DealsOnTheWeb Daily Deal: J&R Computerworld.com: Free Shipping on TVs 42" and Under - Extended
Computing with Bifocals - Protecting Your Files from Prying Eyes
by
- April 14th, 2006
In this column I am going to look at ways to protect sensitive information from being viewed even if an unauthorized person accesses your computer.
One way is to only save it to a CD, DVD, or thumb drive. With a thumb drive you can save over previously saved information. You can do that with some CDs, but it can be a real hassle to do. Also, there is always the danger of failure, so you need to save two or more copies of everything. You can lock up the stored information between uses. It will be necessary to implement a secure empty trash (Finder > Secure Empty Trash) dump after each session to make sure you don't leave information there.
Note: A Secure Empty Trash procedure takes longer than a normal Empty Trash command because the space on your drive is being written over many times. Also, Secure Empty Trash will not distinguish between your thumb drive and your hard drive. It won't hurt to do a Secure Empty Trash on your hard drive, but again, it does take more time.
Another way is to use FileVault. Before I discuss this though, I want to make clear that I don't personally recommend using it. Apple technicians for whom I have great respect say that they see a lot of ancillary problems that result from the use of FileVault. I never use it myself.
Nevertheless, it is an option. FileVault was introduced with OS 10.3 (Panther) to allow you to add file encryption to your home folder. It scrambles the information in your folder. To activate the FileVault security select Apple Menu > System Preferences > Security. When you turn on FileVault, you also set up a master password for the computer that you or another administrator can use if you forget your regular login password. If you are the administrator of the computer, and you can't remember the master password, the information in your home folder is lost forever.
FileVault Setup Pane
(Click the thumbnail for a larger image)
A third option is to encrypt specific files and folders. Think of it as making a password-protected folder.
It is a fairly simple process. The first step is to put the files you want to protect in a folder.
Then open Disk Utility. (Applications > Utilities > Disk Utilities).
Choose File > New > Disk Image From Folder.
Choose Disk Image From Folder and click on the
specific folder you want to save and click the Image button.
(Click the thumbnail for a larger image)
When the "New Image From Folder" pane opens enter the name you wish to assign to the folder and where you wish to store it. Then select AES-128 from the Encryption menu. When that is done, click the save button.
New Image From Folder Pane
(Click the thumbnail for a larger image)
Saving the document will prompt the final pane, the "Authenticate" pane to open. At this point you enter and verify a password. For true security, deselect the "Remember password in Keychain" box. If your password is part of your keychain record, anyone with administrator power can get to it.
Last, but not least, write down your password somewhere!
Authenticate Pane
(Click the thumbnail for a larger image)
I hope one of these ways will help meet your needs to make your important information secure.
Copies of Nancy's book Tips, Hints, and Solutions for Seasoned Beginners Using Apple Macintosh Computers With OS X are available in PDF download versions for US$9.57 and in print version for $18.15 plus $4.00 shipping. To view sample pages and get ordering information visit the September 14, 2004 column.
| Check out Nancy's complete index of all her columns for the most complete list of tips anywhere. The list is categorized and is a great reference when you are looking for help!
|
Nancy has a Master's degree in Human Services Administration and prior to her retirement she worked for almost 30 years in field of mental health and mental retardation. She has been a Mac user for 11 years, and has recently developed an avocation of teaching basic computer skills in both group and one-to-one settings.
Most Recent Computing With Bifocals Columns
- Of iPod Cases and System Preferences - August 30th
- Cool Tips, Kudos for Bob, & a Review - July 31st
- Two Apps for Reading and Browsing - June 23rd
Other "Computing With Bifocals" Columns
Observer Comments
Fri Apr 14, 2006 5:58 pm Subject: More Explanation of FileVault
Nancy, while I am all for keep our data safe, I think you have given FileVault short shrift. It is true that in its original incarnation FV was problematic and did not work well. Those bugs have been ironed out and fixed and now FV works as advertised.
There are two major things about using FV that you did not mention that you should have. 1 is that FV is intended for mobile users. This does not mean that owners of non-mobile Macs can't use it, but they won't see as much value out of the feature as mobile users might. 2 is that FileVault only encrypts your data when you are logged out of your account. When logged in your data is unencrypted just like if you were not using FileVault.
So if you are a mobile user, like I am, that wants a higher level of security when you are commuting then you should turn on FileVault. If your Powerbook or iBook is every lost or stolen, and you are logged out of your account, then if anyone tries to access your data they will not be able to.
This is the value of FileVault.
Sat Apr 15, 2006 9:28 am Subject: I have to disagree
FileVault persists in creating damaged disk images to this day on Apple Discussions. Many use it obviously who don't know how to take care of it, but the risk of data corruption is too high I believe to put your entire Home folder in a secure mode. It is the "all your eggs in one basket" issue. The Disk Utility image option is much safer, and much easier to create more than one copy, than an entire home folder. FileVault I believe was misconceived from the beginning.
I disagree. It is not that FileVault is "misconceived" so much as people don't know how to use it. If you do not let FV recover file space when it needs to then yes, you're going to wind up with damaged disc images, corrupted data, lost data, etc. Just like any software tool, if it is used correctly and with a little common sense, then FV is a valuable way to keep your Home directory encrypted and safe.
As I pointed out in my original post, though, FileVault isn't really intended to be used in a desktop environment. Knowing that it would be much better to use encrypted disk images created with Disk Utility to encrypt files, or to use something like PGP or GPG to encrypt individual files.
klaatu wrote: "So if you are a mobile user... that wants a higher level of security... then you should turn on FileVault."
And you neglected to mention the specific drawbacks of using FileVault:
1) as FileVault stores your entire home folder in a single, encrypted file, any file or disk corruption may trash your entire home folder and there are no tools available to recover data from an encrypted volume that has been corrupted. It's easy to act smug and tell someone who's lost all their data that they should have backed up regularly. The practical challenges of doing so on a regular basis, especially with large amounts of encrypted data, are rarely discussed. Remember that some people use their notebook as their primary/sole computer and that they look to FileVault to protect their data all around, not just when traveling. - An incomplete security solution is like installing a door lock worthy of Fort Knox on your front door, only to have a burglar easily slip in through a broken window in the rear.
2) Details of Apple's implementation of encryption in FileVault is not publicly disclosed, which means that no matter how secure the encrypted volume may be, slip-ups in how your password is handled by the OS, in and out of virtual memory, and in event your Mac goes into Sleep mode, may create a way for a highly motivated snoop to figure out your password and access your data. The only way to satisfy this concern is for Apple to publicize the details of how this is all handled and therefore make it subject to peer review.
3) Performance. While FileVault's performance hit may be minimal on a fairly new computer running most software, you will have a huge performance hit for certain tasks such as video and video editing.
gopher wrote: "The Disk Utility image option is much safer, and much easier to create more than one copy, than an entire home folder."
Yeah, except for the fact that an encrypted volume in OSX has a fixed size, making it difficult to work with when you run out of space, at which point you have to recreate the volume from scratch. Result: You end up either having to go through this ridiculous process repeatedly (and exposing all your unencrypted data to the disk) or you have to create a ridiculously large encrypted volume to accommodate all the data you think may even be stored there.
QuoteGuest wrote:
And you neglected to mention the specific drawbacks of using FileVault:
1) as FileVault stores your entire home folder in a single, encrypted file, any file or disk corruption may trash your entire home folder and there are no tools available to recover data from an encrypted volume that has been corrupted. It's easy to act smug and tell someone who's lost all their data that they should have backed up regularly. The practical challenges of doing so on a regular basis, especially with large amounts of encrypted data, are rarely discussed. Remember that some people use their notebook as their primary/sole computer and that they look to FileVault to protect their data all around, not just when traveling. - An incomplete security solution is like installing a door lock worthy of Fort Knox on your front door, only to have a burglar easily slip in through a broken window in the rear.
Please correct me if I'm wrong but it sounds like you are saying here that because backing up data is a pain you shouldn't use FileVault. Is that correct? I have no difficulty backing up my Home directory every week (and more often if I think I need to) because when I am logged in the data is <i>not encrypted</i>. I use my powerbook as my sole computer and backing up my data is easy. I don't understand your argument at all. If you just don't like using FileVault that's fine, but saying it is difficult to backup data when using it is just plain wrong.
Quote3) Performance. While FileVault's performance hit may be minimal on a fairly new computer running most software, you will have a huge performance hit for certain tasks such as video and video editing.
There is no performance hit when using FileVault because the data is encrypted and decrypted only at log out and log in. While you are logged in the data is fully decrypted. There is no encryption going on while a user is logged in to an account.
When using FileVault I recommend that people not keep things like large digital video files or large collections of music in the Home directory. This can cause large delays in encrypting and recovering disk space when logging in and out. But this is just my opinion on where to keep data like that. If someone on a laptop wants to keep digital video files in their Home folder they can. I don't.
[quote="klaatu"]
QuoteGuest wrote:
There is no performance hit when using FileVault because the data is encrypted and decrypted only at log out and log in. While you are logged in the data is fully decrypted. There is no encryption going on while a user is logged in to an account.
When using FileVault I recommend that people not keep things like large digital video files or large collections of music in the Home directory. This can cause large delays in encrypting and recovering disk space when logging in and out. But this is just my opinion on where to keep data like that. If someone on a laptop wants to keep digital video files in their Home folder they can. I don't.
Not true. Filevault encrypts and decrypts on-the-fly, and this does create a quite large performance hit when using iMovie or similar apps. Don't believe me? Check out Apple's article on the subject - http://docs.info.apple.com/article.html?artnum=93460Ð’
I think you may be misunderstanding what Apple means by the term "on the fly" in that article. It is understandable, since it is an ambiguous term. What they mean by that term is that files in the Home directory are encrypted and decrypted "on the fly" when the account is logged in or out. Both that article and the FileVault page <http://www.apple.com/macosx/features/filevault/> should be edited to be more clear.
I'm not trying to convince you to use FileVault if you don't want to. But there are some misconceptions about FV out there and hopefully we can clear them up.
Recent Headlines - Updated Saturday, November 29th, 2008
- Sat., 9:00 PM
- Podcast - Apple Weekly Report #135: Apple Lawsuits, Banned iPhone Ad, Green MacBook Ad
- Fri., 12:45 PM
- Podcast - Mac Geek Gab #178: Batch Permission Changes, Encrypting Follow-up, Re-Enabling AirPort, and GigE speeds
- Thu., 1:30 PM
- iPO Review - Scosche kickBACK iPhone case
- 7:00 AM
- Happy Thanksgiving from TMO!
- Wed., 6:00 PM
- TMO Appearances - Nancy Gravley Joins MacJury Gift Guide
- 5:15 PM
- TMO Visits The Bay, a Premium Apple Reseller in New Zealand
- 3:25 PM
- iPO Oh the Games You'll Play - iPhone: The Wii of Handheld Gaming Devices?
- 2:15 PM
- Sonnet Releases Simply Fast FireWire 800 to 400 Adapter
- 1:10 PM
- Mac Gaming News - Disney Plans 1st Annual PotC Online Thanksgiving Event
- 12:05 PM
- iPodObserver - UK Shuts Down iPhone 3G Ad
- 11:15 AM
- TMO Appearances - Jeff Gamet on MacJury Gift Guide
- 10:30 AM
- TMO Contest - TMO Announces Macworld Expo Pass Winners
- 9:50 AM
- PhotoCopy 1.1 Adds iPhoto Event Support
- 9:15 AM
- Acclivity Buys MYOB US
- 8:30 AM
- Review - Bento 2 Holiday Pack
- 7:50 AM
- Microsoft Offers Black Friday Office Discount
- 7:30 AM
- iPO Quick Tip - iPhone: Google Street View
The Mac Observer Reader Specials
- Download Typestyler, still the Ultimate Styling Tool for Internet, Print and Video Graphics. Works great in Classic with a Native OS X Version on the way. Free Tryout: www.typestyler.com
Seagate 1TB 7200.11 7200RPM/32MB Cache SATA Drive $112 Hitachi 320GB 7200RPM/16MB Cache 2.5" SATA Drive $96. Samsung 500GB 5400RPM/8MB Cache 2.5" SATA Drive $138. ATA-SATA Internal External Firewire Drives & More. Click to Maximize your Macs...
Mac observers can now play Party Poker for Mac as well as Mac casino games by going to MacPokerOnline.com.
RamJet Memory: Mac Pro FB-DIMMs: 2Gig kit $95, 4Gig Kit $179, 8Gig Kit $355! MacBook 2Gig Kit $78, 4Gig Kit $149! Click hereFor the latest Apple products use Ciao a comparison website to find laptops like MacBook Air. Then find the best prices on MP3 players and use our comparison tool to evaluate cell phones.
Laptop Hardware Provided by TechRestore - Overnight Mac & iPod Repairs.
Marshmallow Popper Gun Shooter: $9.99 Delivered - Make the Yam Side Dish a Sporting Event 
OnSale's ThanksGiving Day/Black Friday Combo Sale - Turkey, Deals, and LeftOvers - The Holiday Trifecta! 
Fall Knuckle Deep into Dell Small Business's Black Friday Sale - Going on Now!!!!! 
File Your Nails Now - Overstock's Black Friday Sale is Coming! Get Great Gifts at Great Prices 
