[mvallance]

I have a new MacBook Pro with Leopard and will travel quite a bit for workshops and presentations. I use .mac and Time Machine. I am the only user on this MacBook Pro.
My question is simple (but doubt it really is) - should I activate FileVault or not?
Thanks in advance.
Michael
=

[ShermanHoman]

FileVault is powerful medicine, it is the only way to completely protect your data. But first, make sure you understand the Master Password and the File Vault
password. There is no recovery if you forget your password - none!
Because the sparse image is on single file, it is more susceptible to
disk errors and corruption. A backup scheme is essential. But backups
are tricky because the FV file can be many gigs big, and any little
change makes a backup program think the entire file has been modified.
Last, the FV protection is only in effect when you are logged out. When
you log in, your account is fully exposed.

And just to complicate things, Time Machine will not back up a File Vault protected home directory while the user is logged in.

[Typhoon14]

The part about backups is not accurate in Leopard. Leopard uses what is called a sparsebundle for Time Machine. This looks and acts just like any disk image, but it is in fact a bunch of 8 meg segments. Backup software, including time machine, will only backup the segments that change. In fact, backups with filevault active are usually faster now than without it, because the smallest file size is 8 megs, as opposed to needing to update hundreds of tiny changed files as is often the case with backups.

[Typhoon14]

I use Filevault, and have done so for about 6 months. The big question you answer is how much of your data you consider sensitive. If it is only a few files, you can simply create an encrypted disk image in the disk utility application and store the files there. If most of your data is stuff you consider sensitive, then you might want to use Filevault. Myself, I activated it after hearing about the US government searching through and copying data off laptops at the border. I definitely don't want ANY of my personal data going into some mysterious government database where god knows who is going to go through it.

It works pretty well for the most part. Printer Sharing and Windows Filesharing do not work (you can access Windows Shares, but Windows users cannot access your shares), and some things are a tiny bit slower. I have not had any issues with corruption, despite unexpected shutdowns. It is important to note that running standard disk repair on your system will not fix problems with your filevault account. You need to login from another account, mount the filevault image, and run disk repair directly on the image.

One important thing to note: Apple does NOT give FileVault a very high priority when making sure that everything works as it should. If you ask Apple tech support, or someone at a genius bar, the most common response is that filevault does not work very well and should not be used unless you in some highly sensitive field where content encryption is an absolute must.

Example: With FileVault in Leopard, the LaunchServices database does not get read. The launchservices database contains the settings for which applications open which filetypes, which apps to use for certain services (for example, default web browser), and whether to display warnings when files are opened in applications, among other things. In Leopard, the system tries to read the database before the FileVault image is fully mounted, and ends up simply reverting to the default settings. This means that you cannot change your default web browser, FTP client, etc, nor can you change what application opens a particular type of file. Any changes you make to these settings will be reset as soon as you restart your Mac. Myself and others have sent many reports to Apple regarding this issue (it appears to be entirely reproducible for anyone using FileVault in Leopard), but Apple has failed to fix it in any of the Leopard updates so far.
Fortunately, there is a workaround, which I detail in this Mac OS X Hints posting. It basically involves forcing the system to reread the launchservices database after the FileVault image is fully mounted. The hint will allow changes to default applications and services to be remembered across restarts, but will not fix the issue of "do you want to open this file with this application?" warnings appearing for every application after a restart.

Lastly, remember that FileVault is only as secure as your password is strong. I use a password of around 30 random characters for my FileVault account (you will get very fast at typing it after a while), so I recommend something long and seemingly random (doesn't have to be truly random of course - letters and numbers that would have significance only to you are good).

[ShermanHoman]

Good info, Typhoon14! But I still don't get the part about TimeMachine and not backing up a logged in user. It looks like TimeMachine will not backup a logged in user account that has FileVault turned on. If the Mac has only one user and that account is using FileVault, is it the case that TM will never do a backup of the Home directory?

[Typhoon14]

OK, here is how that works:

1. Connect Time Machine Drive, wait for it to backup system and other user accounts.
2. Select "Log Out" from the Apple Menu.
3. You will be presented with a screen containing a progress bar saying "backing up?" After the backup is finished, you will be taken to the login screen.

[mvallance]

Thank you very much. I will think long and hard about this before I hit the road next week.
Michael

[edsel]

When doing the backup you describe, is the data encrypted on the Time Machine Drive?

I have OS 10.4.11 and am running Filevault. From another account, I tried to manually drag what I thought was the Filebvault account to an external drive, but that didn't work. What I want to do is to make an encrypted backup. Suggestions?

Thanks

[Typhoon14]

Time machine does indeed encrypt the filevault backup. It just copies over the encrypted segments of the image without ever even decrypting it.
The image itself is located at /Users/.username/username.sparseimage (the .username directory is invisible, you can access it by entering "open /Users/.username/" in the Terminal).

[mvallance]

Thank you very very much.
Michael