Back in August I finally broke down and encrypted my computer using the built in FileVault feature in Mac OS X.
After 3 months I figure it’s time for an update.
I was originally concerned about FileVault based on reports of corrupted images during system crashes and other unexpected events. I have yet to experience any problems. At all.
I’ve crashed my Mac and experienced sudden shutdowns during everything from normal usage, to that dangerous moment with the encrypted image is reclaiming unused space. My encrypted image always comes back, no problems. It’s also pretty big- with multiple virtual machines, all my Outlook files, and all my work documents in my home directory. Plus the occasional movie file. One big 30-40 GB image.
I still backup regularly, but I have yet to experience any problems. No noticeable performance impact. No corrupted images. No problems booting. No disasters after crashes.
All in all I feel totally comfortable recommending FileVault. Keep your backups current, and have fun.
Reader interactions
6 Replies to “Mac FileVault Encryption Update”
LBackup is a backup tool which supports the backup of FileVaults.
If you back up the FileVault .dmg file, you’‘ll get an encrypted backup (no matter who is or isn’‘t logged in). If the FV user is logged in, you also get the option of backing up your home directory or some of its contents.
Sparse images are definitely a risk, thus the emphasis on keeping current backups.
BTW- the best way to back up is to use a dedicated maintenance account- that way you get the advantages of an emergency account as suggested by bkwatch, plus your backups are still encrypted. If you back up while logged in to the encrypted account I think it may back up your data unencrypted.
I loved Filevault, but I did experience some corruption. After a system update, a 3rd party RAM chip went haywire; crashing 4-5 times day. One of those hosed the filevault volume. I did have a good backup going, and only lost 2-3 days of stuff, but a scary moment.
the sparse disk image did make me very nervous for the reasons reppep identified. However, I am not sure if there is a better option —isn’‘t the standard DMG image even worse for read/write operations? Also, I do wish there was an option to encrypt only certain folders in your home directory.
Another good hint is to make sure you have an easily accessible guest account on any computer with Filevault enabled; if you go down at least you’‘ll have access to certain functions; otherwise you might be stuck in single user mode.
Rich,
I believe the problem with FileVault is that it uses sparse disk images. If I understand correctly, any corruption to the disk image file makes the .dmg file completely unusable. Such corruption is of course rare, but that doesn’‘t mean it won’‘t happen to you.
If your backups are good enough, this might be acceptable for you, but not for me. I have excellent backups of email, and lousy backups of everything else. As a result, I keep a includes a variety of non-email information in Eudora, where it’s multiply backed up…
That said, I could use FV for my work MBP, which is much more vulnerable to theft, but the only sensitive data on it are a) IMAP caches of email (in an encrypted non-sparse disk image I rarely mount) and b) an encrypted private ssh key I.
I never leave the key loaded for long, and it’s the public key is only installed on 3 machines, so if I ever lose the laptop, I’‘m reasonably confident in my ability to trash those pubkeys before anyone else uses the privkey.
FV is convenient, but I prefer to use a non-sparse .dmg. I wonder if this is improved in Leopard?
I’‘m with Rich. I use FileVault on my Macbook and it works great. My image is not as big, and I once ran into a problem where FileVault was reclaiming space and just kind of ran. But I did a manual power off, started it back up and everything was great. I too, take backup serious. I synchronize my work files, personal stuff and photos with 2 other machines on my home network and then back up all of those files to offsite using a back-up service. But on my laptop, I’‘m more comfortable knowing the data is encrypted.