9 Replies Latest reply: Feb 20, 2008 10:02 AM by AuroraProject
Tim Baker Level 2 (280 points)
I'm using my MacBook Pro traveling on the road right now and since it's the first time I've really had this outside the office it's got me wondering about turning on File Vault in case something should happen to my computer and it ends up in the wrong hands. I have some sensitive information here I wouldn't want others to see.

My questions are:

1. If I enable file vault now, will it screw up my time machine backups once I get back to the office and plug my time machine external drive in? Is it better to wait until the drive is plugged in?

2. Will I notice any performance issues with it enabled? I've heard some mixed reports about it on Tiger, but nothing really about it on Leopard.

MacBook Pro, MacBook, Mac mini, iPhone, Mac OS X (10.5.1)
  • Kappy Level 10 (263,335 points)
    If you enable FileVault you will have to re-backup because TM doesn't backup a FileVault protected system the same as one that isn't protected. TM only backs up a FileVault after you logout and before you shut down. If you never log out of your account then your FileVault protected account will never be backed up by TM. If you shut down before TM completes the backup then you also have no backup. Backups will take considerably more time and do not occur in the background.

    There would be little performance impacts. FileVault only encrypts your user account (Home) folder. Applications and system files are not part of FileVault protection.
  • smithrj Level 4 (1,540 points)
    Hello Tim, I also used FileVault at one time. Kappy was the one who explained the issue with it. Unless you have government secrets on your home folder the program is useless. I gained Hard Drive space and solved other minor issues once de-activated.

  • Tim Baker Level 2 (280 points)

    Nothing that big secret on my computer. I don't want to have to let TM backup while only logged out. Looks like I'll leave it as-is.
  • Mick Mueck Level 2 (180 points)
    I'd like to add my 2c worth here regarding the famed security of the Mac (compared to Windows machines anyway). I use my Mac to do my taxes with TurboTax, I have a few emails I'd rather others not know about, I have some financial information in various spreadsheets, and some take-home employer related stuff that their competitors wouldn't mind having. I have a very secure password, I have unix file permissions set on sensitive files that allow only me to have access, and I also have my Mac setup to require a password to get back in once the screen saver kicks in.

    I'm willing to bet that many Mac users think that if their laptop got stolen that the act of accessing their files requires some clever time-consuming hacking to get around your password etc. Nothing could be further from the truth. All you have to do is boot up the Mac while holding down the 'T' key to put the machine into target disk mode. Then simply connect it via a firewire cable to any Mac and it mounts just like an external hard drive. At that point complex passwords and restrictive unix privileges mean NOTHING - you can freely see, edit or copy absolutely anything you want. It's just so easy to get your data - heck, you can 'borrow' a shut down Mac during lunch time, copy all the stuff you want, and return it with the owner being none the wiser. The same also applies if your backup drive is stolen/borrowed.

    The ONLY way to protect your data is via encryption. Whether filevault is the right solution is debatable, but the encryption part isn't.
  • AuroraProject Level 1 (45 points)
    Enable the open firmware password and avoid that scenario. Starting my MBP with the t key held down does nothing, it just boots to the login screen.
  • Mick Mueck Level 2 (180 points)
    Good point - I'm going to do that right now!! But what about the backup drive - I guess that's still vulnerable, right?
  • smithrj Level 4 (1,540 points)
    Hi Tim, a good idea is the little locks they make to secure your computer. Apple also offers GPS help at a small fee to find lost notebooks.

  • Digi H Level 1 (60 points)

    "Enable the open firmware password and avoid that scenario. Starting my MBP with the t key held down does nothing, it just boots to the login screen."

    Just change the memory configuration, i.e. remove some RAM, and the open firmware password is reset, and starts up into target disk mode for anyone who wants to grab your data

    ... or take the HD out and read it ...

    I rely on FileVault there

    Mick Mueck:

    But what about the backup drive - I guess that's still vulnerable, right?

    Again, I backup to an encrypted disk image. Then all the data is also secure on the external backup drive.

    Call me paranoid, but I like to know for sure that my data is secure in case of theft.

    Message was edited by: Digi H
  • AuroraProject Level 1 (45 points)
    True, but I'm all for doing everything possible to prevent theft. At least with the towers you can put a padlock on the case so the side panel is locked. If someone wants it bad enough, they'll get it, so encryption is the best choice.

    Message was edited by: AuroraProject