Security with or without Filevault?

Discussion in 'MacBook Air' started by tooobe, Oct 4, 2013.

  1. tooobe macrumors regular

    Joined:
    Nov 3, 2008
    #1
    Hi,

    I have a 2010 Macbook Air that I have secured with a firmware password and am currently using Filevault 2. I also have a guest account with tracking software enabled.

    Recently I was wondering whether the Filevault encryption actually added any security for me. With it enabled, any thief would not be able to log in to my administrator account, nor would they be able to reinstall OSX because of the firmware password (and since the battery and memory is non-removable the firmware password cannot be reset, right? I'm hoping removing and reattaching the SSD would not reset the firmware password?).

    If I were to remove the Filevault encryption, the thief would still not be able to reinstall or login to my password protected administrator account, right? Would they be able to access my files from another computer by connecting the SSD to it somehow? I guess my question is how secure the account password is by itself?

    Since my Core2Duo processor doesn't have hardware accelerated encryption, I would prefer to not use Filevault if it doesn't reduce my security by too much (I get that my files would no longer be encrypted, but what level of protection would they have by the account password? None?)

    Not sure where to put this thread, feel free to move it if I picked the wrong spot. Thanks for any replies!
     
  2. maflynn Moderator

    maflynn

    Staff Member

    Joined:
    May 3, 2009
    Location:
    Boston
    #2
    Without encryption, a thief could easily reset the admin password and gain access to your home folder.

    If you want to ensure your data does not fall into someone else's hands if the laptop is stolen, then you need to encrypt that data. The best and most seamless solution is File Vault, though nothing is stopping you from using other encryption programs.
     
  3. jonasdamn macrumors 6502a

    Joined:
    Mar 4, 2013
    #3
    there is any impact for performance using filevault? ;D never used it
     
  4. maflynn Moderator

    maflynn

    Staff Member

    Joined:
    May 3, 2009
    Location:
    Boston
    #4
    There is overhead but unlike the first version of FileVault its marginal and not really noticeable. I didn't really notice any slow downs.
     
  5. Weaselboy Moderator

    Weaselboy

    Staff Member

    Joined:
    Jan 23, 2005
    Location:
    California
    #5
    There is some impact, but it is not significant. Here are some tests with and without FV2. I have been using FV2 since Lion came out and I don't notice any speed difference at all.

    Just to echo the previous posts, if you want your data secure you do want to turn on FV2. Without it, it is very simple to bypass your login and get to your data.

    No, removing the SSD will not reset the firmware password. In older Macs the FW password would reset if you made a hardware change, but this is no longer the case.
     
  6. bobr1952 macrumors 68020

    bobr1952

    Joined:
    Jan 21, 2008
    Location:
    Melbourne, FL
    #6
    I have Firevault enabled on my rMBP and really have not noticed any impact in performance. I do check CPU usage frequently--and monitor it with iStat--so I totally agree that encryption is the way to go as far as securing your data--and Firevault provides a totally seamless way to do it. Highly recommended.
     
  7. jonasdamn macrumors 6502a

    Joined:
    Mar 4, 2013
    #7
    thank you guys, going to use filevault, firmware password already have set.
     
  8. Idarzoid macrumors 6502

    Joined:
    Mar 15, 2013
    #8
    Using Filevault on my MBA too, haven't noticed any performance decrease.

    I always encrypt everything if I can, it's no fun if you lose one of your devices and someone gets the full access to your data.
     
  9. tooobe thread starter macrumors regular

    Joined:
    Nov 3, 2008
    #9
    Yeah but that is with an i7 processor which has built in hardware accelerated encryption. My Core2Duo is likely to take ~20-30% hit in performance.

    ----------

    Wait, so you're saying that on a new MBP with removable memory, it wouldn't reset the firmware password if you were to remove it? That's news to me! Great news...

    ----------

    Thank you for the answer! However, could you be a little more specific as to how they would do it, and the level of protection the account password provides by itself? Can't seem to find this information when I google it...
     
  10. Weaselboy Moderator

    Weaselboy

    Staff Member

    Joined:
    Jan 23, 2005
    Location:
    California
    #10


    I have been using it since Lion on low end (not i7) MBAs and while I am sure a benchmark program would show a write speed drop, just using the machine normally I cannot tell the difference. Try it out and if you don't like it, it is easy to turn it back off. Money back guarantee! :D

    Yep... that is exactly what I am saying. Read this.

    On a Mac without FV2 on you can reset the admin PW through the recovery partition. You can read about it here. Now you have roadblocked that a bit by turning on the EFI (firmware) PW which would stop a command-r boot to recovery, but the drive could still be placed in another machine and have the admin PW reset like described in the article.
     
  11. tooobe thread starter macrumors regular

    Joined:
    Nov 3, 2008
    #11
    As I said in my first post, I already have Filevault enabled, and have had it for several years. I just reformatted my Air and I can definitely tell the difference now that I have it disabled, compared to a fresh install with it enabled. My Core2Duo is no speed machine as it is, and Filevault definitely isn't helping :)
    That's the whole reason i'm hesitant to flip the switch and turn it on...

    Ok, thanks for that link! So that is the only attack vector I open up by disabling Filevault - someone thief removing my SSD and putting it in another computer, and just flipping a switch to reset my account password? Guess I will have to have a think if disabling Filevault is worth that risk.
     
  12. RightMACatU macrumors 65816

    RightMACatU

    Joined:
    Jul 12, 2012
    Location:
    192.168.1.1
    #12
    What's the impact of VF2 on Time Machine backups?
    I would assume that Time Machine backs up your data in unencrypted format.
     
  13. Weaselboy Moderator

    Weaselboy

    Staff Member

    Joined:
    Jan 23, 2005
    Location:
    California
    #13
    FV2 has no impact on TM backups. With the vault "open" all files are in the clear and backed up to TM as such.

    If you want to encrypt TM backups you need to do that separately. Go to TM prefs and in the select disk pane there is a checkbox to encrypt TM backups.
     
  14. bobr1952 macrumors 68020

    bobr1952

    Joined:
    Jan 21, 2008
    Location:
    Melbourne, FL
    #14
    And I would recommend doing this if you do use Firevault. if you encrypt your laptop, no reason not to also encrypt your backup (although of course it is much easier to steal the laptop than the backup you have secured at home).
     
  15. tooobe thread starter macrumors regular

    Joined:
    Nov 3, 2008
    #15
    Please don't hijack my thread with Time Machine questions :)
     
  16. abz1981 macrumors 65816

    Joined:
    Jan 3, 2011
    #16
    I switched on firevault 2 for the first time on my MBA am using lion. Not noticed any difference in performance.
     
  17. tooobe thread starter macrumors regular

    Joined:
    Nov 3, 2008
    #17
  18. flynz4 macrumors 68040

    Joined:
    Aug 9, 2009
    Location:
    Portland, OR
    #18
    If your data is important to you... and I assume that it is (since you started this thread)... then you encrypt your data, irrespective of how much of a performance hit you take. Otherwise... you are taking the position that your data is not important.

    I would consider the "baseline" performance of any machine I own to be the performance with FV2 encryption turned on. Nothing less is acceptable to me.

    /Jim
     
  19. tooobe thread starter macrumors regular

    Joined:
    Nov 3, 2008
    #19
    The data is "kind of important", which is why I would like some more details into the security without Filevault enabled. Just saying "if your data is important the use Filevault" doesn't explain anything to me. I know Filevault is the only totally secure solution (within reason), but what I want to know is "how secure is it with just Firmware password and account password". Guess I kind of got the answer earlier in the thread though - someone could remove the SSD and put it in another computer and access my files from there. Or is there another weaknesses without Filevault? If not, i would have to think about whether someone would go to that trouble for my files, which are not THAT confidential. My guess is "probably not".
     
  20. halledise macrumors 65816

    Joined:
    May 7, 2009
    Location:
    Hamilton Island, Whitsundays, QLD Australia
    #20
    if you have data which is that sensitive - (with all the other "kind of important" data) then FileVault will protect you. [period]
    just don't mislay your password ;)
    if not - sorry can't help.
    wtf are you wanting to protect for goodness' sake
     
  21. Weaselboy Moderator

    Weaselboy

    Staff Member

    Joined:
    Jan 23, 2005
    Location:
    California
    #21
    If you don't want to use FV2, and only care about some of the files on your system, you could use Disk Util to make a encrypted sparse bundle DMG then just keep those files inside the encrypted DMG and open it when you need to. This would work if you just have say a handful of documents you want to protect.
     
  22. ValSalva macrumors 68040

    ValSalva

    Joined:
    Jun 26, 2009
    Location:
    Burpelson AFB
    #22
    FWIW, I'm using FV2 on a 2010 11" MacBook Air. It would be ridiculous to be doing video editing or gaming on this machine... so for what I do, web/app development, coding, etc., I don't notice any slowdown.
     
  23. flynz4 macrumors 68040

    Joined:
    Aug 9, 2009
    Location:
    Portland, OR
    #23
    If your data is not encrypted on the disk... then it is trivial to steal the data once someone has your machine. As stated... simply move the drive to a different machine.

    What do you consider "kind of important"? For example... do you have an email account on the computer? Most email accounts have enough information to easily perform identity theft. I would consider that "extremely important". You probably have data that is even more sensitive on your computer.

    The bottom line of my recommendation is to NOT try to determine if you want FV2 on/off based on the performance of your machine. Instead... realize that FV2 will be turned on permanently as soon as you begin setting up your computer for the first time... and buy a machine that will fill your needs accordingly.

    /Jim
     

Share This Page