable all of these features by default.
How many folks out there are using a combo of these features on their Macs?
Share
Categories
Ok, so I'm using a dash of hyperbole in the title of this post, but Simson Garfinkel (writing for Computerworld) does recommend Apple...
Add a Comment
I use FileVault for two user accounts, and although I've been pretty happy with it, I recently had a problem with one user account where something went bad with the encrypted file. I couldn't back up the file, and I couldn't unencrypt it (althoug the user account seemed to be working fine). I ended up having to back up the individual files, delete the account, and recreate it.
My other gripe with file vault is the prompt (when logging out) to create more space. It takes a while for this prompt to appear, so if I select "shut down" and walk away from my computer before the dialog box appears, it will just sit there for days waiting for me to make a choice. There should be a feature to automatically do something after so many seconds (like when you choose to log out). I'm tired of taking so many steps to log out of my computer.
I also forgot to mention I keep an encrypted sparse image for sensitive data. One interesting point is I also keep a portable Camino on that image which I use for online banking and alike. This way what ever gets cached (I mean anything from history to, well, cache) beyond what is already disabled will get cached on an encrypted disk anyway.
September 21 2006 at 6:34 AM Report abuse Permalink rate up rate down ReplyI use secure delete all the time - I have a key bound to it -, and even have scripts running on most of my machines to securely erase the free space once a week. I also like doing it on my USB key. As far as FileVault is involved, I haven't jumped the boat yet. Mostly for the space it requires (but you guys are saying that this space is given back upon logout? All of it?). As for encrypted VM, well I like the idea. Albeit it seems to me that VM is already a big enough trade off between power and speed for it to be worthwhile. Maybe I'm wrong though, I haven't looked that deep into the process, but using VM alone takes a HUGE amount of processing (thus time/speed) just by having to copy stuff back and forth from the memory.
Re #17 Mark D: have a look at diskutil's erase freespace options for multipass (not Leeloo's multipass ;D) or at the CLI equivalent "diskutil secureErase"
FileVault seems to be a good idea and in fact I am using it on many different PowerBooks and MacBooks I set up in the past.
Unfortunately two of them seem to have crashed while shutting down which resulted in a corrupt sparseimage and guess what? Of course the user's backup was quite a few days old...
So you might want to encrypt your data but keep in mind that there's a PITA when the sparseimage file of your home directory becomes corrupt.
> there should be a way to limit FileVault's scope during setup
Agreed, just like Spotlight's "Privacy" list.
But you can achieve something like this: FileVault only encrypts from the home folder level down, so if you have info above this it will not be encrypted.
So, you could have say,
Macintosh HD
...| Applications [NOT encrypted]
...| Developer [NOT encrypted]
...| Library [system's library that is, NOT encrypted]
...| MyMusic [custom folder YOU can create]
........| iTunes Music Library etc [NOT encrypted]
...| Parallels [custom folder YOU can create and redirect Parallels to use, NOT encrypted]
...| System [not encrypted, but not to be used anyway]
...| Users
........| yourusername [EVERYTHING ENCRYPTED]
...| Video [custom folder YOU can create]
........| DVD images [NOT encrypted]
........| iMovie projects etc [NOT encrypted]
So, if there's stuff you don't want encrypted, keep it out of your user folder and it will neither take extra space or give a speed penalty.
(Bear in mind that if you don't use the standard ~/Library/Parallels folder for your Windows images, the contents of that OS will not be secure. However, I never trust anything confidential to Windows anyway!)
Just a tip.
No way would I trust file vault. Puts everything into one single encrypted file. How often have we had a single file get corrupted? Good-bye, life's work.
September 20 2006 at 9:42 PM Report abuse Permalink rate up rate down Replydoes anyone know of a program the will just encrypt certain files and not the whole drive kinda like truecrypt(i heard they were gonna make a mac version but they must still be working on it because i cant find it). Thanks for any help!
September 20 2006 at 8:43 PM Report abuse Permalink rate up rate down Replyyep, eats some GBs, but it saves you from a terrible disaster I once suffered on an MS-DOS system, and, after a week, on Win98 - a boot virus was extremely vital, so I had to format and repartitrion my HDD several times... so now i prefer secure systems!
September 20 2006 at 8:33 PM Report abuse Permalink rate up rate down ReplyI use secure empty trash for some business-related things, but FileVault just scares me. I've already had to trash two or three keychains because I forgot the I'll-never-forget-it this-time-for-sure password.
September 20 2006 at 7:53 PM Report abuse Permalink rate up rate down ReplyI'm staying far away from FileVault in its current implementation.
By default it unnecessarily encrypted my whole 30GB iTunes library (yes I realize some people want their whole mp3 collection encrypted, but there should be a way to limit FileVault's scope during setup) and subsequently ate all my files because the computer was missing some key part of FileVault during booting up some day...
Hot Apps on TUAW
Deals of the Day
more deals- Used Apple iMac 17" Core 2 Duo 1.83GHz for $430 + $28 s&h
- Lounge Deluxe Stand for iPhone / iPod touch for $28 + $8 s&h
- Brookstone Surround-Sound Earbuds for $14 + $7 s&h
- Refurbished Skullcandy Tokidoki Smokin' Buds Mic'd Headset for $5 + $2 s&h
- Stitchway Backup Battery for iPod / iPhone for $5 + free shipping
- Used Apple MacBook Pro 2.4GHz 15" LED Laptop for $1,030 + $29 s&h
Software Updates
more updates- EFI Firmware Update brings Lion Internet Recovery to 2010-model Macs
- OS X Lion 10.7.3 released with Safari 5.1.3, Wi-Fi bug fix
- Aperture updated to 3.2.2, addresses Photo Stream issue
- Apple updates Keynote to address Lion issues
- Google Search app gets new look on iPad
- Apple releases Apple TV Software Update 4.4.3



27 Comments