Story continued from Page 1
Since today this is still vaporware, there's no point for me to do a direct comparison between Windows Vista's volume encryption and Apple's FileVault, except in the most obvious of ways. It's doubtful this feature would be the deciding factor of a purchase decision anyway. But there have been others who have done a nicely impartial comparison of the two. FileVault encrypts a user's home directory, leaving the rest of the system in its original state, whereas Vista will allow entire disk volumes to be encrypted. Vista will have more features, but I believe that's offset by OS X's simplicity. The big advantage for FileVault in my view is simply one of maturity - it's stable and has been found to be reliable over the years. EFS is stable and mature too, but we can't say that about full volume encryption. I'll talk more on data integrity in a bit.
For and against disk encryption
There has been some concern in government and law enforcement over new disk encryption technologies that can make forensics much more difficult. They argue that the new security technologies proposed in Windows Vista will become prevalent (and they're probably right on this point), but true disk volume encryption might make such forensics on seized computers difficult or impossible. The BBC even published an article on the subject - with some officials having even gone as far as suggesting that Microsoft should create a backdoor for government or law enforcement to do forensic activities where required. I loved Microsoft's unofficial response by one developer. They'll never do it, and it's bizarre that people would ask them to. Putting a legitimate backdoor into Windows encryption technologies is deeply misguided, and I doubt anyone has taken it too seriously. I'll add my 39 cents with a funny question of the day, which is: does Windows really need any more backdoors? Thousands of backdoors already exist in the form of malware, and some of these exist as stealthy, low-level rootkits that are almost impossible to detect. While the government surely isn't using these, many others are.
Traditional law enforcement methods of surveillance, search and seizure aren't going to be impacted much by new features in Windows Vista. It just makes encryption a little more available to the average Joe. Indeed, doing forensics on seized computers with an entire volume of encrypted data will be more difficult (or nearly impossible, without a password or private key), but these technologies just aren't new for criminals who know what they're doing. The technology has been around for a long time, in one form or another.
Reliability and data integrity
The biggest concern I have with large-scale encryption is its impact on reliability and data integrity. Vista's offering which will encrypt an entire disk is an excellent step, but it will essentially be a 1.0 release despite the long history with EFS. Personally, I would be very nervous to trust my data to this technology in its first release, just as I didn't use FileVault in its first release. Are you willing to trust that there aren't going to be bugs? It doesn't matter which software company it is; there's much to be said for having mature technology.
All software has bugs and, in fact, vulnerabilities. Apple's FileVault had some issues when it was first released in OS X 10.3.0 back in 2003, but most of these were fixed soon thereafter in 10.3.1. Again, that was years ago. Now quite mature, FileVault is solid. There have only been two vulnerabilities in FileVault to my knowledge (an old vulnerability with storing passwords in virtual memory, which was fixed quite some time ago, and a recent vulnerability that was fixed in Apple's latest security update for 10.3.9 Panther and 10.4.5 Tiger). I'm comfortable using FileVault now mostly because it's been out for several years, it's stable, and is generally thought to be quite solid.
The other issue to be aware of is that the added complexity can itself have some reliability and data integrity issues. I am not sure how an entire disk volume in Vista will be mounted and managed when it's out of beta, but I can describe the process today with Apple's FileVault. The encrypted disk image will dynamically grow in size as needed, but it will not shrink until the user logs out. This means two things. One, users who are very short on disk space could have problems, because deleting files (emptying the "trash") will not immediately recover any sorely needed space. Second, the process of rebuilding the tables inside the encrypted image is a critical process that can take some time, and if this process is interrupted the consequences on data integrity could be severe. That's why I wouldn't recommend full disk encryption technologies for anyone except mobile users (which have battery backups) or desktop systems with a UPS power backup, because a power loss during this rebuilding process might be devastating.
Keep your data safe - and backed up
My new MacBook Pro has been a nice addition to my home computing environment. While the early hardware glitch was frustrating, it also gave me the opportunity to take another look at disk encryption and FileVault in particular. It's nice to be able to drop off a machine for service and know that no one, regardless of the technique used, will be able to get at any of my personal data. Let's hope government and enterprises start to use this technology more and more.
Of course, I wouldn't think of parting with my machine without a good rsync backup first. That's step number one. Step number two is to secure the data. And step number three... well, let's just say that if I had a Trojan, keylogger, or rootkit on my machine none of this would matter, and file system security would be a moot point. But fortunately I don't know of any Mac OS X users who've ever had one of those.