Previous 1 2 3 4 Next 47 Replies Latest reply: Jan 11, 2016 7:34 PM by mgnick
Dogs 'n Front Level 1 Level 1

Of the many recent changes and updates that Lion offers, FileVault has me a little baffled.  What's the point of it?  Does it allow me to encrypt my files and folders with a password?  If so, I haven't seen that option yet.  After turning on FileVault, Lion started the process of encrypting my files (so it says) but without the option to enable a password for folders and programs, I'm not sure I understand what purpose it serves.


Mac Pro, Mac OS X (10.6.8)
Solved by ds store on Feb 14, 2012 4:39 PM Solved

What's the point in Filevault?

 

For most people it's unnecessary and will substantially hinder file recovery efforts though direct access of the 1's and 0's on the drive itself.

 

It is performance robbing as it ties up your CPU with another task. Not such a big deal for word files, but it can be a issue with large video files etc.

 

For those who work in security or have that sort of high level need, then it's needed of course.

 

 

Most folks who only want to encrypt a few select files or folders are better off with third party file encryption software, the advantage of this is they can be transferred or even recovered encrypted and decoded on another machine with the right software and password.

 

So if the computer dies, the storage can be removed and the encrypted files accessed, even from Linux or Windows machines.

 

Some people/places like hospitals/medical records use a self encrypting external hard drive either with a key and/or a keypad password to decrypt the data stream thus the files can be accessed by any computer.

 

Others have more disposable/smaller  needs, something like a self encrypting Iron Key which they can hide or toss at a sign of danger.

 

Filevault is likley necessary with SSD's and private data because they can't be "scrubbed" like hard drives can, so with a SSD and any private data, Filevault should be utilized.

 

Of course Apple has to give certain authorities access or likely there is some sort of crack.

 

If you take your broken Mac to a Apple Store they will require the Filevault password.

 

If your at Customs/Immigration, they will sometimes ask for the password to snoop in your computer and clone your drive.

 

US courts have required suspects to decode their drives, seems the right to not implicate oneself has little effect.

 

There is a device that can read the entire SSD of iPods, iPhones and iPads (all cell phones too) in minutes and retrieves the password for decoding, so apparently the "industry" is providing access to these devices.

 

Eventually Mac's will also be just as susceptible to this sort of easy intrusion.

 

http://www.thenewspaper.com/news/34/3458.asp

 

 

IMHO, if you have something to keep private and can't be disclosed ever, should keep it encrypted in a manner that doesn't draw attention, can't be obvious or in plain sight and is easily disposable.

 

Powerful rich governments with a strong bio-sciences/medical certainly can make or already have DNA computers which are cable of taking all the keyboard combinations and running it against a encrypted block of data.

 

I doubt many people will have the capacity to remember several hundred or thousand random character passwords in order to defeat such methods.

  • richardfromsalmon arm Level 1 Level 1

    Without your user password everything is encrypted. No real benefit to the average user.

     

    http://support.apple.com/kb/HT4790

  • b j t Level 4 Level 4

    If you don't undertand it in enough detail, DO NOT DO IT as you may make your computer into a very large paper weight. ( Happened to someone I know )

    Makes computer run slower too as it has to contantly encrypt and de-crypt files.

  • Topher Kessler Level 6 Level 6

    FileVault very useful to some users. It encrypts your whole hard drive, so in the event your system is stolen then it is very unlikely someone can read the files on your disk. Without it, a thief can easily boot your system to Target Disk mode or even take out the hard drive and use another PC to read its contents.

     

    It is an advanced level of security that is very beneficial, and does not have many of the drawbacks that the previous FileVault had. However, as is always the case be sure you keep a good and full backup of your system, regarldess of whether or not you use filevault.

     

    Filevault will absolutely NOT brick your system as b j t claims. At the very most a problem would require you to format your hard drive and restore from backup or reinstall OS X, but provided you have a good backup this should not be an issue (regardless of how remote it actually is). It is very likely that BT's friend had another issue with his system.

  • Topher Kessler Level 6 Level 6

    To emphasize, FileVault does not work on the level of individual files, and works underneath the OS so all files on the hard drive are automatically encrypted. The password unlocks the drive's decryption keys so the system can read its contents. Without these keys or the password to unlock them the drive's contents will be garbled.

     

    Because of this requirement for a password, when FileVault is enabled you will not be able to set your system to automatically log in (the password is required to unlock the drive when starting up or restarting).

  • boyfromoz Level 1 Level 1

    Lose you password and computer is bricked with FileVault. Is what BT. Saying and is correct and folks here have done so. I no use for FileVault. Will slow system as well and interfere with upgrades.

  • b j t Level 4 Level 4

    boyfromoz wrote:

     

    Lose you password and computer is bricked with FileVault. Is what BT. Saying and is correct and folks here have done so. I no use for FileVault. Will slow system as well and interfere with upgrades.

    This is what happened to the person I know. Now their computer a VERY expensive paper weight

  • Topher Kessler Level 6 Level 6

    Like I described, this is not true. You have the option to save the encryption keys somewhere safe, or even with Apple if you choose. Additionally, if you lose your password and the encryption keys and as a result cannot log in, you still have not bricked your system. It is either restorable from a backup if you have one, or at the very worst you can reinstall OS X.

     

    FileVault 2 also will neither slow the system significantly nor interfere with upgrades. While this may have been the case with the first generation of the FileVault technology which used an encrypted disk image within OS X for the user's home folder, the new FileVault is transparent to the OS so unless upgrades have to do with the FileVault technology itself then the system will not be aware of it. Additionally, while there is a small performance hit because of the encryption overhead, the hit is fairly insignificant.

     

    Here are some benchmarks showing in many cases a very small performance change, with the only major difference being in boot times. In some cases because of caching differences there is even an increase in performance: http://osxdaily.com/2011/08/10/filevault-2-benchmarks-disk-encryption-faster-mac -os-x-lion/

  • Terence Devlin Level 10 Level 10
    expertise.ilife
    iLife

    With respect, FileVault didn't make  paperweight of the computer. It was simple User Error - forgetting the password - that did it.

  • Topher Kessler Level 6 Level 6

    Even with this distinction, the computer is not bricked. This is a false description of a basic inability to log in. Without the password you can still reinstall OS X and restore from a backup.

  • b j t Level 4 Level 4

    ....

  • Tom in London Level 4 Level 4

    I've been considering FileVault for a long time but have always been scared to start using it because of (a) the performance hit - however small - mentioned above (b) the fear of losing my password.

     

    This is balanced by the fear of having my MacBook Pro stolen while I'm out and about - and thereby, the possibility that anyone could then access the contents of my hard drive (by any of the methods described above by other posters).

     

    So - can I hear it please from some actual users of File Vault? What's your experience? A few questions would be:

     

    - Can I make a clone of my HD if FV is enabled, and boot from it?

    - What happens with system upgrades, installing new applications etc.?

    - Etc.

  • Topher Kessler Level 6 Level 6

    I use FileVault on all of my systems, which include two MacBook Pro systems (one with dual hard drives), a Mac Mini, and an XServe, and have enabled it on numerous other Macs that colleagues have used, and also enable encryption on most of my external hard drives.

     

    You can clone your encrypted drive, though you might have troubles doing block-level clones. Once the drive is unlocked and mounted the system treats it as any other drive, and you can use Carbon Copy Cloner or another cloning tool to file-level clone your drive. The problem with cloning Lion drives with file-level cloning is you will not copy the hidden Recovery HD partiton, but this hurdle is present regardless of whether or not you have FileVault 2 enabled. However, it only takes a few more steps to restore the Recovery HD partition when cloning or restoring your system from backup (it just takes remembering to do so, since cloning is not officially supported by Apple as a backup/recovery routine).

     

    Installing new applications and managing documents is seamless, and is the same as if you install them on any other OS X system. The encryption happens underneath the OS, so OS X, documents, and applications you use are unaware of it and work as they would on any system.

     

    Your concerns about losing the password are good ones, but if you already set your system to use the login window instead of automatic login then there is no difference (the regular use of the login window ensures you remember your password). The same password is used to unlock the drive and then log into your account once the system is booted. The difference with login is that you will need to specify the users who are able to unlock the drive (done in the FileVault system preferences). If a user is not, then the initial login window will not show that user account, and to get to that account another user will have to log in, and then log out so the unauthorized user can access his account.

     

    In terms of performance problems, I've not seen any in my uses (primarily office and computational analysis with programs such as Igor Pro, Matlab); however, I use SSDs in my systems so this greatly increases overall performance and results will likely be different if you are using the slower classic HDD technology.

  • Tom in London Level 4 Level 4

    Thanks Topher - very useful. I shall ponder.

  • Topher Kessler Level 6 Level 6

    While rare, the point that is most likely to give you problems (if any) is when you first enable FileVault and the system sets up the disk management system and encryption keys, and performs the encryption. In these steps the filesystem is more vulnerable to corruption from things like crashes or other mishaps, so do be sure to fully back up your system before enabling it, should something go awry (regardless of its low probability).

Previous 1 2 3 4 Next