An Unencrypted Look at FileVault
- Thread starter bobw
- Start date
For many people, it isn't 'it'. Sure, we all want security, but for most users, this is not about a stolen PowerBook or iBook and that the thief shouldn't be able to read our files - it's rather about the security of networked computers, and FileVault does nothing about that. (Unless, of course, you're not logged in and thus the .dmg isn't mounted.)
However: If you _want_ to use FileVault for your really important files, yes, a rearrangement is necessary. But then again: This is a good occasion for cleaning up the notebook, anyway... And it's easy, too, as long as you have another Mac (or server or good and big backup drive).
1.) Clean install Panther (or Jaguar, if you haven't got Panther - or rather: Buy Panther!) ;-)
2.) Set up your user and turn on FileVault _before_ copying the files back from the backup.
3.) _THEN_ copy back the stuff that _belongs_ to the vault. And organize all other stuff _outside_ of your home folder. (Why not create a folder called 'files' at the root of your harddrive? Sounds good.)
I have made me a little note on the fridge that says: "When you feel like completely reinstalling the iBook, remember to rethink about FileVault."
I'm not sure I'll use it ever. I also don't think it's necessary that I reinstall my iBook now, because of it. (My home folder takes up more than 70% of the internal drive, so I can't activate FileVault right now, anyway.) But maybe, just maybe, I'll do it at the next complete reinstall or when I buy my next notebook.
However: If you _want_ to use FileVault for your really important files, yes, a rearrangement is necessary. But then again: This is a good occasion for cleaning up the notebook, anyway... And it's easy, too, as long as you have another Mac (or server or good and big backup drive).
1.) Clean install Panther (or Jaguar, if you haven't got Panther - or rather: Buy Panther!) ;-)
2.) Set up your user and turn on FileVault _before_ copying the files back from the backup.
3.) _THEN_ copy back the stuff that _belongs_ to the vault. And organize all other stuff _outside_ of your home folder. (Why not create a folder called 'files' at the root of your harddrive? Sounds good.)
I have made me a little note on the fridge that says: "When you feel like completely reinstalling the iBook, remember to rethink about FileVault."
I'm not sure I'll use it ever. I also don't think it's necessary that I reinstall my iBook now, because of it. (My home folder takes up more than 70% of the internal drive, so I can't activate FileVault right now, anyway.) But maybe, just maybe, I'll do it at the next complete reinstall or when I buy my next notebook.
aaike
bacteria-troubled-brain
You're right that it's mainly network security that customers are looking for... I don't know, but sometimes I am worrying a little about this. How easy would it be to break into my computer? I am on a university network and there are quite a lot of UNIX/Linux computer freaks around I guess.
At times I found out I could acces my computer without any pasword (using Transmit)... I don't know if I did st. wrong with permissions, but this certainly wasn't supposed to be.
Luckily there's nothing secret on there, so that's something I don't have to worry about.
At times I found out I could acces my computer without any pasword (using Transmit)... I don't know if I did st. wrong with permissions, but this certainly wasn't supposed to be.
Luckily there's nothing secret on there, so that's something I don't have to worry about.
ElDiabloConCaca
U.S.D.A. Prime
Sounds like you have FTP access turned on, or Remote Login turned on if you can get in with Transit. Turn those off unless you really need them.
bobw
The Late: SuperMacMod
Anyone wanting to protect their PowerBook should it be stolen, should use a program like DiskGuard from Intego. It's not available for OS X yet, should be soon;
http://www.intego.com/diskguard/home.html
The drive will be inacessable if this is installed.
http://www.intego.com/diskguard/home.html
The drive will be inacessable if this is installed.
scruffy
Notorious Olive Counter
... for users of Filevault:
What happens when you log in remotely, via ssh? Is the disk image automatically mounted only when you log in at the console, or also if you log in remotely onto a virtual tty? If it's not mounted automatically, is there an easy way of doing it yourself once you've logged in?
Also, does 10.3 still have the Users/Shared directory? Because if I were to use filevault, I'd want to clear a bunch of large, not-particularly-confidential files out to there (e.g. a couple gigs of mp3s...)
What happens when you log in remotely, via ssh? Is the disk image automatically mounted only when you log in at the console, or also if you log in remotely onto a virtual tty? If it's not mounted automatically, is there an easy way of doing it yourself once you've logged in?
Also, does 10.3 still have the Users/Shared directory? Because if I were to use filevault, I'd want to clear a bunch of large, not-particularly-confidential files out to there (e.g. a couple gigs of mp3s...)
ElDiabloConCaca
U.S.D.A. Prime
scruffy said:
Yup.
Krevinek
Evil PPC Tweaker
bobw said:
The problem is that this is not enough if you work with government contracts. Diskguard does not encrypt your data, so if it were to be taken into a clean room or a machine that ignores its partition table hacks, your security is useless.
FileVault will more reliably prevent your data from being stolen if you need it to be. Most people can use DiskGuard just fine, but FileVault is currently the easiest solution that meets government requirements for security when dealing with them as an employee.
malexgreen
Contributor and PB User
I use FileVault. I sometimes have information from work on my computer. It's sort of ironic that now my personal computer is securing this information more tightly than my Windows 2000 machine.
Sure, Ricky - however if you have REALLY confidential stuff that could cost you, say, all of your money or (worse) your life, you don't want to TRUST a thief that THAT's gonna be what he'll do to your harddrive. And then a thief also wouldn't notify you that he had done one or the other thing, so you'd be left with the insecurity of not knowing whether the info is out or not. But I'd urge you to use a Kensington lock to bind that notebook to your arm then. ;-)
malexgreen
Contributor and PB User
Ricky said:
In the tech industry, the information on the computer is worth WAY more than the computer itself. I've heard that people are willing to pay $10,000.00 for a computer from one of the big tech companies' employees.
My company is relying on the BIOS password as that "extra" bit of security. Anyone with $10k in their pocket buring for such booty knows that can be easily reset on a PC. If the HD was encrypted a la FileVault, that would put a monkey wrench in that plan. Does MS have a FileVault equivalent?