Your data is safer on a Mac

I use FileVault for two user accounts, and although I've been pretty happy with it, I recently had a problem with one user account where something went bad with the encrypted file. I couldn't back up the file, and I couldn't unencrypt it (althoug the user account seemed to be working fine). I ended up having to back up the individual files, delete the account, and recreate it.

My other gripe with file vault is the prompt (when logging out) to create more space. It takes a while for this prompt to appear, so if I select "shut down" and walk away from my computer before the dialog box appears, it will just sit there for days waiting for me to make a choice. There should be a feature to automatically do something after so many seconds (like when you choose to log out). I'm tired of taking so many steps to log out of my computer.

I also forgot to mention I keep an encrypted sparse image for sensitive data. One interesting point is I also keep a portable Camino on that image which I use for online banking and alike. This way what ever gets cached (I mean anything from history to, well, cache) beyond what is already disabled will get cached on an encrypted disk anyway.

I use secure delete all the time - I have a key bound to it -, and even have scripts running on most of my machines to securely erase the free space once a week. I also like doing it on my USB key. As far as FileVault is involved, I haven't jumped the boat yet. Mostly for the space it requires (but you guys are saying that this space is given back upon logout? All of it?). As for encrypted VM, well I like the idea. Albeit it seems to me that VM is already a big enough trade off between power and speed for it to be worthwhile. Maybe I'm wrong though, I haven't looked that deep into the process, but using VM alone takes a HUGE amount of processing (thus time/speed) just by having to copy stuff back and forth from the memory.

Re #17 Mark D: have a look at diskutil's erase freespace options for multipass (not Leeloo's multipass ;D) or at the CLI equivalent "diskutil secureErase"

FileVault seems to be a good idea and in fact I am using it on many different PowerBooks and MacBooks I set up in the past.

Unfortunately two of them seem to have crashed while shutting down which resulted in a corrupt sparseimage and guess what? Of course the user's backup was quite a few days old...

So you might want to encrypt your data but keep in mind that there's a PITA when the sparseimage file of your home directory becomes corrupt.

> there should be a way to limit FileVault's scope during setup

Agreed, just like Spotlight's "Privacy" list.

But you can achieve something like this: FileVault only encrypts from the home folder level down, so if you have info above this it will not be encrypted.

So, you could have say,

Macintosh HD
...| Applications [NOT encrypted]
...| Developer [NOT encrypted]
...| Library [system's library that is, NOT encrypted]
...| MyMusic [custom folder YOU can create]
........| iTunes Music Library etc [NOT encrypted]
...| Parallels [custom folder YOU can create and redirect Parallels to use, NOT encrypted]
...| System [not encrypted, but not to be used anyway]
...| Users
........| yourusername [EVERYTHING ENCRYPTED]
...| Video [custom folder YOU can create]
........| DVD images [NOT encrypted]
........| iMovie projects etc [NOT encrypted]

So, if there's stuff you don't want encrypted, keep it out of your user folder and it will neither take extra space or give a speed penalty.

(Bear in mind that if you don't use the standard ~/Library/Parallels folder for your Windows images, the contents of that OS will not be secure. However, I never trust anything confidential to Windows anyway!)

Just a tip.

No way would I trust file vault. Puts everything into one single encrypted file. How often have we had a single file get corrupted? Good-bye, life's work.

does anyone know of a program the will just encrypt certain files and not the whole drive kinda like truecrypt(i heard they were gonna make a mac version but they must still be working on it because i cant find it). Thanks for any help!

yep, eats some GBs, but it saves you from a terrible disaster I once suffered on an MS-DOS system, and, after a week, on Win98 - a boot virus was extremely vital, so I had to format and repartitrion my HDD several times... so now i prefer secure systems!

I use secure empty trash for some business-related things, but FileVault just scares me. I've already had to trash two or three keychains because I forgot the I'll-never-forget-it this-time-for-sure password.

I'm staying far away from FileVault in its current implementation.

By default it unnecessarily encrypted my whole 30GB iTunes library (yes I realize some people want their whole mp3 collection encrypted, but there should be a way to limit FileVault's scope during setup) and subsequently ate all my files because the computer was missing some key part of FileVault during booting up some day...