Preventing Data Loss with FileVault

FileVault is Apple's encrypted file system. I use it on my laptop to prevent me from having one of those "data-loss incidents" in the event that my laptop gets lost or stolen.

FileVault is pretty cool. It keeps all your files in a single big "virtual disk" file. Whenever data is written into the virtual disk, the data is encrypted; when the data is read back, it's decrypted. All this encryption and decryption is done transparently. And the disk is automatically mounted when you log into the Mac, with the encryption key being protected with your log-in password. All in all, it's pretty slick.

But FileVault has also caused me to lose data--and on more than one occasion. Usually the data loss happens when my battery dies on a long flight. My MacBook is pretty good about shutting down before the battery dies, but a battery can go out of calibration. When that happens, sometimes the Mac just loses power. When this has happened to me in the past while I was saving a file, I've lost the entire directory where the file was being saved. Now that's annoying.

The other failure mode that I've seen with FileVault, one that's far more troubling, happened to me on Sunday night. My computer got real slow, the disk kept spinning, and eventually I had to power it off. When I turned it back on, I discovered that every file that had been written over the past 10 to 20 minutes was filled with corrupt data.

I keep excellent backups, so this wasn't the horrible problem that it could have been. Yes, it did take me eight hours to reconstruct all the data on my laptop, but I was sleeping for most of that time. It was the laptop that was doing the work, slowly copying the data from one of my backups back to the laptop.

Periodically wiping out your laptop has another advantage, of course: it lets you pinpoint the problems in your backup system.

Frankly, I always treat my laptop as if it is on borrowed time. Between drops, theft, and buggy software, data that's on a laptop is always living on borrowed time. If you aren't constantly backing up your laptop whenever you have an Internet connection, you're making a mistake.

Antivirus Software for the Apple Mac

Wall Street Journal tech columnist Walter S. Mossberg is fond of saying that Macintosh users don't need antivirus software. For example, in today's column about "craplet" software on new PCs, he writes,

"An excellent way to avoid or minimize the craplet problem is to simply buy an Apple Macintosh computer. New Macs don't have any craplets displayed on their desktops. On a new Mac, no third-party software is automatically launched when you start the computer, and you don't need antivirus or antispyware programs because the Mac is essentially free from those menaces."

I agree with Mossberg that antivirus software isn't needed for the Mac today. Nevertheless, I run antivirus software on my Apple MacBook laptop. I've also recommended to my father that he run antivirus software on the Mac Mini that he has at his home.

I run antivirus software on a computer that doesn't need it to protect myself against a legal risk, not a technical one, since I use my Mac for Web banking. There is a risk to Web banking, of course. One of those risks is that somebody will get your password and drain your account. These days, many brokerage firms that offer Web banking have some kind of guarantee in which they promise that they will reimburse you for any money lost as a result of unauthorized transactions. But there is a hitch: they will only reimburse you if you are running antivirus on your computer.

For example, Schwab's privacy policy (revised July 1, 2006) states that customers should keep their computer and browser software current with security updates, install and update antivirus and antispyware software, and use a personal firewall. Apple's Mac OS has a built-in firewall, but it doesn't have built-in antivirus or antispyware software. So if you were using Schwab and lost money for some reason, Schwab wouldn't have to honor its guarantee if you were not running antivirus. My brokerage company has a similar policy.

This policy is not just for Web banking. One of the organizations where I work demands that I have antivirus installed on my computer before I put that computer on the company's local area network (LAN). Not having antivirus installed is a security offense.

What's truly ironic here is that the antivirus programs on the Mac spend most of their time looking for PC viruses, not Mac viruses. That's because, as Mossberg points out, there are few, if any, actively rampaging viruses that affect Mac users. It's tempting to think that this is because the Mac is a superior operating system, but it's really just because the Mac is the minority. If Apple ever gets popular--really popular--then we're sure to see spyware and viruses on the Mac, just as we see them on other computer platforms.

Indeed, I have seen spyware-like programs on the Mac before. A few years ago, my wife had her Mac's Web browser loaded up with toolbars and other "helpful" programs that monitored every website she visited and sent this information back to a few large corporations in California that used them for marketing purposes. Such programs are widely available today. Download them onto your Mac, and you, too, can have a Mac that's filled with spyware.