Mac 101: Protect your data with FileVault

so, file vault is yet another worthless feature apple tosses in an osx upgrade?

sort of like spaces or stacks. And other useless Leopard features.

Filevault is a very old technique. Apple should have noticed all the news about data leakage, mainly from laptops and USB devices.

I'm using Checkpoint Full Disk Encryption for 2 months now, and it has never let me down. My TimeMachine backups work perfectly on my trusted network, all my software works seamlessly. I get preboot authentication with no performance problems.
There is just 1 bug that's bugging me, my screensaver settings get overwritten after each reboot. And I get the static Checkpoint screensaver, which is not a real screen "saver". But hey, is this a showstopper? I now suspend my screen before the screensaver kicks in, why display a screensaver if I'm not looking at my computer...

Hopefully Checkpoint will integrate other stuff from the Pointsec software to better secure my MacBook.

It would be better if OSX supported per-directory or per-file encryption, like Win XP does. If I was able to select a specific directory or file and tell the OS to encrypt it, then I could keep my sensitive data in there and everything else unencrypted. At the moment, I use an encrypted disk image, but having to mount and unmount it every time I need it is quite annoying.

"If you use a notebook Mac, then the risks are higher for getting your computer stolen. "

I, for one, call bullshit.

NO NO NO do NOT use Filevault!

When you are logged out of your account your user folder is stored in a single disk image file.

Anyone who uses a hard disk will know that files can become corrupted or damaged without much warning and will become irretrievable. For a single file like an image or song this is usually a non-issue.

When it happens to the one file containing ALL YOUR FILES it is a BIG ISSUE.

Your filevault will become corrupted, you will lose all the data inside it. Not to mention that if you forget both the user password and the master password you will NEVER be able to open it again.

DO NOT USE FILEVAULT

Filevault aka filefault is rubbish anyway.

All to often people call me that something went wrong and their data didn't decrypt properly. Thus made it unreadable!

(I work support for an AASP)

Filevault is, in my opinion, only usefull for bank employees (or the like) with sensitive data on the move.

There is also one big thing that I'm surprised no one has mentioned yet. If someone has physical access to your FileVault-"protected" computer, than they can quite easily crack the encryption. Check out the Princeton study on it: http://citp.princeton.edu/memory/. It's a pretty big reason to not bother using disk encryption, and risk forgetting your password or being unable to recover data from a damaged hard drive.

Hi.

File Vault sucks:

http://discussions.apple.com/message.jspa?messageID=5836683#5836683

Cheers

From my experience FileVault didn't slow down standard operation of my macbook any. What it did do was make log outs take an extremely long time if you allowed it to recover free space. If you didn't your HD would eventually fill up.
I moved my iTunes and iPhoto libraries to a shared directory outside of my home directory, which decreased the size of the home directory considerably. This made the recovering free space operation much quicker.

Bundling such afterthought security tools only panders to peoples' natural need to feel themselves important. One can't really believe they were intended for use and I have never seen a production development or data analysis setting (when data security actually matters) where their use is even allowed.

Crude, bulk-encrypted file systems such as the standard one in OS X suffer many of the same issues as databases. Unless the systems have check-points and/or pass something like the ACID test (which they they don't) you stand a good change of loosing everything in the event of a system hang, crash, minor corruption of the hosting file system, etc.

The other issue that plague users of systems that use bulk encryption (instead of file-by-file) encryption, is how in the world to securely yet reliably back up the data.

In the case of a Mac you are much better off keeping only certain sensitive files in an encrypted disk image. This allows reliable secure back-ups of snapshots of the disk image. It also significantly lowers the load on the system since files that don't need encryption aren't encrypted.

People might also like to look at the open-source, cross-platform and vendor independent TrueCrypt project. (While trueCrypt does not format HFS+, one can create an FAT disk of the required size and then simply reformat it HFS+ like any other disk). It works well and obviates a lot of legitimate concerns that arise when using vendor supplied security add-ons.