Skip navigation

What's the point of FileVault?

18878 Views 45 Replies Latest reply: Feb 11, 2014 6:25 PM by conrlee17 RSS
  • etresoft Level 7 Level 7 (23,905 points)
    Currently Being Moderated
    Feb 15, 2012 9:55 AM (in response to softwater)

    Use Disk Utility to create an encrypted disk image. Open that encrypted volume in the Finder. Create a folder named something like "Documents (encrypted)". Copy your files to that folder. Create an alias (using shift-option drag) to that folder and store it next to "Documents", for example.

     

    Now you have an encrypted folder. If your encrypted volume isn't already mounted when you open the folder, the Finder will ask for your password, mount the volume, and open the folder. If you want, you can save the password to your keychain.

     

    File Vault would be more seamless and more secure, but this is adequate for my needs. While I'm not worried about forgetting my password, I don't trust notebook hard drives. I've encrypted my Time Machine backup, but I'm just not ready to encrypt my whole hard drive yet. Maybe later.

  • softwater Level 5 Level 5 (5,370 points)
    Currently Being Moderated
    Feb 15, 2012 5:55 PM (in response to etresoft)

    etresoft wrote:

     

    Use Disk Utility to create an encrypted disk image. Open that encrypted volume in the Finder. Create a folder named something like "Documents (encrypted)". Copy your files to that folder. Create an alias (using shift-option drag) to that folder and store it next to "Documents", for example.

     

    Now you have an encrypted folder. If your encrypted volume isn't already mounted when you open the folder, the Finder will ask for your password, mount the volume, and open the folder. If you want, you can save the password to your keychain.

     

    File Vault would be more seamless and more secure, but this is adequate for my needs. While I'm not worried about forgetting my password, I don't trust notebook hard drives. I've encrypted my Time Machine backup, but I'm just not ready to encrypt my whole hard drive yet. Maybe later.

     

    Thanks for that. I shall experiment.

     

    Just one more question. Why do you say FV would be "more secure"? Isn't the encryption method the same in both cases?

  • Topher Kessler Level 6 Level 6 (9,305 points)
    Currently Being Moderated
    Feb 15, 2012 6:45 PM (in response to kap_australia)

    Either option will work just as fine for securing data. The main difference here is the convenience the options offer. FV offers a seamless encryption that encrypts all contents of the drive, but disk images offer an option that will secure files should you choose to upload them to the internet. I personally do prefer filevault.

  • Topher Kessler Level 6 Level 6 (9,305 points)
    Currently Being Moderated
    Feb 15, 2012 6:53 PM (in response to etresoft)

    I disagree with the reasoning that it is overkill for the average user. The decision or desire to fully secure your data is up to you alone, and filevault is a very secure and easy way of ensuring all of your files are encrypted at all times. It's true there are other ways to safeguard information in os x; however, filevault is simple to set up, is virtually transparent, and despite what some are claiming here it does not have much of a performance hit (see the benchmrk link i posted earlier). I use filevault all the time on numerous systems and have not seen any notable or appreciable change in performance with respect to other systems without filevault.

  • etresoft Level 7 Level 7 (23,905 points)
    Currently Being Moderated
    Feb 15, 2012 8:03 PM (in response to softwater)

    softwater wrote:

     

    Why do you say FV would be "more secure"? Isn't the encryption method the same in both cases?

    Having everything encrypted is always going to be more secure. Some programs could write temporary files to /tmp, for example. They use different encryption methods and FileVault2's encryption is optimized for speed.

  • softwater Level 5 Level 5 (5,370 points)
    Currently Being Moderated
    Feb 16, 2012 2:53 AM (in response to etresoft)

    Cheers. That makes sense (sort of).

     

    Any links/references to where I can find out more about the differences in encryption methods? How do you know they're different?

  • Barney-15E Level 7 Level 7 (33,385 points)
    Currently Being Moderated
    Feb 16, 2012 4:35 AM (in response to softwater)

    http://support.apple.com/kb/HT1578

     

    For the format, a sparse image will only take up the amount of space you save to it, regardless of how large you set it for initially. It doesn't do cleanup, though. If you add files, and then delete them, it stays at the size it was before deleting. This can be recovered if you need to using command line.

     

    If you want one that gets backed up by Time Machine efficiently, use a sparse bundle format. It stores the data in small files so that it only sees a change to a small file instead of the entire image.

  • softwater Level 5 Level 5 (5,370 points)
    Currently Being Moderated
    Feb 16, 2012 5:52 AM (in response to Barney-15E)

    Cheers for that, Barney. Very useful stuff.

  • softwater Level 5 Level 5 (5,370 points)
    Currently Being Moderated
    Feb 17, 2012 10:31 AM (in response to etresoft)

    etresoft wrote:

     

    Use Disk Utility to create an encrypted disk image.

     

    Will this technique work on a disk that has FV2 enabled?

     

    As I pointed out above, FV2 has a gaping security hole in it if you have any standard accounts users who have permission to start up the disk (they can access Admin's home folder through single user mode).

  • etresoft Level 7 Level 7 (23,905 points)
    Currently Being Moderated
    Feb 17, 2012 10:52 AM (in response to softwater)

    Sure.

     

    File Vault does not have a "gaping security hole". File Vault is designed to provide easy-to-use security for most users. Most users are concerned about theft, not internal hacking attempts from trusted users. If you are worried about that, then give all of these shady people their own machines or don't give then startup privileges.

  • softwater Level 5 Level 5 (5,370 points)
    Currently Being Moderated
    Feb 17, 2012 11:08 AM (in response to etresoft)

    I value your knowledge, etresoft, but its always a shame when you start trying to argue with your faulty logic. Whether most users are concerned about it or not is irrelevant.

     

    It's a security issue for users who enable FV2 in an SME environment. The whole point of adding employees as managed users rather than Admin is that they are trusted only so far. If employers are not aware of this security hole they could be exposed to serious commercial and even personal damage.

     

    Your solution is a way round that. What's needed here is information dissemination to those that could be affected, not denial that there's a security issue.

  • donikatz Calculating status...
    Currently Being Moderated
    Feb 22, 2012 8:41 PM (in response to softwater)

    IMO, one of the biggest issues that nobody has mentioned yet is that FV2 hinders basic remote admin functionality. Popular apps such as LogMeIn, TeamViewer, VNC, and ARD can't be used to remote reboot a Mac with FV2 enabled because the encryption password screen is before the OS launches. Reboot an FV2 Mac and you can't connect to it until somone authenticates at the physical console.

     

    Apple needs to embed remote admin functionality into hardware/firmware (or just take advantage of existing Intel technology), otherwise this alone is a dealbreaker for a lot of people, myself included.

  • marko222 Calculating status...
    Currently Being Moderated
    Mar 1, 2012 4:14 AM (in response to donikatz)

    I happen to use FIle Vault in Snow Leopard and have not noticed any major performance issues.

     

    One issue I do have is that Time Machine does not back up FV1 on the same basis as without it. You actually have to log out, although even then I am never enitrely sure what has been backed up and what not, as the date on the Time Machine backup does not always seem to me to be the same as the date of the last encrypted information. This is irritating to say the least when you decide to use the back up to system restore and then find that there is information lost. I think one would have to keep a seperate back up of the home folder either unencrypted or encrypted with another method to be sure not to lose anything ever and this somehwat defeats the purpose of FV in the first place.

     

    It would appear that without logging out Time Machine backs up some information (software updates etc?), but not all the data, documents, emails etc., so what is actually going on is not necessarily obvious if you have not been told before that you have to log out. In relation to FV1 at least people should be well aware of this before they opt to use it. There are some more detailed issues that are inconvenient, like the fact that sometimes the backing up on log out can take a long time, even hours in my experience. Also if you want to leave using FV you potentially need a lot of hard disk free space (equal to the size of the home folder) to do so.

     

    Anyway as I have to move onto Lion shortly and decide whether or not to use FV2 I had two questions.

     

    1. If you have FV1 enabled in Snow Leopard, what happens if you upgrade to Lion? Do you automatically get a FV2 encrypted system?

     

    2. Does FV2 have the same interaction with Time Machine as FV1?

     

    Advice as to the questions would be much appreciated (and, of course, clarification as to where I have misunderstood the interaction with Time Machine).

  • Barney-15E Level 7 Level 7 (33,385 points)
    Currently Being Moderated
    Mar 1, 2012 4:25 AM (in response to marko222)

    1. It keeps the FV1 until you change it.

    2. Everything is encrypted and decrypted on the fly, so Time Machine works pretty much as it would normally. The only difference is you have the option of encrypting the Time Machine backup.

     

    I never noticed any performance hits with FV2 enabled, unlike what is postulated on some posts. However, I never benchmarked it and wasn't doing anything that would require large disk reads and writes.

  • donikatz Level 1 Level 1 (0 points)
    Currently Being Moderated
    Mar 1, 2012 6:00 AM (in response to Barney-15E)

    And you don't even need to have FV2 enabled on your main volume to do that, which is great! I still don't understand why FV2 doesn't natively support secondary drives other than TM out of the box, but hopefully they'll add that in 10.8.

    Barney-15E wrote:

     

    The only difference is you have the option of encrypting the Time Machine backup.

Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.