DealsOnTheWeb Daily Deal: 8GB iPod Touch: $229 Delivered
Computing with Bifocals - Protecting Your Files from Prying Eyes
by
- April 14th, 2006
In this column I am going to look at ways to protect sensitive information from being viewed even if an unauthorized person accesses your computer.
One way is to only save it to a CD, DVD, or thumb drive. With a thumb drive you can save over previously saved information. You can do that with some CDs, but it can be a real hassle to do. Also, there is always the danger of failure, so you need to save two or more copies of everything. You can lock up the stored information between uses. It will be necessary to implement a secure empty trash (Finder > Secure Empty Trash) dump after each session to make sure you don't leave information there.
Note: A Secure Empty Trash procedure takes longer than a normal Empty Trash command because the space on your drive is being written over many times. Also, Secure Empty Trash will not distinguish between your thumb drive and your hard drive. It won't hurt to do a Secure Empty Trash on your hard drive, but again, it does take more time.
Another way is to use FileVault. Before I discuss this though, I want to make clear that I don't personally recommend using it. Apple technicians for whom I have great respect say that they see a lot of ancillary problems that result from the use of FileVault. I never use it myself.
Nevertheless, it is an option. FileVault was introduced with OS 10.3 (Panther) to allow you to add file encryption to your home folder. It scrambles the information in your folder. To activate the FileVault security select Apple Menu > System Preferences > Security. When you turn on FileVault, you also set up a master password for the computer that you or another administrator can use if you forget your regular login password. If you are the administrator of the computer, and you can't remember the master password, the information in your home folder is lost forever.
FileVault Setup Pane
(Click the thumbnail for a larger image)
A third option is to encrypt specific files and folders. Think of it as making a password-protected folder.
It is a fairly simple process. The first step is to put the files you want to protect in a folder.
Then open Disk Utility. (Applications > Utilities > Disk Utilities).
Choose File > New > Disk Image From Folder.
Choose Disk Image From Folder and click on the
specific folder you want to save and click the Image button.
(Click the thumbnail for a larger image)
When the "New Image From Folder" pane opens enter the name you wish to assign to the folder and where you wish to store it. Then select AES-128 from the Encryption menu. When that is done, click the save button.
New Image From Folder Pane
(Click the thumbnail for a larger image)
Saving the document will prompt the final pane, the "Authenticate" pane to open. At this point you enter and verify a password. For true security, deselect the "Remember password in Keychain" box. If your password is part of your keychain record, anyone with administrator power can get to it.
Last, but not least, write down your password somewhere!
Authenticate Pane
(Click the thumbnail for a larger image)
I hope one of these ways will help meet your needs to make your important information secure.
Copies of Nancy's book Tips, Hints, and Solutions for Seasoned Beginners Using Apple Macintosh Computers With OS X are available in PDF download versions for US$9.57 and in print version for $18.15 plus $4.00 shipping. To view sample pages and get ordering information visit the September 14, 2004 column.
| Check out Nancy's complete index of all her columns for the most complete list of tips anywhere. The list is categorized and is a great reference when you are looking for help!
|
Nancy has a Master's degree in Human Services Administration and prior to her retirement she worked for almost 30 years in field of mental health and mental retardation. She has been a Mac user for 11 years, and has recently developed an avocation of teaching basic computer skills in both group and one-to-one settings.
Most Recent Computing With Bifocals Columns
- Of iPod Cases and System Preferences - August 30th
- Cool Tips, Kudos for Bob, & a Review - July 31st
- Two Apps for Reading and Browsing - June 23rd
Other "Computing With Bifocals" Columns
Observer Comments
Fri Apr 14, 2006 5:58 pm Subject: More Explanation of FileVault
Nancy, while I am all for keep our data safe, I think you have given FileVault short shrift. It is true that in its original incarnation FV was problematic and did not work well. Those bugs have been ironed out and fixed and now FV works as advertised.
There are two major things about using FV that you did not mention that you should have. 1 is that FV is intended for mobile users. This does not mean that owners of non-mobile Macs can't use it, but they won't see as much value out of the feature as mobile users might. 2 is that FileVault only encrypts your data when you are logged out of your account. When logged in your data is unencrypted just like if you were not using FileVault.
So if you are a mobile user, like I am, that wants a higher level of security when you are commuting then you should turn on FileVault. If your Powerbook or iBook is every lost or stolen, and you are logged out of your account, then if anyone tries to access your data they will not be able to.
This is the value of FileVault.
Sat Apr 15, 2006 9:28 am Subject: I have to disagree
FileVault persists in creating damaged disk images to this day on Apple Discussions. Many use it obviously who don't know how to take care of it, but the risk of data corruption is too high I believe to put your entire Home folder in a secure mode. It is the "all your eggs in one basket" issue. The Disk Utility image option is much safer, and much easier to create more than one copy, than an entire home folder. FileVault I believe was misconceived from the beginning.
I disagree. It is not that FileVault is "misconceived" so much as people don't know how to use it. If you do not let FV recover file space when it needs to then yes, you're going to wind up with damaged disc images, corrupted data, lost data, etc. Just like any software tool, if it is used correctly and with a little common sense, then FV is a valuable way to keep your Home directory encrypted and safe.
As I pointed out in my original post, though, FileVault isn't really intended to be used in a desktop environment. Knowing that it would be much better to use encrypted disk images created with Disk Utility to encrypt files, or to use something like PGP or GPG to encrypt individual files.
QuoteGuest wrote:
And you neglected to mention the specific drawbacks of using FileVault:
1) as FileVault stores your entire home folder in a single, encrypted file, any file or disk corruption may trash your entire home folder and there are no tools available to recover data from an encrypted volume that has been corrupted. It's easy to act smug and tell someone who's lost all their data that they should have backed up regularly. The practical challenges of doing so on a regular basis, especially with large amounts of encrypted data, are rarely discussed. Remember that some people use their notebook as their primary/sole computer and that they look to FileVault to protect their data all around, not just when traveling. - An incomplete security solution is like installing a door lock worthy of Fort Knox on your front door, only to have a burglar easily slip in through a broken window in the rear.
Please correct me if I'm wrong but it sounds like you are saying here that because backing up data is a pain you shouldn't use FileVault. Is that correct? I have no difficulty backing up my Home directory every week (and more often if I think I need to) because when I am logged in the data is <i>not encrypted</i>. I use my powerbook as my sole computer and backing up my data is easy. I don't understand your argument at all. If you just don't like using FileVault that's fine, but saying it is difficult to backup data when using it is just plain wrong.
Quote3) Performance. While FileVault's performance hit may be minimal on a fairly new computer running most software, you will have a huge performance hit for certain tasks such as video and video editing.
There is no performance hit when using FileVault because the data is encrypted and decrypted only at log out and log in. While you are logged in the data is fully decrypted. There is no encryption going on while a user is logged in to an account.
When using FileVault I recommend that people not keep things like large digital video files or large collections of music in the Home directory. This can cause large delays in encrypting and recovering disk space when logging in and out. But this is just my opinion on where to keep data like that. If someone on a laptop wants to keep digital video files in their Home folder they can. I don't.
I think you may be misunderstanding what Apple means by the term "on the fly" in that article. It is understandable, since it is an ambiguous term. What they mean by that term is that files in the Home directory are encrypted and decrypted "on the fly" when the account is logged in or out. Both that article and the FileVault page <http://www.apple.com/macosx/features/filevault/> should be edited to be more clear.
I'm not trying to convince you to use FileVault if you don't want to. But there are some misconceptions about FV out there and hopefully we can clear them up.
Recent Headlines - Updated Monday, May 12th, 2008
- Mon., 8:40 AM
- Pixelmator 1.2 Draftsman Adds Rulers, Adjustments
- 8:15 AM
- iPhone Unavailable at US, UK Apple Store
- 8:00 AM
- iPO Ted Landau's User Friendly View - In search of headphones for my iPhone
- 7:30 AM
- iPO Quick Tip - iPhone: Saving SMS Messages to Your Mac
- Fri., 6:00 PM
- iPO Free on iTunes - Aussie UFOs, StrangeThings, Hometown Tales and More
- 5:30 PM
- StrangeCharm - Fewer Particles, More Debris ( Week of May 5)
- 4:05 PM
- MW: The New Rules for Buying a Mac
- 3:15 PM
- OpenOffice 3.0 beta Released for Mac OS X
- 1:30 PM
- Pogue: Time Capsule is So Simple, Just Ignore It
- 1:05 PM
- C|Net: Why Apple Should Build a Game Console
- 10:45 AM
- Hot Forum Topic - The iPhone's March Across the World
- 10:20 AM
- Mailplane 2 Beta Includes OmniFocus Support
- 9:45 AM
- iPodObserver - Apple Canada Offers $45 Credit in iPod Suit
- 9:05 AM
- Apple Settles Power Adapter Suit
- 8:05 AM
- Microsoft Dissolves Yahoo Proxy Board
- 7:30 AM
- TMO Quick Tip - Tracking Application Updates in Dashboard
The Mac Observer Reader Specials
- Download Typestyler, still the Ultimate Styling Tool for Internet, Print and Video Graphics. Works great in Classic with a Native OS X Version on the way. Free Tryout: www.typestyler.com
- Other World Computing: OWC Mercury Elite FW800/FW400/USB2/eSATA TOP-RATED Solutions offer High Performance, Reliable storage for all your data storage needs. Industry leading 2yr limited + up to 5yr HD Mechanism Warranty too! Up to 2.0TB(2000GB), 500GB specials from $199.99
NEW MacPro Memory 800Mhz With Apple Spec Heat Sink 2GB Kit $104 / 4GB Kit $184 / 8GB Kit $362 Click to Maximize your Macs...
Mac observers can now play Party Poker for Mac as well as Mac casino games by going to MacPokerOnline.com.For the latest Apple products use Ciao a comparison website to find laptops like MacBook Air. Then find the best prices on MP3 players and use our comparison tool to evaluate cell phones.
Laptop Hardware Provided by TechRestore - Overnight Mac & iPod Repairs.
Remanufactured HP Inkjet Cartridge 3-Pack : $31.16 
100-Pack HP 52X LightScribe CD-R Blank Media: $45.99 Delivered 
100-Pack Falcon 48X CD-R White Inkjet Hub Printable Professional Premium Grade Blank Media: $24.99 Delivered 
PQI 2GB Hi-Speed 60X SD Card: $9.75 Delivered 
Sandisk 1GB MiniSD Card w/ Free SD Adapter: $10.50 Delivered 
