# FileVault Poll



## fryke (Apr 24, 2007)

Ever used FileVault? Or just heard good/bad things about it? I wonder...
I wondered whether I should add "Never even heard about it", but I think if you would choose that one, you're not very relevant to this poll.  You can still put a comment into the thread, of course.


----------



## bbloke (Apr 24, 2007)

I haven't used FileVault and had mixed feelings about it (I opted for saying in the poll that it was a good thing, though).  The idea of extra security for one's home directory sounds like a good thing to me.  I would have thought that it could be all the more important for laptop owners, in case of theft.  

On the other hand, I heard that FileVault uses a single, encrypted file to store all the data.  If this is true, I could imagine that if that one file were somehow corrupted, it could be A Very Bad Thing...


----------



## Mikuro (Apr 24, 2007)

Haven't used it, and I think it's a bad thing....sort of. I've heard from people far more informed on the matter than I am say that it has too many show-stopping gotchas to be a standard, easily-accessible feature, but that if you know what you're doing, you can use it with no real risks.

I don't know what all those gotchas are, but I seem to recall something about how you shouldn't use encrypted disk images _within_ your home directory (which is itself an encrypted disk image with FileVault on).

Of course, with everything stored in one file, you are highly screwed if it becomes corrupt. AFAIK there are no consumer-level programs that allow you to recover data from corrupted encrypted disk images. I'm sure there's a way, but I'm also pretty sure that not just anyone can do it.

If I had a laptop, I _would_ consider using it. But not until I did a lot of research on the topic and really knew what I was getting into.


----------



## Giaguara (Apr 24, 2007)

I've seen it cause more problems than solve it.
For a few reasons I'm no into using it : first, it slows the system down by about 2 %. When editing certain things, I don't need to lose that 2 %. Then, I don't need EVERYTHING encrypted on my home folder, rather just certain files or folders, AND the things one the external, portable hard drive. Third, there is always the risk of corruption .. something corrupts, and your home folder is gone. Or the computer shuts down without shutting down properly, and it's gone. Way too often I see people with absolutely no backup of their files, and then things go wrong ...

So, instead open firmware password, and login prompt where you have to know the user name and password, AND then the things that need to be encrypted are encrypted, no matter if they are located on my home folder, elsewhere on the hard drive, or on the external hard drive, OR on my backup CD or DVDs.


----------



## Rhisiart (Apr 24, 2007)

I use it. No probs. However, does it do what it purports to do?


----------



## Timotheos (Apr 24, 2007)

Good poll!

I did use it, I had no idea what it was but if it offered more security it couldnt be a bad thing right? Well one day everything corrupted... or something and I think I lost everything, it was a while ago so I cant remember if I got my data back but it wasnt a good thing for me. It not like I have any confidential files on my computer anyway.


----------



## icemanjc (Apr 24, 2007)

I'm more neutral, I've heard of it, know nothing about it and I don't care about it.


----------



## Ferdinand (Apr 25, 2007)

icemanjc said:


> I'm more neutral, I've heard of it, know nothing about it and I don't care about it.



That's exactly how I feel about this.


----------



## Satcomer (Apr 25, 2007)

Ferdinand said:


> That's exactly how I feel about this.



Same for me. The wasted disk space for the encryption is the big reason for my decision. I also by on login and screen password set and change the passwords on a regular schedule.


----------



## Natobasso (Apr 25, 2007)

Can't see how an encryption method that can't be undone if you forget the password could be a good thing.


----------



## Sunnz (Apr 26, 2007)

Used it from the first day on my laptop and almost a year, haven't had any problems.

Had more than 10 forced shutdown/reboot.

The only thing that might have been caused by FileVault is that my Application and Support directory got corrupted. I was not able to read it, delete it, or write to it. Luckily I've got a backup.

I did try to turn it off a few months ago, but I think my home directory has grew too big and it always fails to decrypt everything, so I leave things as they are.


----------



## fryke (Apr 26, 2007)

Natobasso said:


> Can't see how an encryption method that can't be undone if you forget the password could be a good thing.


? ... But if it can simply be _undone_ without the password, what good would the encryption be? Nah, I don't buy that. If I want security, I don't want a backdoor. You also don't buy a safe where you have to decide on a combination, but "0, 5, 10" will always work, right?


----------



## Mikuro (Apr 26, 2007)

OS X allows you to set a master password for FileVault as well, so you could unlock FileVault with that even if you forget your account password. That's about as accommodating as any security system can be while still being secure.


----------



## Rhisiart (Apr 26, 2007)

For encrypting folders, iProtector is useful (although the encrypting/uncrypting process may not be to everyone's taste).


----------



## chevy (Apr 26, 2007)

I think it's good to provide several levels of security. I don't use it at home, but we have something equivalent on the portable PCs at work to avoid that anybody can steal one of our drives to get access to our data... it did happen probably 15 years ago when we presented a new software on a fair.


----------



## chevy (Apr 26, 2007)

I've seen iProtector, another solution is to create virtual disks with encoding (use Disk Utilities for that).


----------



## Mikuro (Apr 26, 2007)

The big advantage of FileVault is that it encrypts everything in your ~/Library folder. That includes all your application preferences, your bookmarks, your browser history, your cookies (which could contain lots of passwords), probably all your email, your calendars, etc. &#8212; quite a lot of personal data. AFAIK, FileVault is the only way to encrypt this data.


----------



## fryke (Apr 27, 2007)

Yes. The basic *idea* of FileVault isn't entirely bad in my opinion. But it comes with so much collateral damage (or rather collateral issues), that I wouldn't really trust it personally. When they first introduced it, I wanted to try it. And it simply didn't work for me at that point, because on my notebooks, my home folder is _always_ bigger than the available free space. Well: Not when I buy a new one, of course - and I could have reinstalled everything, turned on FileVault and get the stuff back from the backup, but it just seemed too much hassle back then. And when I thought I'd try again, the first messages popped up on macosx.com and other forums about how it plainly didn't work right! People lost settings, people got strange messages about how something saved some space (freaky if you don't really know what the system means and what it's doing...)...

Sure, security is a good thing. More security is a better thing. But it all comes down when the hassle becomes too much.

If you're worried about those saved passwords: Don't save them. Security, in my opinion, also means that you change your passwords often enough and use separate ones for separate things.

Personally, I rather pay attention and _don't_ let my MacBook get stolen and _don't_ leave it in a Café when I'm going home. I know that sounds obvious, but if no one tampers with my notebook, local security isn't that much of an issue.

Remote security is a bigger problem. But if you're logged in, your FileVault image is decrypted. And if someone manages to hack his way onto your Mac from outside as your username, the filesystem is already decrypted, so FileVault isn't doing much good. Also I've come across tons of people who have FileVault activated but keep logged in and put their notebook to sleep - without any password protection. So a thief would simply wake it up and have access to everything - as long as he doesn't logout or restart. I guess it all depends on what kind of bad things you _expect_ will happen.


----------



## Sunnz (Apr 27, 2007)

Hmmm I always logged in on my MacBook and I have been wondering, when I close the lid and it goes to asleep, the files are still decrypted or? I have it to password prompt on wake up, but it can't be encrypting and decrypting every time I close and open the lid, right?

IMHO using FileVault is just a matter of backup your home folder to somewhere safe.


----------



## Natobasso (Apr 27, 2007)

fryke said:


> ? ... But if it can simply be _undone_ without the password, what good would the encryption be? Nah, I don't buy that. If I want security, I don't want a backdoor. You also don't buy a safe where you have to decide on a combination, but "0, 5, 10" will always work, right?



I disagree. I think a safe that is yours should have some way of getting back into it if you lose the password. Just like buildings have master keys, so should my encrypted data. Let's face it, though, just about anything is crackable if enough time/resources are spent on it so it's almost a moot point.


----------



## Damrod (Apr 28, 2007)

Well, my girlfriend had FileVault active on her iBook. Until through not so clear circumstances the encrypted home image got coruppted somehow. I worked 1 1/2 weeks to recover pictures, music and so on with a great variety of tools.

So, I think it's not really executed well enough to be a good thing. I was kinda skeptical from the beginning, but that really killed FileVault for me.


----------



## Sunnz (Apr 28, 2007)

Natobasso said:


> I disagree. I think a safe that is yours should have some way of getting back into it if you lose the password. Just like buildings have master keys, so should my encrypted data. Let's face it, though, just about anything is crackable if enough time/resources are spent on it so it's almost a moot point.


AFAIK most nix system lets you boot into Single user mode with have root access to everything and from there you can reset password of any users.

But that's a system admin thing - the files and system structures are not necessarily encrypted. IMHO encrypting data is a different beast, it is not only denial of access but also encryption of every bit of data.

To my knowledge, FileVault is implemented by using AES encryption, an algorithm that is designed to be secure and actually used for really high secure data like those used in Defence departments, the importance of the data is such that it is better to be destroyed rather than leaking secrets to the outside world.

Yes these encryption data are crack-able given enough CPU power and time, but this AES encryption isn't something your average hacker/script kiddie would crack open. It may take months or even years for FBI to crack it, so unless you are really up to something bad-ass, e.g. terrorism, it is more than an overkill for your average use.


----------



## fryke (Apr 28, 2007)

By this you want to say that FileVault users probably are terrorists. Hm.


----------



## Sunnz (Apr 28, 2007)

If they use a Mac, that is.


----------



## icemanjc (Apr 28, 2007)

Most of the stuff I make doesn't need to be hidden, most of it is public, and I almost never backup, only when I'm going to reformat, so I don't even want to take a risk if I don't have to.


----------



## sinclair_tm (May 5, 2007)

like others here, i know of it, don't use it, and don't care either way.  it could be a good idea for some people, but for the majority of home users, there isn't a need.


----------



## g/re/p (May 6, 2007)

I would rather slide down a 50 foot razor blade into a  pool of  alcohol 
AND kiss a rabbit between the ears than trust my data to FileVault.


----------



## fryke (May 6, 2007)

Darn, I should have had this answer in the poll. 
(No, do _not_ edit the poll please, fellow-mods...)


----------



## Rhisiart (May 6, 2007)

g/re/p said:


> I would rather slide down a 50 foot razor blade into a  pool of  alcohol
> AND kiss a rabbit between the ears than trust my data to FileVault.


And your point is...?


----------



## g/re/p (May 6, 2007)

rhisiart said:


> And your point is...?



It is based on a very old joke - if you never heard the joke it makes no sense


----------



## Rhisiart (May 7, 2007)

I was just being tongue in cheek.


----------



## g/re/p (May 7, 2007)

:d


----------



## Rhisiart (May 9, 2007)

If you have everything backed up, what is the worst that can happen if you have FileVault turned on?


----------



## fryke (May 9, 2007)

Issues with free space not being free, slowdowns, hassle...


----------



## Rhisiart (May 11, 2007)

I assume that with File Vault turned on, disk space is taken up to encrypt files and create a sparse file, which is why I can opt for free space recovery more or less each time I log out (which from your last reply may not always work efficiently)? 

Presumably recovering free disk space is not an issue if FileVault is switched off?


----------



## fryke (May 11, 2007)

If FileVault is switched off, there _is_ no space wasted by a growing disk image, because the home folders are just that: Folders.
The free space recovery "feature" with FileVault is, in my opinion, not really well thought-out. It confuses users unnecessarily. FileVault should work in the background, giving free space back as needed (or as it becomes available) imnsho.


----------



## Rhisiart (May 11, 2007)

Thanks.

Room for improvement it would seem.


----------

