Who uses FileVault in 10.5?

[iShater]

I have been using FileVault for 1.5+ years now on my notebooks.

I started on the 12" PowerBook under Tiger, and when I upgraded to my mid-2008 MBP, I continued using it under Leopard.

I have had no issues so far, but I do my regular backups and clones of the internal drive.

These are my rules:
1) Create another admin account that doesn't use FileVault. I use it when cloning the system so that it clones the FV disk image for my primary account.

2) Perform your weekly backups as normal, and if you are paranoid and work with a lot of important stuff, do a daily incremental backup.

3) Do clone your internal once a month for disaster recovery

4) If you need to turn off FV, you need a lot of disk space. Best way would be to relocate your big file to an external before doing so. You might be able to clone the HD to an external and bring it back using the FV account. AFAIK, cloning applications can't see it, so they copy the contents of the FV to the external clone and you can use that clone as a normal non-FV account.

5) I keep HUGE files in a special directory OUTSIDE my home folder. I have a sparse encrypted disk image that I use for iTunes, and for other files like big movies or junk like that, I have a non-encrypted folder.

 

[mason.kramer]

FileVault is weak

I don't like FileVault for anyone, even ones that have some data to secure. Here's why:

1. Encryption in general puts one at risk of data loss. Nothing can restore an encrypted disk image that has a single flipped bit, or for which the password is lost. So for most users, you just don't want to encrypt your data, period.

2. FileVault encrypts too much stuff. It encrypts your account preferences. In encrypts your cache. It encrypts your font library. It encrypts your movies, your iTunes library, and your program support files. None of these things generally need to be encrypted, and again, encrypting them puts you at risk of data loss. It also taxes the system unnecessarily.

3. Does not play nice with TimeMachine. The ability to use sparsebundles instead of regular disk images helps this problem somewhat (before that, it had to archive your entire home directory every time - and since you can't pick your own times, that was once every 30 minutes - clearly broken). You still have to logout to encrypt, and this is frankly a bigger problem than it sounds, since many do not log out ever, and no one logs out during a work session, so you never get backed up during a work session.

4. Does not play nice with any syncing software you might use (e.g., ChronoSync, rsync), since it has to re-sync the entire home folder any time a single byte of data is changed. If you use a sparsebundle, it still has to sync at least one band and usually a lot more bands, since cache file and log file changes will change a band.

5. There is a built in workaround to this problem for users that only have a few files to encrypt. Use disk utility to create a sparebundle named ~/secure.sparsebundle. Add the encryption password of your choice. Mount the image, and save the password to your keychain. Add the mounted image to your login items. Now you have a secure virtual volume that will automatically mount when you login (just like FileVault does it), but it only encrypts what you really want to keep encrypted. I've been using this for 18 months. It works great. Now you can direct any data you wish to encrypt into that volume (your mail, etc) and you can even add a symlink to its default location in your ~ so that other programs play nice with it.

Edit: there were some skeptics who argue that my method will cause the Time-Machine archived secure.sparsebundle to be corrupted, and that the volume must be unmounted before it can be faithfully backed up. Again, I have been using Time Machine and this method together for 18 months, and I have checked some sample backups secure.sparsebundle and it is not corrupted. This, admittedly, is anecdotal evidence. If you are worried about it, you should use a logout script to unmount and backup the secure volume. Time Machine will then back that up, and you have a good backup of the volume.