Questions about Filevault

Discussion in 'Mac Basics and Help' started by grahamnp, Jun 4, 2008.

  1. grahamnp macrumors 6502a

    Joined:
    Jun 4, 2008
    #1
    Hi everyone,

    I'm a recent switcher and am really enjoying the experience but today I noticed a small problem. When viewing my Mac partition via Macdrive from my bootcamp partition, I can access any folder which obviously isn't very secure.

    It seems that Filevault would be the answer to this problem but when I try to enable it, it seems to require huge amounts of space. I'm guessing that it is copying my entire home folder? My question is, is huge space requirement a temporary thing while it sets itself up for the first time? I really don't have that much space to spare. Also, does Filevault bring any disadvantages with it? Does it have any impact on system performance? I've also heard things about how a corrupted image can render the files useless, is this true?

    Any help on this would be appreciated. Thanks in advance!
     
  2. merl1n macrumors 65816

    merl1n

    Joined:
    Mar 30, 2008
    Location:
    New Jersey, USA
    #2
    File Vault needs a lot of space to encrypt everything.

    It will also affect system performance since it has to decrypt what you want to work on and then encrypt it again when you save changes.

    I don't recommend using it as it can cause more problems than what its worth.
     
  3. grahamnp thread starter macrumors 6502a

    Joined:
    Jun 4, 2008
    #3
    Thanks for the quick reply merl1n!

    I'm still not comfortable leaving my files relatively accessible that way though especially since I will be swapping my MBP 2.4 for a new one soon(it's defective) and I would have liked to be able to just give it to them and not worry about its contents.

    I don't have any private information on my HD but I don't really like the idea of people messing around with my stuff. Do you have suggestions for an alternative?
     
  4. merl1n macrumors 65816

    merl1n

    Joined:
    Mar 30, 2008
    Location:
    New Jersey, USA
    #4
    Sure but make sure you have a backup of your files before you begin this...

    Boot off of the original DVD that came with your computer and when the screen comes up, select English and stop there.

    Go to the Utilities menu and select Disk Utility.

    In Disk Utility, select your disk (the device name, not the volume beneath it) and click the Erase tab.

    Now in the Erase tab, click "Security Options". Select "7 Pass Erase" (more than that is a waste of time) and click Ok. Now click "Erase".

    This will take a lot of time depending on the size of your disk. I would run this overnight.
     
  5. grahamnp thread starter macrumors 6502a

    Joined:
    Jun 4, 2008
    #5
    Thanks again but I was looking more for a long-term solution. Is there anything that will stop people from accessing my home folder externally as I described?
     
  6. merl1n macrumors 65816

    merl1n

    Joined:
    Mar 30, 2008
    Location:
    New Jersey, USA
    #6
    By default they can't access it. They would have to login as you and provide your password. Your home folder will appear "locked" (and will not have any access to it) to any other user, even if they have an account on your mac.
     
  7. grahamnp thread starter macrumors 6502a

    Joined:
    Jun 4, 2008
    #7
    But what about from XP? I could access any folder I wanted from XP. Is this something bootcamp grants?

    Sorry if I ask too many questions btw, I'm new to this all! :D
     
  8. merl1n macrumors 65816

    merl1n

    Joined:
    Mar 30, 2008
    Location:
    New Jersey, USA
    #8
    XP has it's own security measures. If you boot XP, you need to manage your users as to what they can access. Bootcamp plays no role in any of this.
     
  9. grahamnp thread starter macrumors 6502a

    Joined:
    Jun 4, 2008
    #9
    Yes I know but what I meant was that I could access my files on the Macintosh HD from Windows XP. Surely this is a loophole on the OSX side of things? When I try the same thing with XP(accessing my HD from another computer or OS installtion) I am usually denied access. I am looking for this same kind of protection.
     
  10. merl1n macrumors 65816

    merl1n

    Joined:
    Mar 30, 2008
    Location:
    New Jersey, USA
    #10
    I'm sorry, but your statements are confusing me.

    On the same computer, when you boot XP, you are the administrator. Your MacOS partition is treated as a local disk drive to XP and thus you have access to it.

    Remotely connecting from another computer is something different. I am not an XP specialist so I am giving an educated guess. XP has security settings for all users and for remote access privileges for users. You need to investigate this.
     
  11. sgarringer macrumors regular

    Joined:
    Jul 15, 2004
    Location:
    Cedar Rapids, IA
    #11
    No, you're right. Having your files on the drive, unencrypted, is a very bad thing. Heres something else you might not know. Anyone who has the machine can boot it holding down T, plug it in to another mac, and disable security and access all your files. Filevault will fix your issue. The way it works is it makes a new, encrypted home folder... then it copies all your files into it. It then deletes the originals. That's why it takes 2x the amount of space, right off the bat, but once its done it goes back to the regular amount of space.

    Lots of people bad mouth filevault, and it does have its issues, but for the most part the good outweighs the bad. Once thing I would think about though, is your iTunes library. Chances are its HUGE (if it's like mine) and doesn't need to be encrypted. Read up on moving your iTunes library out of your home folder, this will reduce the size you need...
     
  12. grahamnp thread starter macrumors 6502a

    Joined:
    Jun 4, 2008
    #12
    I probably haven't been explaining it well, sorry. I'll give an example:

    When I boot into XP and open My Computer, because I have Mac Drive installed, I can see my Macintosh HD partition and have full access to all the files within. This is obviously not secure and I know that the XP password is easily bypassed.

    After reading up about Filevault and hearing about all the problems with Time Machine, I probably will give it a miss. Just to many sacrifices IMO.

    Thanks for the replies.
     
  13. Rizvi1 macrumors 6502a

    Joined:
    Mar 29, 2006
    Location:
    Laurel, MD (Baltimore, MD / Washington, DC area)
    #13
    Yep, I use Filevault and keep movies, music, etc all on my shared folder. IF someone ever steals my laptop, they can access all that stuff w/ ease, but at least they can't get into my personal home folder. You can do this easily by just moving the entire music folder to the shared drive and then going into iTunes and changing where it points to.

    I'm dealing w/ an issue right now actually regarding my MacBook Pro running filevault which now has a damaged screen. I am trying to get all my files out of the home folder and onto another computer so that I can send in the damaged MBP in for repair and if something goes wrong, at least I have all my data. If I connect via target mode, I can't see anything in the home directory. But, if I start the macbook pro w/ the damaged screen, then I can login to it over my wireless w/ my login and password. With that, I was able to pull almost everything off of my home folder. I then put my damaged MBP into target mode and pulled everything off of the shared folder. Now though, when I try to get back in my damaged MBP over wireless, I can't get into my home anymore.

    My home directory just shows up empty and when I navigate from Leopard -> Users -> myusername, it just has that red-dash w/ circle icon on the folder. I don't understand what happened, I was able to get everything off of it before, why can't I Get into it now?

    Fortunately I was able to get everything important off so if I can't figure it out, I'll be ok. But it's bothering me. any thoughts?
     
  14. dyn macrumors 68020

    Joined:
    Aug 8, 2009
    Location:
    .nl
    #14
    You can also use things like TrueCrypt and encrypted disk images. You put the important personal documents/files in the encrypted disk image or TrueCrypt volume. It's just like a normal file so Time Machine won't have any problems with it. Since it's encrypted you can't restore a single item in the image, you can only restore the entire image. If you want to restore single items in the image you can resort to version control systems like Mercurial or Git. If you need to restore a single file you can do that using the version control system. However, you need to put the files in the disk image AND the version control system which can be a bit of a hassle.
     
  15. drjuice macrumors member

    Joined:
    Aug 19, 2008
    #15
    I'm kinda confused. You installed MacDrive to give Windows full access to your HFS+ formatted Mac partition. Couldn't you just uninstall MacDrive? If you do that and you're running Leopard, then your Boot Camp partition won't see your Mac boot partition. Boot Camp in Snow Leopard installs HFS+ drivers so that your Mac partition is recognized without any 3rd party software.

    Filevault would give you added security, but also another failure point. If the Filevault image becomes corrupted, your data is inaccessible. If you forget your password and didn't set a master password, your data is inaccessible. If you forget the master password, your data is inaccessible. If you have a good backup plan this is less of a problem, but still a pain in the ass.
     

Share This Page