Encryption software for macbook(entire harddrive)?

Discussion in 'Mac Apps and Mac App Store' started by coffey7, Feb 5, 2007.

  1. coffey7 macrumors 6502a

    coffey7

    Joined:
    Feb 12, 2006
    #1
    I am looking for a company that has encryption software for use with my intel macbook core duo. I have a 60 gb hd. I already know about the file vault which covers home folder. I just want to see my options for encryption of the entire harddrive. I did a search and most companys don't cover macs. its ok if I have to buy the software. Free is good also.
     
  2. mkrishnan Moderator emeritus

    mkrishnan

    Joined:
    Jan 9, 2004
    Location:
    Grand Rapids, MI, USA
    #2
    First off, I'll admit immediately that I don't have an answer to your basic question. But... why do you need to encrypt the entire HD? Do you understand how files are organized on Macs? There is no personal information located outside your user directory unless you specifically place it there. And you shouldn't be specifically placing it there. This includes all caches, the keychain, and so on -- they're located in the library folder inside your user directory. So again, no personal information is stored on your computer outside your user directory unless you personally go and make a directory somewhere else on the HD with an admin account and put files in it....

    So you do not expose yourself to any vulnerability by not encrypting the parts of the HD outside of the user directory. My advice would be to just let the OS do its job... rather than getting encryption software to compensate for sloppiness.
     
  3. coffey7 thread starter macrumors 6502a

    coffey7

    Joined:
    Feb 12, 2006
    #3
    I'm still a little worried about security coming from the windows world. Ok, new question: WHAT IS A BETTER HOME FOLDER ENCRYPTION SOFTWARE INSTEAD OF FILE VAULT? THANKS FOR ANY IMPUT. SORRY ABOUT CAPS.
     
  4. thebiggoose macrumors 6502

    thebiggoose

    Joined:
    Jun 17, 2006
    #4
    what about filevault do you find lacking?
     
  5. jsw Moderator emeritus

    jsw

    Joined:
    Mar 16, 2004
    Location:
    Andover, MA
    #5
    Personally? I think FileVault is essentially as good as any other encryption solution. However... if you're going to encrypt your entire home folder, you need to be even more careful about backups. Encrypted images are notoriously vulnerable to disk glitches, and you essentially lose it all if you lose any of it.
     
  6. emw macrumors G4

    emw

    Joined:
    Aug 2, 2004
    #6
    Specifically, are you worried about someone having physical access to your Mac and being able to get to the data, or are you worried about someone having remote access or planting some sort of "spyware" on your Mac to be able to access the files?

    If they have physical access, your results may vary depending on the encryption application. Mainly, if you've already logged in and step away, most likely your data would be vulnerable to anyone walking up to your Mac, unless you specifically log out each time you leave.

    If your Mac is stolen and you've logged out, then FileVault is as good as any other in terms of protecting the data, although I doubt that's what a thief would be after.

    If you're worried about remote access, this is a much smaller worry on the Mac, I think, simply because there are no spyware applications that have been shown to pose any credible security risk. You also have the built-in firewall and sharing prefs to keep people out.
     
  7. SilentPanda Moderator emeritus

    SilentPanda

    Joined:
    Oct 8, 2002
    Location:
    The Bamboo Forest
    #7
    I highly recommend making two accounts. Your day to day account and a filevault account. Keep only things like Quicken, tax papers, etc in the Filevault account and everything else such as music and movies and non-important documents on your day to day account. Make sure you back up your filevault account in case it gets corrupted. Mine hasn't been corrupted in the past several years but I've heard the occasional story.

    What are you worried about that is making you want to encrypt your home directory? Encryption is primarily used in case of theft of the computer not in case of your computer being hacked into remotely. It does have its uses against remote intruders but a firewall would serve you better as a first line.

    Encrypting even all your user files for a typical user is pretty ridiculous. Nobody cares if you listen to Britney. :)
     
  8. mkrishnan Moderator emeritus

    mkrishnan

    Joined:
    Jan 9, 2004
    Location:
    Grand Rapids, MI, USA
    #8
    Another solution that works for a lot of medium-security users is to just create AES-128 encrypted disk images in which you can put the files. Then you can mount the disk image and manipulate files in it, unmounting it when you're done. I didn't mention that at first, since it doesn't encrypt cache files, etc, but for instance, if what you're doing is carrying around sensitive information in the form of document files ... it's usually more than sufficient.
     
  9. coffey7 thread starter macrumors 6502a

    coffey7

    Joined:
    Feb 12, 2006
    #9
    Well the linux guys are coming for the mac users the way they go after windows. Seaching through the hack forums tells me that the attacks vs macs will be stronger in the coming year. One example is:
    http://hak5.org/forums/viewtopic.php?t=4147

    I will try to find the links to other linux attacks on mac OS. If you read some posts farther down in the link One of the guys is working really hard at further OSX attacks. I am worried about someone stealing my laptop and someone using wireless net works to enter and see my info. If you go to hak5.org a guy using a college wireless network with his mac was attacked and the guys were able to get his password and see the IM's he was sending to his girlfriend.

    link for guy putting Mac OSX on a windows laptop(about 22 minutes IN)
    http://youtube.com/watch?v=roJCtXSROJM&mode=related&search=
     
  10. mooncaine macrumors regular

    Joined:
    Dec 19, 2004
    #10
    I do this, and recommend it, with one warning: don't rely on a single encrypted disc image. Instead, make lots of disc images, each no larger than a DVD [let's say 4.1GB, to err on the safe side]. Don't try to get away with only using one.

    One day, you'll be writing to your encrypted disc image, while it's mounted [and thus, not encrypted at the moment]. The power to your computer will fail [even happens with MacBooks and MBPs, folks]. At that moment, all the data in your encrypted disc image will be destroyed. I'm not saying this *might* happen. One day, it *will* happen. Judge for yourself what's worth the risk.

    Same thing can happen to you if you're using FileVault, but at least with separate encrypted disc images, you can only lose what was in that particular image. If you're feeling extra cautious today, you can copy a .dmg file before you mount it, do your work on the copy, unmount it, and then decide to keep it and trash the original.

    A few years ago I archived some files downloaded off the internet, all onto an encrypted disc image that was going to be filed away where the kids couldn't get at the files. We had a brief blackout while that disc was mounted. It never opened or functioned again. I was using the Move command to move those files, so they were erased at the source -- files lost forever.

    Next time around, I put the files in 4 different .dmg files, and I *copied* instead of moving them. If the power had blipped during that process, I'd have only lost a portion of the data.
     
  11. SilentPanda Moderator emeritus

    SilentPanda

    Joined:
    Oct 8, 2002
    Location:
    The Bamboo Forest
    #11
    The only thing I don't like about that (and it's completely my fault) is that I tend to leave my Keychain unlocked all the time and I know I'd store that password in the keychain. With a separate user account (admittedly overkill) I can't do that. But if it wasn't for my keychain abuse this would be the best and easiest option I believe.

    Use a UPS. That's always taken care of it for me. Of course that could blow too but if that blows when your power goes out odds are your computer would've gotten fried instead.
     
  12. eenu macrumors 65816

    eenu

    Joined:
    Aug 11, 2006
    Location:
    Manchester, UK
  13. mkrishnan Moderator emeritus

    mkrishnan

    Joined:
    Jan 9, 2004
    Location:
    Grand Rapids, MI, USA
    #13
    I do have to say... "OMG!!!!1111 I C4N B00T oFF tEh L1V3 CD!!!!111111 I M TeH cR4XX0Rz 43VR!!!!!!!" is not the brightest moment in the collective minds of the Linux world.
     
  14. coffey7 thread starter macrumors 6502a

    coffey7

    Joined:
    Feb 12, 2006
    #14
    I know I saw and talked to others who say they are working on attacks. Even the great Iwoz said apple computers were much saver before they switched over to unix.

    Mac OS X on the other hand is built in Unix and is therefore is more prone to attacks because people are familiar with the holes in Unix, explained Woznaik. “Some of the holes in Unix are well known. So keeping Firewalls on is more important. And we keep announcing, even our own security fixes, not as many as Microsoft but still we never really had those in the OS 9 days.”

    http://www.macworld.co.uk/news/index.cfm?RSS&newsID=16269
     
  15. Queso macrumors G4

    Joined:
    Mar 4, 2006
    #15
    There are some problems with OSX password storage, although things became much more secure with the release of Tiger. Normally in 10.4.x passwords are stored with "salts" which complicate any attempts to decrypt the password. They also use the SHA1 hashing algorithm, which is pretty good for security. This means that standard brute force attacks to obtain the passwords just aren't viable. However, the moment you turn on your Windows sharing, a basic LANMAN style password, just like the ones Ophcrack can decrypt in seconds, is generated. This means that anyone who has used Windows sharing has compromised their Mac's security.

    So to get round this, we really need something along the lines of PointSec for OSX, which would encrypt the /var/db/shadow/hash directory and the files within it. Maybe now the move to Intel has happened, there's a product on the horizon.
     

Share This Page