Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

FileVault vs Encrypted Sparsebundle?

Crash Davis

Crash Davis

macrumors member
Original poster
Feb 23, 2008
81
20
Austin, Texas
I have an older mac that I've never turned on FileVault for because of the performance hit but instead use encrypted sparsebundles for sensitive files. I just open them when I need files and usually close them later in the day.

I'm planning on buying a new Mac this year and using FileVault. But I'm wondering, does it seem like my current method is actually more secure? Wouldn't I be less likely (not immune) to have files stolen by some rogue app, etc. this way?

Appreciate any thoughts.
 
Yes: They will only be decrypted manually when you open it.

But...you have to save to the bundle, and open and close it up manually. And you could have lots of other possible data the could be kept outside of the bundle (email, etc)

File Vault will encrypt everything, all the time. All you have to do is log out/lock/shutdown the machine to lock it down.
 
hobowankenobi said:
Yes: They will only be decrypted manually when you open it.

But...you have to save to the bundle, and open and close it up manually. And you could have lots of other possible data the could be kept outside of the bundle (email, etc)

File Vault will encrypt everything, all the time. All you have to do is log out/lock/shutdown the machine to lock it down.
Click to expand...

Yes, true. I think using FileVault is a good idea since it's difficult to keep track of every little thing on your drive that you might consider sensitive even if you keep your personal files organized and in a sparsebundle.

But what I'm mainly saying is that FileVault only protects you if someone pulls the disk. When you are logged on, everything is exposed all the time. I'm not sure what's to stop some (especially clever) rogue app from getting to your files. There have been several stories lately about apps (Adware Doctor) being removed from the Mac app store because they found a way to circumvent the rules protecting personal information. Not necessarily user documents (yet) but personal information. It seems like keeping files in a sparsebundle that you only open when needed (while a much bigger pain) is actually more secure. It protects against both your disk being pulled AND (unless it's open at the exact time) files being stolen while you're logged on.

Not that I'm paranoid or anything. :) I'm mostly just thinking through things.
 
The best defence is multi-layered. A sparsebundle can leak information, simply by showing the size of the container or the modification date. And a rogue app can wait for you to unlock your sparsebundle, so if your computer is compromised then all bets are off. If you want to feel paranoid, there are people who can get your password by the sound of you typing.

In the recent Macs FileVault is hardware supported so the speed difference is not noticeable. And a few of the Macs are sold with soldered SSD storage, so pulling the drive is harder.
 
  • Like
Reactions: Crash Davis
Crash Davis said:
Yes, true. I think using FileVault is a good idea since it's difficult to keep track of every little thing on your drive that you might consider sensitive even if you keep your personal files organized and in a sparsebundle.

But what I'm mainly saying is that FileVault only protects you if someone pulls the disk. When you are logged on, everything is exposed all the time. I'm not sure what's to stop some (especially clever) rogue app from getting to your files. There have been several stories lately about apps (Adware Doctor) being removed from the Mac app store because they found a way to circumvent the rules protecting personal information. Not necessarily user documents (yet) but personal information. It seems like keeping files in a sparsebundle that you only open when needed (while a much bigger pain) is actually more secure. It protects against both your disk being pulled AND (unless it's open at the exact time) files being stolen while you're logged on.

Not that I'm paranoid or anything. :) I'm mostly just thinking through things.
Click to expand...

Generally agree....except FV protects the drive pulled or installed....as long as you are not logged in. Coupled with robust sleep/idle settings, every time the machine is idle, if it locks the screen, you are protected. Even clsoing a laptop is enough, assuming you have it set to require a PW immediately upon sleep.

And yes, the above is all about physical security. Once logged in and decrypted...focus shifts to firewall, DNS, AV software, or other tools.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back