Security with or without Filevault?

[tooobe]

Hi,

I have a 2010 Macbook Air that I have secured with a firmware password and am currently using Filevault 2. I also have a guest account with tracking software enabled.

Recently I was wondering whether the Filevault encryption actually added any security for me. With it enabled, any thief would not be able to log in to my administrator account, nor would they be able to reinstall OSX because of the firmware password (and since the battery and memory is non-removable the firmware password cannot be reset, right? I'm hoping removing and reattaching the SSD would not reset the firmware password?).

If I were to remove the Filevault encryption, the thief would still not be able to reinstall or login to my password protected administrator account, right? Would they be able to access my files from another computer by connecting the SSD to it somehow? I guess my question is how secure the account password is by itself?

Since my Core2Duo processor doesn't have hardware accelerated encryption, I would prefer to not use Filevault if it doesn't reduce my security by too much (I get that my files would no longer be encrypted, but what level of protection would they have by the account password? None?)

Not sure where to put this thread, feel free to move it if I picked the wrong spot. Thanks for any replies!

 

[maflynn]

Without encryption, a thief could easily reset the admin password and gain access to your home folder.

If you want to ensure your data does not fall into someone else's hands if the laptop is stolen, then you need to encrypt that data. The best and most seamless solution is File Vault, though nothing is stopping you from using other encryption programs.

 

[jonasdamn]

Without encryption, a thief could easily reset the admin password and gain access to your home folder.

If you want to ensure your data does not fall into someone else's hands if the laptop is stolen, then you need to encrypt that data. The best and most seamless solution is File Vault, though nothing is stopping you from using other encryption programs.

there is any impact for performance using filevault? ;D never used it

 

[maflynn]

There is overhead but unlike the first version of FileVault its marginal and not really noticeable. I didn't really notice any slow downs.

 

[Weaselboy]

there is any impact for performance using filevault? ;D never used it

There is some impact, but it is not significant. Here are some tests with and without FV2. I have been using FV2 since Lion came out and I don't notice any speed difference at all.

Just to echo the previous posts, if you want your data secure you do want to turn on FV2. Without it, it is very simple to bypass your login and get to your data.

No, removing the SSD will not reset the firmware password. In older Macs the FW password would reset if you made a hardware change, but this is no longer the case.

 

[bobr1952]

There is overhead but unlike the first version of FileVault its marginal and not really noticeable. I didn't really notice any slow downs.

I have Firevault enabled on my rMBP and really have not noticed any impact in performance. I do check CPU usage frequently--and monitor it with iStat--so I totally agree that encryption is the way to go as far as securing your data--and Firevault provides a totally seamless way to do it. Highly recommended.

 

[jonasdamn]

thank you guys, going to use filevault, firmware password already have set.

 

[0983275]

Using Filevault on my MBA too, haven't noticed any performance decrease.

I always encrypt everything if I can, it's no fun if you lose one of your devices and someone gets the full access to your data.

 

[tooobe]

There is some impact, but it is not significant. Here are some tests with and without FV2. I have been using FV2 since Lion came out and I don't notice any speed difference at all.

Just to echo the previous posts, if you want your data secure you do want to turn on FV2. Without it, it is very simple to bypass your login and get to your data.

No, removing the SSD will not reset the firmware password. In older Macs the FW password would reset if you made a hardware change, but this is no longer the case.

Yeah but that is with an i7 processor which has built in hardware accelerated encryption. My Core2Duo is likely to take ~20-30% hit in performance.

----------

There is some impact, but it is not significant. Here are some tests with and without FV2. I have been using FV2 since Lion came out and I don't notice any speed difference at all.

Just to echo the previous posts, if you want your data secure you do want to turn on FV2. Without it, it is very simple to bypass your login and get to your data.

No, removing the SSD will not reset the firmware password. In older Macs the FW password would reset if you made a hardware change, but this is no longer the case.

Wait, so you're saying that on a new MBP with removable memory, it wouldn't reset the firmware password if you were to remove it? That's news to me! Great news...

----------

Without encryption, a thief could easily reset the admin password and gain access to your home folder.

If you want to ensure your data does not fall into someone else's hands if the laptop is stolen, then you need to encrypt that data. The best and most seamless solution is File Vault, though nothing is stopping you from using other encryption programs.

Thank you for the answer! However, could you be a little more specific as to how they would do it, and the level of protection the account password provides by itself? Can't seem to find this information when I google it...

 

[Weaselboy]

Yeah but that is with an i7 processor which has built in hardware accelerated encryption. My Core2Duo is likely to take ~20-30% hit in performance.

I have been using it since Lion on low end (not i7) MBAs and while I am sure a benchmark program would show a write speed drop, just using the machine normally I cannot tell the difference. Try it out and if you don't like it, it is easy to turn it back off. Money back guarantee!

Wait, so you're saying that on a new MBP with removable memory, it wouldn't reset the firmware password if you were to remove it? That's news to me! Great news...

Yep... that is exactly what I am saying. Read this.

Thank you for the answer! However, could you be a little more specific as to how they would do it, and the level of protection the account password provides by itself? Can't seem to find this information when I google it...

On a Mac without FV2 on you can reset the admin PW through the recovery partition. You can read about it here. Now you have roadblocked that a bit by turning on the EFI (firmware) PW which would stop a command-r boot to recovery, but the drive could still be placed in another machine and have the admin PW reset like described in the article.

 

[tooobe]

I have been using it since Lion on low end (not i7) MBAs and while I am sure a benchmark program would show a write speed drop, just using the machine normally I cannot tell the difference. Try it out and if you don't like it, it is easy to turn it back off. Money back guarantee!



Yep... that is exactly what I am saying. Read this.



On a Mac without FV2 on you can reset the admin PW through the recovery partition. You can read about it here. Now you have roadblocked that a bit by turning on the EFI (firmware) PW which would stop a command-r boot to recovery, but the drive could still be placed in another machine and have the admin PW reset like described in the article.

As I said in my first post, I already have Filevault enabled, and have had it for several years. I just reformatted my Air and I can definitely tell the difference now that I have it disabled, compared to a fresh install with it enabled. My Core2Duo is no speed machine as it is, and Filevault definitely isn't helping
That's the whole reason i'm hesitant to flip the switch and turn it on...

Ok, thanks for that link! So that is the only attack vector I open up by disabling Filevault - someone thief removing my SSD and putting it in another computer, and just flipping a switch to reset my account password? Guess I will have to have a think if disabling Filevault is worth that risk.

 

[RightMACatU]

What's the impact of VF2 on Time Machine backups?
I would assume that Time Machine backs up your data in unencrypted format.

 

[Weaselboy]

What's the impact of VF2 on Time Machine backups?
I would assume that Time Machine backs up your data in unencrypted format.

FV2 has no impact on TM backups. With the vault "open" all files are in the clear and backed up to TM as such.

If you want to encrypt TM backups you need to do that separately. Go to TM prefs and in the select disk pane there is a checkbox to encrypt TM backups.

 

[bobr1952]

FV2 has no impact on TM backups. With the vault "open" all files are in the clear and backed up to TM as such.

If you want to encrypt TM backups you need to do that separately. Go to TM prefs and in the select disk pane there is a checkbox to encrypt TM backups.

And I would recommend doing this if you do use Firevault. if you encrypt your laptop, no reason not to also encrypt your backup (although of course it is much easier to steal the laptop than the backup you have secured at home).

 

[tooobe]

Please don't hijack my thread with Time Machine questions

 

[abz1981]

I switched on firevault 2 for the first time on my MBA am using lion. Not noticed any difference in performance.

 

[tooobe]

For the last time... the Core2Duo takes a massive hit compared to the i5 and i7. Check this page for example, SSD performance is down by 50% in some cases: http://www.practiceofcode.com/post/8681712620/macbook-air-ssd-benchmarks-2010-vs-2011-vs-lion

An average drop in performance of 44%, compared to 18% for the i7 processor.

Can we get back to my topic? Got some good answers in this thread, and I am thankful for those!

 

[flynz4]

For the last time... the Core2Duo takes a massive hit compared to the i5 and i7. Check this page for example, SSD performance is down by 50% in some cases: http://www.practiceofcode.com/post/8681712620/macbook-air-ssd-benchmarks-2010-vs-2011-vs-lion

An average drop in performance of 44%, compared to 18% for the i7 processor.

Can we get back to my topic? Got some good answers in this thread, and I am thankful for those!

If your data is important to you... and I assume that it is (since you started this thread)... then you encrypt your data, irrespective of how much of a performance hit you take. Otherwise... you are taking the position that your data is not important.

I would consider the "baseline" performance of any machine I own to be the performance with FV2 encryption turned on. Nothing less is acceptable to me.

/Jim

 

[tooobe]

If your data is important to you... and I assume that it is (since you started this thread)... then you encrypt your data, irrespective of how much of a performance hit you take. Otherwise... you are taking the position that your data is not important.

I would consider the "baseline" performance of any machine I own to be the performance with FV2 encryption turned on. Nothing less is acceptable to me.

/Jim

The data is "kind of important", which is why I would like some more details into the security without Filevault enabled. Just saying "if your data is important the use Filevault" doesn't explain anything to me. I know Filevault is the only totally secure solution (within reason), but what I want to know is "how secure is it with just Firmware password and account password". Guess I kind of got the answer earlier in the thread though - someone could remove the SSD and put it in another computer and access my files from there. Or is there another weaknesses without Filevault? If not, i would have to think about whether someone would go to that trouble for my files, which are not THAT confidential. My guess is "probably not".

 

[halledise]

The data is "kind of important", which is why I would like some more details into the security without Filevault enabled. Just saying "if your data is important the use Filevault" doesn't explain anything to me. I know Filevault is the only totally secure solution (within reason), but what I want to know is "how secure is it with just Firmware password and account password". Guess I kind of got the answer earlier in the thread though - someone could remove the SSD and put it in another computer and access my files from there. Or is there another weaknesses without Filevault? If not, i would have to think about whether someone would go to that trouble for my files, which are not THAT confidential. My guess is "probably not".

if you have data which is that sensitive - (with all the other "kind of important" data) then FileVault will protect you. [period]
just don't mislay your password
if not - sorry can't help.
wtf are you wanting to protect for goodness' sake

 

[Weaselboy]

The data is "kind of important", which is why I would like some more details into the security without Filevault enabled. Just saying "if your data is important the use Filevault" doesn't explain anything to me. I know Filevault is the only totally secure solution (within reason), but what I want to know is "how secure is it with just Firmware password and account password". Guess I kind of got the answer earlier in the thread though - someone could remove the SSD and put it in another computer and access my files from there. Or is there another weaknesses without Filevault? If not, i would have to think about whether someone would go to that trouble for my files, which are not THAT confidential. My guess is "probably not".

If you don't want to use FV2, and only care about some of the files on your system, you could use Disk Util to make a encrypted sparse bundle DMG then just keep those files inside the encrypted DMG and open it when you need to. This would work if you just have say a handful of documents you want to protect.

 

[ValSalva]

FWIW, I'm using FV2 on a 2010 11" MacBook Air. It would be ridiculous to be doing video editing or gaming on this machine... so for what I do, web/app development, coding, etc., I don't notice any slowdown.

 

[flynz4]

The data is "kind of important", which is why I would like some more details into the security without Filevault enabled. Just saying "if your data is important the use Filevault" doesn't explain anything to me. I know Filevault is the only totally secure solution (within reason), but what I want to know is "how secure is it with just Firmware password and account password". Guess I kind of got the answer earlier in the thread though - someone could remove the SSD and put it in another computer and access my files from there. Or is there another weaknesses without Filevault? If not, i would have to think about whether someone would go to that trouble for my files, which are not THAT confidential. My guess is "probably not".

If your data is not encrypted on the disk... then it is trivial to steal the data once someone has your machine. As stated... simply move the drive to a different machine.

What do you consider "kind of important"? For example... do you have an email account on the computer? Most email accounts have enough information to easily perform identity theft. I would consider that "extremely important". You probably have data that is even more sensitive on your computer.

The bottom line of my recommendation is to NOT try to determine if you want FV2 on/off based on the performance of your machine. Instead... realize that FV2 will be turned on permanently as soon as you begin setting up your computer for the first time... and buy a machine that will fill your needs accordingly.

/Jim