Apple's 'filevault' faux pas. Important!

serr · 04-12-2018, 11:31 AM

The recent OSX 10.13 installer has enabling Filevault (a disk encryption feature) selected by default. If you just cruse through the setup screen after a fresh OSX install you might miss this and end up with Filevault enabled!

This is a feature that severely sacrifices performance for security. Something appropriate for an FBI agent or bank CEO with sensitive data at risk of physical access but no need for any performance.

Open System Preferences, click Security & Privacy, click the Filevault tab.
If you see it turned on, please turn it off and follow the prompts to un-encrypt your drive.

Also note that OSX updates are sometimes failing with Filevault enabled. Leads to a full OSX reinstall and restore.

Skijumptoes · 04-13-2018, 03:19 AM

Wha?!

Firstly, It doesn't severely sacrifice performance whatsoever, particularly if you're running an SSD.

Secondly, I have 4 machines running ALL with filevault, and as someone who relies on those machines professionally to earn a living, filevault is huge piece of mind for all my hardware for not only my own personal data but for my customers also.

Only applicable to a Bank CEO/FBI Agent - what a stupid thing to say, this whole post is really scare mongering beyond belief and pro-actively promoting ignorance and ill-advice to fellow users that is not to their benefit.

If you've some firsthand experience of this happening, then by all means relay it back. But in my experience after having a mac stolen at a live gig i was so glad that i had the security offered to me enabled, and certainly no 'real world' performance impact. So let's not push out such alarmist information based on hearsay, eh?

Maybe it would be more reasoned to offer the suggestion that if anyone has experienced slow down after a period of a few days from updating or installing MacOS (i.e. after things have settled) to then look into whether Filevault is enabled, as a possible issue?

serr · 04-13-2018, 09:51 AM

You need to understand what Filevault actually is.
This encrypts your hard drive volume. This is security against physical access to your hard drive. It would not protect you online or in any other way. Specifically protection from physical access to your drive. (Hence the comment about a good fit for someone like an FBI agent or CEO with business secrets on their machine that someone would be motivated to steal and access.)

Anything in or out of the drive is encrypted/decrypted and this is obviously a performance hit. A fast machine with a SSD might not be fully crippled but you would be sacrificing significant performance none the less.

If you ARE at risk of theft and theft of sensitive data, then you absolutely want to make this kind of security first priority. Either put up with a slower machine for secondary uses or use a machine with no expensive company secrets on it instead. Bricking an OS update/install is an acceptable risk if this kind of security is a priority.

High security against physical access and theft is a lower use case and absolutely a faux pas to have enabled by default for the average user.

And Apple are screwing up. Updates are crashing and bricking the OSX install in filevault enabled systems. They currently are aware something is very wrong as they shut down their update server some 24 hours ago and it's still down. So we have users that clicked on an update and now their even their USB OSX installer will not bail them out because 10.13 requires a connection to their server for current updates (even if you have made a full USB installer). Not a good look!

Today, if you try updating from 10.13.3 to 10.13.4, a download will appear to start, your system will reboot into the installer mode, and it will quietly give up and restart back to 10.13.3. But if you had filevault enabled it will now hang on startup and you will be in "paperweight" mode. Seen a number of systems with this happen now. One in front of me right now. Apple's server is still down.

Do what you will with this info and believe it or not. I see things, I spill the beans on them. I've never seen Apple crashing and burning this hard before. This is Windows-esque stuff.

I tried playing along even with the extra work and feature regressions but I'm back to recommending avoiding both 10.12 and 10.13 again. (10.13 was supposed to be a bug fixed 10.12)

Skijumptoes · 04-16-2018, 02:58 AM

Quote:

Originally Posted by serr

You need to understand what Filevault actually is.
This encrypts your hard drive volume. This is security against physical access to your hard drive. It would not protect you online or in any other way.

I work with security every day of the week, so i have a rough approximation of what Filevault is, but i'm always keen to learn more.

And, If by 'any other way' you include physical loss or theft of your hardware then yes it would very much protect you, may be the one thing that keeps your data safe infact, so really YOU need to understand what disk encryption means, HOW it works and WHY it protects you, because again, you're going to be posting nonsense in a vein attempt to protect your own integrity vs providing fellow users accurate information.

If that's the line you tread, then i can't help you, but as a professional who's been covered via disk encryption and have actively chosen to use it for many years i shall stand to correct such nonsense, mainly for the benefit of anyone reading, and zero desire to argue with you on the matter - because it's such clearly ill-advised information that you're promoting.

Quote:

Originally Posted by serr

Anything in or out of the drive is encrypted/decrypted and this is obviously a performance hit. A fast machine with a SSD might not be fully crippled but you would be sacrificing significant performance none the less.

Not a clue have you? You realise CPU's have encryption sets built in, so the majority of the encryption is handled direct via instructions within the CPU itself? i.e. basically means it's using areas of computing that your machine wouldn't even be using if encryption was disabled? It's like putting shopping in the engine bay of your car cause you've 'heard' putting it in the boot will slow you down.

Look into AES-NI, as you're clearly oblivious to how it works.

Quote:

Originally Posted by serr

If you ARE at risk of theft and theft of sensitive data, then you absolutely want to make this kind of security first priority. Either put up with a slower machine for secondary uses or use a machine with no expensive company secrets on it instead. Bricking an OS update/install is an acceptable risk if this kind of security is a priority.

There is no noticeable trade off, and we ARE ALL at risk of theft, or machine loss - particularly laptop users. There is NO priority to be considered, it's really not an issue, and as i've said before if you have some first hand experience of it causing you issues then go ahead and post them, as it is this is all just hear say and nonsense, and regurgitation of false information.

But to use that further and recommend people disable a very well implemented security for their devices is really really ill-advised. I would even be willing to make a case that by not using it you could be walking in to more problems as Apple are strongly advising it to be used.

As i've said before, i use multiple devices ALL encrypted, have done so for years, i lost a MacBook at a live gig, and luckily it was fully encrypted. On top of that, companies i work for have all 100's of their machines encrypted, and i've not heard of any of them having to disable it for the massive 1% CPU boost they 'may' see.

If you've got a studio that cannot be broken into, or a house that you never leave unattended, or you're a laptop user who never takes it out/leaves it in a car/on holiday, or you trust any computer repair shop where you may send your machine to be fixed, or you have shared accommodation where you can trust everyone coming in and out of, and you destroy all media after use - Then go ahead, disable it and revel in the CPU boost that you'll probably never even notice with modern encryption. Furthermore, Keep working AGAINST what the OS provider recommends, and see what happens.

Quote:

Originally Posted by serr

High security against physical access and theft is a lower use case and absolutely a faux pas to have enabled by default for the average user.

I suppose holding multiple backups is a 'faux pas' too, right? I mean, why even backup externally (via cloud/ftp/nas etc) when by your advice nothing can happen to an 'average user's physical machine? An unencrypted Laptop with USB drive is enough, right? Unencrypted local backups also pointless in your opinion also?

Quote:

Originally Posted by serr

Do what you will with this info and believe it or not. I see things, I spill the beans on them.

No, you read 'things', and then post ill advised recommendations to fellow users that's not to their longterm benefit, it's nothing to do with 'believing' you, in fact, this isn't anything do with 'you' at all and i think that's the problem you're having.

Quote:

Originally Posted by serr

I've never seen Apple crashing and burning this hard before. This is Windows-esque stuff.

Yeah sure, it's really confusing how millions of professionals around the world are cashing in their invoices with this clear burning and crashing of apple that's happening around us!! It's absolutely insane. I don't know how i made it through last month alive... Luckily i was able to fight all these issues and get through the work. But next month... wow, may have to swap to windows, which, actually is a really good OS too - oh wait, now you have me confused. How an earth have people be running on windows all these years too?!!

Are you without a machine by the way? Have you been crashing and burning too? Or is this just more 'spilling the beans' kinda stuff, that you've seen?

And are Apple now so windows-esque that they're selling your personal details to the highest bidder? All i see is them putting some great technology in place to protect it's users both physically and virtually. But hey, if you want to fight against that, then do so. But please, don't recommend that others should do so by default, even if you caused one person to have their data stolen a year down the line, one is still too much.

Quote:

Originally Posted by serr

I tried playing along even with the extra work and feature regressions but I'm back to recommending avoiding both 10.12 and 10.13 again. (10.13 was supposed to be a bug fixed 10.12)

Again, i'm running all the latest updates, encryption enabled, has been for years, multiple machines, i service approx 70-80 machines directly over the course of a year and i have not known one occurrence of having to disable disk encryption. But then, i don't sit and read stories, i just get to work.

As you're a guru on recommending which OS we should also be using, could you please confirm that you still recommend running without encryption enabled by default?

serr · 04-16-2018, 09:42 AM

I stopped after the first bits about it being possible to commit physical theft over the internet and magic instruction sets that execute in zero time. Sorry, I don't think you're trying to troll me and there's certainly some miscommunication or typo at the root of that but still...

I'll simplify it: Don't invite trouble!

Do understand that security measures designed to protect against physical theft are sometimes a priority. Use them when appropriate. Don't use them when performance and/or data integrity is the priority.

Aside: I suspect what got a little confused above is related to integrated chip level security like that available in some of the secure flash memory (like that used to store encrypted EFI passwords). There will come a day when perhaps everything is made like this in a way that supports performance. It would be premature to treat OS based hard drive encryption this way.

Care to explain to the last guy who lost the recording of his last project and further had to come for help with a machine that would no longer boot how he's still better off with this enabled? Yes, he screwed up by 1. not catching it on day 1, and 2. really screwed up by clicking that OSX update button before backing it up. That IS the root screwup! So don't invite trouble.

Want the 'conspiracy theory' version?
Apple is being accused of doing this intentionally to really hit anyone still using a spinning HDD for their system drive (as originally came stock in many of the pro machines they used to make) so they can tell them they need to buy one of their new disposable models. I think they're just good old fashioned screwing up on this one too but it's getting harder to make Rube Goldberg-like excuses for how it's still innocent as they devolve.

Anyway, the trouble stories I've told are all real episodes. I'm suggesting 'better safe that sorry' approaches to prevent disaster and erring on the side of caution. Operator is a thing for sure but it isn't reasonable to get dinged for it like I see going on with this current OSX release.

serr · 04-16-2018, 11:46 AM

The errant default selection to enable Filevault in the new install account setup script has been removed in the new 10.13.4 installer. (Note, the 'base install' package has been revised and installs OSX 10.13.4 as the base system now.)

Skijumptoes · 04-17-2018, 04:05 AM

Quote:

Originally Posted by serr

I stopped after the first bits about it being possible to commit physical theft over the internet and magic instruction sets that execute in zero time. Sorry, I don't think you're trying to troll me and there's certainly some miscommunication or typo at the root of that but still...

I'll simplify it: Don't invite trouble!

Well, i'm willing to learn, and you're not, so that's up to you if you consider any alternative viewpoint to be trolling, that's a pathetic stance to take when someone is trying to help other users.

And you are directly inviting trouble by not encrypting your drive, both in the sense that your data could be easily more compromised but moreso that you're operating against the recommendations of the OS designer. i.e. it will be the users who have no encrypted previously at most risk of having an issue.

If you don't understand how AES or AES-Ni works then really you shouldn't be telling people such false claims that their performance will be SEVERE-ly affected with encryption, as it's nonsense. The hardware and OS is designed to specifically run in that manner. There's no magic, it's simply a case of the CPU directly being able to decrypt on the fly which means it's not having to go via your OS and affect applications.

Quote:

Originally Posted by serr

Do understand that security measures designed to protect against physical theft are sometimes a priority. Use them when appropriate. Don't use them when performance and/or data integrity is the priority.

There is no priority choice to be made, you've made it out to be this evil encryption that's no use to anyone other than an FBI agent and it slows your machine done AND you recommend people disable it?! It's nonsense, and you know it. If i encrypted your drive you would not even notice i had done so.

Further than that you dismiss any facts as trolling, you're basically trolling yourself mate.

Quote:

Originally Posted by serr

Care to explain to the last guy who lost the recording of his last project and further had to come for help with a machine that would no longer boot how he's still better off with this enabled? Yes, he screwed up by 1. not catching it on day 1, and 2. really screwed up by clicking that OSX update button before backing it up. That IS the root screwup! So don't invite trouble.

I can't understand what you're saying here, but if it was already enabled then the issue cannot be with disk encryption, the issue may happen if you enable disk encryption and the drive locks - in which case no data is lost, you simply unlock the drive via the key. It's really quite straight forward, encryption does not make changes to your actual data, it's simply doing it's job of not allowing an unvalidated OS to read it.

Secondly, any sensible user will be running backups on their system, Apple has both bases covered with file vault and time machine - so there's no excuse for anyone using a mac to not have backups, or their data encrypted. If they're not backing up then there can be no complaints if they lose data that they cherish, and likewise if they do not encrypt their data there can be no complaints if they're even subjected to identity/data theft where their laptop to go missing.

Quote:

Originally Posted by serr

Want the 'conspiracy theory' version?

No, cause it's balls and shows that basically at the core of your thoughts is a conspiracy theory that's at the basis of you recommending that people should turn off privacy protection based on false rumours and clearly NO REAL WORLD experience yourself.

Your really need to grow up. I'll leave my laptop on a train to go for a ride, and you leave yours, and we'll see who's most likely for identity theft.

Are you really trying to tell the world that Apple would want to deliberately break and/or slow down their own users OS's so that companies such as western digital/samsung/toshiba etc. can sell more SSD drives? Really? They are that charitable to hard drive manufacturers?!! Or is the conspiracy deeper, that actually Apple are building all these drives and rebranding them as Toshiba/WD etc? lol honestly, it's laughable.

Quote:

Originally Posted by serr

Anyway, the trouble stories I've told are all real episodes.

Have you personally lost data because of this 'faux pas'? It's pointless passing off stuff "you've read" as fact, particularly given your loaded agenda that this is some kind of conspiracy against people within spinning drives lol.

Your very post which created this thread is proof of that mis-information and how it spreads, and how these 'stories' you read are all just secondhand information that serves no direct help to users, particularly when loaded with a conspiracy-based 'recommend' to disable something that has been designed to offer them protection in the case of a real disaster scenario.

Maybe if i hadn't argued the fact then someone else would've pointed to this thread as evidence that CPU's are severely affected if you enable encryption, and your machine will crash and burn, and apple are doing it all to stop people using spinning drives and that we MUST be safe than sorry and DISABLE ALL THEY RECOMMEND!!!! (joke!). Seriously, Be part of the solution, not the problem.

Quote:

Originally Posted by serr

I'm suggesting 'better safe that sorry' approaches to prevent disaster and erring on the side of caution. Operator is a thing for sure but it isn't reasonable to get dinged for it like I see going on with this current OSX release.

Yet you're quite happy to scare people into disabling such a useful feature. The better safe than sorry approach IS to enable encryption, it doesn't hit CPU, it offers privacy protection AND it's recommended by the OS creators, so you're towing the safest line possible there.

A 'DISASTER' is losing your data via theft or loss, another 'DISASTER' could be working against the OS recommendations in a way that may ostracise you, meaning that you're become the small percentage in the millions who may experience issues.

How an earth is working AGAINST guidelines considered safe?! i.e. How can a recommended box even be automatically ticked without your knowledge if you've already ticked it years ago?!