Fanbois howl as OS X update bricks PGPed Macs Users of PGP's Whole Disk Encryption for Macs got a nasty surprise when they upgraded to the latest OS X update once they discovered their systems were no longer able to reboot. It seems that Apple and the Symantec-owned PGP suffered a near-fatal failure to communicate that 10.6.5 ships with a new EFI booter that was …
Sure if you can insure that no sensitive data will every be on the system partition then there is no need. As long as you know there will be no IP addresses in /etc/hosts and that no document will ever be saved there, and that there are never any temp files there, and that the partition isn't shared with any non-system file systems then there is no need to encrypt it.
Unfortunate, inconvenient but not an indication that anyone was brain-dead when buying or is Hitler personified for going into an Apple Shoppe with Purchase Aforethought.
The real issue here is that, as always, you won't see this story outside of El Reg and the Mac /PGP forums. Had it happened on a Wintel platform, not only would your morning radio show have led with the news but it would be a feature you could read on any milk carton by now.
The problem I have with the Apple community is the conspiracy of silence when stuff don't work, not their choice of equipment manufacturer.
(six pages of personal detrimental experience of same deleted for brevity and reduction of blood pressure).
You know if this were an MS or Google product, this would have been labeled an Epic Fail instead of a Goof in the article.
Not screwed by this particular problem because I work only on Windows, but I've been screwed by it often enough on this side. The problem is inherent with any whole disk encryption product. While the solution is straight forward, 10-30 hours per system to fix things for a corporate environment, particularly given government PII security regs, creates major problems. Filevault simply does not meet government requirements for handling PII. I wasn't in the group supporting MACs on my last job, but they had that specific issue and had to purchase third party software to get the contracts.
Two big arrogant companies happier to piss on their users than do the basic checks.
Lots of grief thinking that you had lost your data, and how do you know about the fix if it is your only computer, unless you wipe it, rebuild from scratch and then go online...to see there was an easy fix.
Any other environment than tech there would be compensation, but tech companies just get away with it.
Most encryption software is more trouble than it's worth. You are more likely to forget the password or lose everything in a crash (encrypted data being largely unrecoverable) than have your PC nicked.
Keep your confidential data off your PC, certainly off your laptop. Carry it on an SD card or a USB stick. Don't let your browser on your laptop store your passwords. A little DIY with a sewing kit can get you a reasonably secure pouch in your jacket or trousers for a storage device. You'd think clothing manufacturers would have thought of that by now. You can never have too many pockets, and muggers rarely steal your trousers.
[A second wallet with £20, a fake ID with a fake address and a couple of out of date credit cards is also handy. If you have an expensive smartphone, carry a small, cheap PAYG as well. Look terrified and rapidly hand over the cheap phone and second wallet.]
The government will simply bang you up if you don't tell them your password (or can't remember it) should they want to see your data. Then they will hammer away until they break your encryption. Post 9/11, you haven't got any civil rights, so why spend the money on encryption?
And of course, commandment 1, b*ck up. Because Apple, Microsoft and most other tech companies regularly f*ck up.
"any other environment than tech there would be compensation" - name ONE such environment where a company hands over compensation for a repairable fault when the user failed to follow basic commonsense precautions?
I would do (and have done) the second wallet, spare credit card, spare passport thing in seriously dodgy places like crowded marketplaces in La Paz or Nairobbery, when no money/no ID would mean missing flights and being stuck for days/weeks, but couldn't fathom living my life with this attitude.
It is true that if you upgrade to a new version of Windows, you may experience some problems with some installed software.
However, with Windows, usually there's no reason to spend money on upgrading. Just leave the machine with its original OS, except for service packs. When you buy a new machine is time enough to get the latest operating system. So, except when a service pack causes problems, the issue can be entirely avoided.
Apparently, with the Macintosh, it's more important to keep up-to-date.
or is WDE a bit of overkill in most cases ?
Encryption is there to protect data, which should be on a separate partiion anyway - just encrypt that. And before I get shouted down by the crowd, I'm aware that won't encrypt your registry and most temporary files (although moving your user folder onto an encrypted partition is fairly good practice). But it's like security for your car - you can only go so far.
In the corporate environment its a belt and braces approach, WDE is, in my opinion the only way forwards... the amount of people leaving laptops, etc out for people to steal or leaving them in bars is scary...
Imagine for some reason a laptop with child protection data for your kids, or you bank details gets stolen, would you feel more comfortable knowing that is only half encrypted?
control of the whole disk is also easier to impliment at the corporate level too... leaves less holes for things to leak out of...
If people want to use macs for real work, then, just like thier windows equvilents, they need to be protected from the user.
Do I use WDE? not on my personal laptop, but the work one, yes,.
Have I had an issue with updates? no... everything is controlled from the domain, with updates being rolled out via wds after extensive testing with our hardware/software configs. There is the issue that we arnt on the bleeding edge of security, but in reality, with a work laptop being used for work, and controls as to what we can and cant do, its not so much of an issue and things just work!
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
