Preventing Data Loss with FileVault

FileVault is Apple's encrypted file system. I use it on my laptop to prevent me from having one of those "data-loss incidents" in the event that my laptop gets lost or stolen.

FileVault is pretty cool. It keeps all your files in a single big "virtual disk" file. Whenever data is written into the virtual disk, the data is encrypted; when the data is read back, it's decrypted. All this encryption and decryption is done transparently. And the disk is automatically mounted when you log into the Mac, with the encryption key being protected with your log-in password. All in all, it's pretty slick.

But FileVault has also caused me to lose data--and on more than one occasion. Usually the data loss happens when my battery dies on a long flight. My MacBook is pretty good about shutting down before the battery dies, but a battery can go out of calibration. When that happens, sometimes the Mac just loses power. When this has happened to me in the past while I was saving a file, I've lost the entire directory where the file was being saved. Now that's annoying.

The other failure mode that I've seen with FileVault, one that's far more troubling, happened to me on Sunday night. My computer got real slow, the disk kept spinning, and eventually I had to power it off. When I turned it back on, I discovered that every file that had been written over the past 10 to 20 minutes was filled with corrupt data.

I keep excellent backups, so this wasn't the horrible problem that it could have been. Yes, it did take me eight hours to reconstruct all the data on my laptop, but I was sleeping for most of that time. It was the laptop that was doing the work, slowly copying the data from one of my backups back to the laptop.

Periodically wiping out your laptop has another advantage, of course: it lets you pinpoint the problems in your backup system.

Frankly, I always treat my laptop as if it is on borrowed time. Between drops, theft, and buggy software, data that's on a laptop is always living on borrowed time. If you aren't constantly backing up your laptop whenever you have an Internet connection, you're making a mistake.

Stolen Laptop Tattles, but Mine Doesn't

The Des Moines Register had an interesting story yesterday about how a stolen Compaq Presario led police to an apartment containing $20,000 worth of crystal meth.

Apparently the laptop was equipped with an "anti-theft feature that lets it phone home when plugged in," the paper reported.

Although there are several of these services on the market, probably the best known is Computrace, also known as Lojack for Laptops. (Absolute Software, makers of Computrace, licensed the Lojack name several years ago.) The software hooks into the computer at a very low level and is designed to make a phone call on a modem or send out a beacon on the computer's Ethernet at least once per day.

Absolute keeps track of each beacon that's received. If a computer is reported stolen, it can look at the caller ID from the phone call or at the IP address from the network communiqué. In this case, it seems, the laptop's thieves had participated in other criminal activities as well.

When the police showed up at the apartment to apprehend the stolen property, they found the drugs too.

It's great to hear that the laptop-recovery system worked for the victim in Iowa. But I've always suspected that the software wouldn't be too hard for a sophisticated thief to remove. Last week I found out that it's pretty darn easy, in fact--provided that you have a Mac.

You see, I bought Lojack for Laptops for my Mac back in August 2006.

Once I installed it, the software dutifully called back to Absolute every day. I could monitor these calls on the company's website. Then earlier this month I decided to do a clean reinstall of the operating system on my MacBook.

Reinstalling software on a MacBook is much, much easier than on a PC: you just boot from the CD-ROM, tell the computer you want to do a "clean install," and off you go. You can decide whether to do a clean install or an upgrade. You can even do a clean install while preserving your user accounts and applications. That's just what I did.

Well, apparently the clean install was a little too clean: the hidden software that Absolute had embedded in my operating system was wiped away with my old operating system!

I don't think that this is a real problem with the product today, as most crooks who steal a laptop probably aren't sophisticated enough to reinstall the operating system the very first thing--human nature being what it is, they're sure to turn on the laptop to see what's there. They might even be looking for information that they can use for identity theft.

Still, I do wish that the folks at Absolute wouldn't be so bold in their marketing claims. I can't speak about their PC product, but their Mac product is pretty darn easy to remove.

(As a side note, I should say that I both called and sent e-mail to the folks at Computrace, telling them that I was a journalist and asking them for a comment about the failure of their software. The nice person I spoke with in tech support promised that somebody would get back to me, but nobody did.)