,
File and disk encryption needs to be simple and easy if it's going to be used. This article looks at Apple's FileVault and takes a sneak peak at what's coming in Windows Vista.
A few weeks ago there was a knock at my door, and my new MacBook Pro laptop had arrived. I was very excited, because it's one of the first of the new Intel-based dual core systems available. Yes, it's fast. Fast enough to give me visions of OS X native apps running alongside both Windows Vista and Fedore Core inside two virtual machines. It would make for a nice, highly portable security lab to test all three major operating systems. Today it might be a pipe dream, but the day is coming and it's not that far off. The hardware is available, now Apple users need the software - here's hoping that VMWare is released for Intel-based OS X one day soon.I'm somewhat paranoid about security, like many of our readers, but I'm generally much more worried about what happens if my new laptop is stolen. Or, someone otherwise gets physical access to my machine. I know many people who've had their laptop stolen from their car, and others who have had a laptop bag mysteriously disappear from under them in the chaos of an airport. With a little power to spare, I thought I'd take some of Apple's built-in security features for a test drive. Part of it was prompted by some early hardware glitches in my new machine, requiring me to send it in for service - but unfortunately, I had just migrated all my sensitive data, which was now at risk. This was a great opportunity to take a second look at FileVault, and disk encryption in general as it makes it way to the masses.
Making encryption easy
I've had the opportunity to use FileVault, Apple's secure encryption technology for a user's files and folders. It uses AES-128 encryption, the U.S. government security standard approved by NIST that is generally believed to be quite secure. FileVault encrypts a user's entire home directory, settings and all data. The end result is transparent to the user. It's not even a new technology at all; it's been available for a number of years (since 2003) and in fact I've used it off-and-on in the past. Part of its appeal today is that it's a mature, reliable technology, and that laptops (regardless of your OS of choice) are now faster with big enough drives that encryption on a large scale will have no noticeable performance impact.
I'll put speculation aside and summarize why I like this technology: it's simple and easy, plus it's fully integrated into the OS - just as full disk volume encryption in Windows Vista will be, when it's made available. This, along with some recent high profile data breaches involving laptops with unencrypted data means large scale data encryption on desktops and laptops warrants another look.
There have been 3rd party options for strong encryption for a long time, and they're quite useful. Some might be considered enterprise-class as well. But I've always been pretty nervous about using 3rd party additions to encrypt large amounts of data found in tens of thousands of files that are used every day. Maybe it's because I have an idea of all the things that can go wrong, and I believe this type of offering needs to be deeply integrated into the OS. If it isn't completely seamless for the user, most people simply won't use the technology. Or they'll have problems.
FileVault
I did quite a bit of reading up on Apple's FileVault before ever letting it touch my data in such a fundamental way. What first brought me to use it is the fact that it's not a new technology, and it's pretty reliable because it's been integrated with OS X for years. I used it previously on an old Powerbook G4 and it worked fine, but with some disk space issues and a bit of a performance impact on that slower machine, it didn't seem useful for day-to-day use. Laptops are notorious for having small hard drives, and limited free space doesn't mix well with encryption technologies when your data is at stake.
FileVault is surprisingly simple and straightforward. On a working OS X system, you just turn it on and the rest of the process of converting your data is automatic. It took about two hours to encrypt 60 gig of data, and afterward I did not notice any impact on system performance. There are no options for selecting individual files or folders, however - the encryption is either on or off for an entire home directory. But that's fine with me. I'd rather have all my data encrypted anyway, making it much harder for someone to find the really important data buried among all my MP3s, application data, videos and documents. A small encrypted folder, on the other hand, makes it a little easier for someone with physical access to your machine to hone in on the important stuff. Having all your data encrypted in a seamless fashion, and integrated at the OS-level, can be quite comforting indeed - especially if your your laptop is ever stolen. Let's just hope you have a backup.
Making encryption easy to use is the real key (no pun intended). Otherwise, as we've seen with most PKI technologies over the years, it won't get used. In typical Apple fashion, all FileVault settings are configured on a single page, and also include other important options you will want to set as well - such as requiring a password to exit the screensaver, requiring a password when emerging from sleep, and disabling automatic login. There is also the Secure Delete option for wiping files securely, and the ability to encrypt virtual memory as well. Very simple and refined.
Comparable Windows options
Mac users like to note that FileVault has been out since 2003, which helps make it secure and solid. This is true. But in fact, Windows has had file and folder encryption for even longer. Since Windows 2000, NTFS has had the Encrypting File System (EFS) which allows users to selectively encrypt files and folders - thereby providing much more granularity than Apple's FileVault option. EFS was enhanced for Windows XP and 2003, but it's still not an ideal solution. Many people simply don't use it, and there's no option today for automatically encrypting an entire disk volume or home directory.
With Windows Vista now in beta testing, there is some renewed excitement related to EFS in the Windows world, in the form of BitLocker - which will allow an entire disk volume to be encrypted. This is an excellent enhancement, and in fact Microsoft's offering appears to go much further than FileVault in its variety of options, such as the ability to use key pairings instead of just passwords. I just hope they keep it simple for the 95% of the people who need it that way.
Although this new encryption will require a system with a TPM (Trusted Platform Module) chipset, it appears it might only be available in the Enterprise and Ultimate editions of Vista. With these limitations aside, it's now approaching the point where enterprise customers and normal users will be able to encrypt their disk volumes in a very simple way. And in a way that's integrated into the OS, which I feel is quite important. We'll have to see how the final versions of Vista are configured, and what features are added or removed, but at this point it looks like most home users might be out-of-luck.
Since today this is still vaporware, there's no point for me to do a direct comparison between Windows Vista's volume encryption and Apple's FileVault, except in the most obvious of ways. It's doubtful this feature would be the deciding factor of a purchase decision anyway. But there have been others who have done a nicely impartial comparison of the two. FileVault encrypts a user's home directory, leaving the rest of the system in its original state, whereas Vista will allow entire disk volumes to be encrypted. Vista will have more features, but I believe that's offset by OS X's simplicity. The big advantage for FileVault in my view is simply one of maturity - it's stable and has been found to be reliable over the years. EFS is stable and mature too, but we can't say that about full volume encryption. I'll talk more on data integrity in a bit.
For and against disk encryption
There has been some concern in government and law enforcement over new disk encryption technologies that can make forensics much more difficult. They argue that the new security technologies proposed in Windows Vista will become prevalent (and they're probably right on this point), but true disk volume encryption might make such forensics on seized computers difficult or impossible. The BBC even published an article on the subject - with some officials having even gone as far as suggesting that Microsoft should create a backdoor for government or law enforcement to do forensic activities where required. I loved Microsoft's unofficial response by one developer. They'll never do it, and it's bizarre that people would ask them to. Putting a legitimate backdoor into Windows encryption technologies is deeply misguided, and I doubt anyone has taken it too seriously. I'll add my 39 cents with a funny question of the day, which is: does Windows really need any more backdoors? Thousands of backdoors already exist in the form of malware, and some of these exist as stealthy, low-level rootkits that are almost impossible to detect. While the government surely isn't using these, many others are.
Traditional law enforcement methods of surveillance, search and seizure aren't going to be impacted much by new features in Windows Vista. It just makes encryption a little more available to the average Joe. Indeed, doing forensics on seized computers with an entire volume of encrypted data will be more difficult (or nearly impossible, without a password or private key), but these technologies just aren't new for criminals who know what they're doing. The technology has been around for a long time, in one form or another.
Reliability and data integrity
The biggest concern I have with large-scale encryption is its impact on reliability and data integrity. Vista's offering which will encrypt an entire disk is an excellent step, but it will essentially be a 1.0 release despite the long history with EFS. Personally, I would be very nervous to trust my data to this technology in its first release, just as I didn't use FileVault in its first release. Are you willing to trust that there aren't going to be bugs? It doesn't matter which software company it is; there's much to be said for having mature technology.
All software has bugs and, in fact, vulnerabilities. Apple's FileVault had some issues when it was first released in OS X 10.3.0 back in 2003, but most of these were fixed soon thereafter in 10.3.1. Again, that was years ago. Now quite mature, FileVault is solid. There have only been two vulnerabilities in FileVault to my knowledge (an old vulnerability with storing passwords in virtual memory, which was fixed quite some time ago, and a recent vulnerability that was fixed in Apple's latest security update for 10.3.9 Panther and 10.4.5 Tiger). I'm comfortable using FileVault now mostly because it's been out for several years, it's stable, and is generally thought to be quite solid.
The other issue to be aware of is that the added complexity can itself have some reliability and data integrity issues. I am not sure how an entire disk volume in Vista will be mounted and managed when it's out of beta, but I can describe the process today with Apple's FileVault. The encrypted disk image will dynamically grow in size as needed, but it will not shrink until the user logs out. This means two things. One, users who are very short on disk space could have problems, because deleting files (emptying the "trash") will not immediately recover any sorely needed space. Second, the process of rebuilding the tables inside the encrypted image is a critical process that can take some time, and if this process is interrupted the consequences on data integrity could be severe. That's why I wouldn't recommend full disk encryption technologies for anyone except mobile users (which have battery backups) or desktop systems with a UPS power backup, because a power loss during this rebuilding process might be devastating.
Keep your data safe - and backed up
My new MacBook Pro has been a nice addition to my home computing environment. While the early hardware glitch was frustrating, it also gave me the opportunity to take another look at disk encryption and FileVault in particular. It's nice to be able to drop off a machine for service and know that no one, regardless of the technique used, will be able to get at any of my personal data. Let's hope government and enterprises start to use this technology more and more.
Of course, I wouldn't think of parting with my machine without a good rsync backup first. That's step number one. Step number two is to secure the data. And step number three... well, let's just say that if I had a Trojan, keylogger, or rootkit on my machine none of this would matter, and file system security would be a moot point. But fortunately I don't know of any Mac OS X users who've ever had one of those.