Well, after almost two years of Mac usage, culminating in an extremely satisfying result with Time Machine two weeks ago, I’m afraid to say that I finally have a complaint about OS X. :-(
As you will recall from my previous post, my stolen iMac was replaced with an aluminium MacBook. A few days after successfully restoring from Time Machine I decided I should probably use FileVault, especially seeing as how laptops are probably at a higher risk of being stolen than desktops (even when said desktops are cable-locked to the desk!).
Unfortunately, though, after using FileVault for a week, I have decided to un-FileVault. The reasons for this decision are:
- Time Machine only backs up the encrypted sparseimage, not the actual files inside. If the data is especially sensitive then this may well be considered a benefit as it means the files are protected on the backup drive too. However, security decisions always involve trade-offs and the trade-off in this case is that your files aren’t being backed up every hour while you’re working. The backup of your home folder doesn’t occur until you log off, as the system needs to unmount the sparseimage before it can be safely written to disk.
- Following on from the first point, because the sparseimage file isn’t backed up until you log off, shutting down takes a few minutes rather than a few seconds. Whilst this hasn’t been an issue for me yet, I could see it being a real pain in some situations.
- And unless there is something funky going on under the hood, the system saves the entire image file each time you logout, not deltas (which would be a tricky and dangerous approach anyway). So whilst the iMac (which was not running FileVault) consumed less than 400GB of space in 10 months of Time Machine backups, one week with FileVault has consumed about 80GB.
- Finally, there is quite a well known bug when running FileVault that prevents changes to default settings from sticking. For example, although Firefox was previously set as my default browser, after turning on FileVault Safari became my default browser and changing the option back with Firefox would only work until the next reboot. Additionally, some other really annoying settings wouldn’t stick with, like the default view of my home folder became the icon view rather than the details view, which annoyed me even more than the browser setting, to be honest.
I must confess, I was prepared to live with the first three issues but the fourth issue was the deal breaker for me. Not only is it annoying, we don’t really know how far the issue extends, which may have consequences for my rather complicated development setup. Moreover, being such a complex and sensitive sub-system, one really needs 100% confidence that it isn’t going to shit itself one day, resulting in loss of your most important data. And the fact that Apple has ignored this bug for so many years significantly reduces my confidence in FileVault.
So my advice for Apple users who do not have to maintain CIA/NSA levels of data security is as follows:
- Do NOT use FileVault.
- DO use Time Machine.
- If you’re letting Firefox remember passwords, DO make sure you’re using a Master Password to protect those passwords.
- DO create an encrypted sparseimage to store sensitive documents. For easy access you can add the password to your keychain, which saves the hassle of having to enter it all the time but prevents a thief from accessing the data (unless they have your login password, which they won’t unless you stuck it to your screen with a post-it note!).
As I mentioned previously, security decisions always involve trade-offs. And in this case the trade-off is between reliability/effective backups and security. In my opinion, keeping sensitive documents in their own encrypted sparseimage is enough security for 90% of users and it maintains maximum reliability and effectiveness of Time Machine.