security software for macbook pro

[ilw-00]

HI.
On my MacBook Pro using system 10.5.1, I have a lot of information that I would like to have protected if my laptop is lost or stolen.  What security software is suggested? Also if I back up the data on a thumb drive in addition to my regular backups, is there any special type of thumb drive that might be more secure?  Thank you. ilw-00

[tacit]

QUOTE(ilw-00 @ Dec 15 2007, 10:15 PM) <{POST_SNAPBACK}>

HI.
On my MacBook Pro using system 10.5.1, I have a lot of information that I would like to have protected if my laptop is lost or stolen.  What security software is suggested? Also if I back up the data on a thumb drive in addition to my regular backups, is there any special type of thumb drive that might be more secure?  Thank you. ilw-00

Your computer contains built-in security software called "File Vault"--you do not need to buy extra security software. When you turn on File Vault, every file in your home directory is encrypted.

CAUTION ** CAUTION ** CAUTION With any kind of security software, including File Vault, if you forget your password your files are gone. There is no back door and no way for anyone, including Apple, to recover the files.

If your run out of hard disk space, security software may make your computer unusable and your files unrecoverable. All security software requires hard disk space to do the encryption and decryption. People have lost their files by filling their hard drive space completely full, so the security software does not have enough room to decrypt their files.

There are many secure, encrypted USB thumb drives; you can probably find them by doing a Google search.

[ilw-00]

Thank you.  It seems scary to use in case there is a problem with the program and you lose access to your hard drive.  Is this what most use?  ilw-00

[Mayo]

I won't use FileVault.  I don't want nor need every file in my home directory to be encrypted. And at least when it was first introduced there were some serious problems associated with using FileVault; a quick Google search should turn-up current info regarding FileVault.

I prefer to encrypt files and folders individually.  That way I only encrypt what needs to be encrypted and if something goes wrong with a file/folder I will only lose the data in that file/folder.

OS X has another option called Encrypted Disk Image.  The feature is accessed via Apple's Disk Utility.  10.3 and 10.4 offer 128-bit AES encryption, while 10.5 features 256-bit AES.  Both levels of encryption are very secure. One caveat: I would deselect the "Remember password (add to keychain)" option, particularly if you tend to leave your keychain unlocked. Apple's keychain has proven to be vulnerable in the past and there is commercial software available that allows access to the keychain and key system files.  I do not consider the keychain to be a secure location for important passwords.

I think that it is better to come up with one very secure and memorable password and use it for your important encrypted data. I understand that using individual passwords may be more secure, but then the process becomes needlessly complicated and perhaps even less secure because the tendency is to write down the passwords somewhere, which is inherently much less secure than memorizing a single strong password. With a password limit of 255 characters (using Disk Utility) a person can be creative and devise a very strong password that they will be able to remember. Generally speaking, the longer the password, the more secure it will be. It can be a long sentence or lyrics to a song. Passwords that do not contain actual words are especially secure. Combining letters, numbers and punctuation along with upper and lower-case characters makes for a very secure password.

I personally use Encryptor by SubRosaSoft to encrypt individual files and folders, but it is no longer available for purchase.  I also use Web Confidential for all kinds of passwords, banking info, etc. because it uses strong encryption and it is not dependent on the keychain to store its passphrase. But my very secure password (made up of upper and lower-case characters, numbers and punctuation) resides nowhere but in my mind.

You don't need to spend extra money on a special secure thumb-drive. If the files you put on a regular thumb drive or removable media are encrypted then they are plenty safe. The most important thing is to make it as easy as possible for yourself to encrypt your data and use a strong password, and then make it a habit to keep your data safe. If your data is stolen or lost it will be safe from prying eyes because your typical thief does not have the means nor the inclination to crack even a "weak" password. And if you use a strong password with strong encryption even a super computer won't be able to crack it... in our lifetimes anyway.