Skip to content

March 19, 2007

4

The Downsides of FileVault

After reading Frankly, I love FileVault. It’s a little extra peace of mind that doesn’t come at a very high price. Apple has pointed out that a disk-hungry application’s performance might be affected if its files are accessed from within FileVault, but there are three additional potential problem areas that aren’t frequently discussed and results in unexpected or unpleasant user experience.

1) Applescript:
Lots of applications (like Quicksilver and Automator, for example) rely heavily on Applescript, and most Applescripts can not navigate a folder path inside of FileVault. Apple hasn’t addressed this problem since it showed up in Panther and very few Applescript developers have written their apps to either detect or circumvent this FileVault problem. So if you use FileVault, and can’t figure out why some app isn’t functioning the way you’d expect, try running it from a user account that isn’t running under FileVault.

2) Backup:
Never, ever try to backup anything except a subset of a home directory while logged into a user account that is FileVault-enabled. If your backup strategy is a full disk mirror using SuperDuper!, Carbon Copy Cloner, or the like, you must be logged in as a user without FileVault enabled. Otherwise, the backup application can not successfully capture the FileVault disk image. This also means that even incremental backups will take a bit of time since the the entire FileVault disk image must be backed up each time, and this might be tens of gigabytes.

3) Fragmentation and Performance
There has been a lot of discussion over the years about whether or not OS X HFS+ drives fragment. OS X will auto-defragment files that are less than 20 MB. FileVault being a sparse disk image means that it doesn’t need to occupy a contiguous area of the drive, but it is also guaranteed to be larger than 20MB. As a result, a drive containing a FileVault disk will invariably fragment, and in my experience, fragment badly. This slows the machine down noticeably. I have spent some time trying to lessen this issue by trying to figure out how to move my FileVault image to its own partition to no avail. If anyone can figure out how to do that, please let me know.

(4) Slow logout or shutdown)
There is a fourth issue, though not one I think is as important as the other three. Namely: when you log out of a FileVault-enabled user account, the OS offers to recover some disk space that is being wasted due to the way OS X handles file deletion on disk images. I highly recommend letting the OS recover that space, but that can take a couple of minutes depending on how many files were affected. I’ve read several comments complaining about how long it takes for PowerBooks and MacBooks to go to sleep when SafeSleep is enabled – those people would be horrified by how long it’ll take their computer to shutdown or log out with FileVault enabled. Not to mention, this “offer” comes in the form of dialog box, that doesn’t time-out. I have, more than once, forgotten about that dialog, told my computer to shutdown, left home before seeing it, and come back hours later to see my machine is still running with that dialog up waiting for me to tell it to recover the disk space.

All of this isn’t meant to discourage anyone from using FileVault. As I said before, I use it, and I’m glad I’ve got it as some additional peace of mind. However, you should consider these issues before enabling this feature.

Read more from Technical
4 Comments Post a comment
  1. May 2 2007

    A great summary of the problems of FileVault. I personally like FileVault and think disk encryption is import, so I use it dispite the drawbacks you mention. However, it would be great if some or all of these issues were resolved in Leopard. I’ve read that FileVault is implemented differently in Leopard:

    http://themachackers.com/2006/12/20/filevault-doesnt-use-sparse-images-anymore/

  2. AV
    Oct 11 2008

    Thanks for the post – told me what I needed to know.
    And this means for me no FileVault.
    Thanks!

  3. Jun 21 2010

    You may wish to consider the use of LBackup for backup of users home directories which have FileVault enabled. Further information is available from the LBackup website : http://www.lbackup.org

Trackbacks & Pingbacks

  1. Mac OS X - inherently-secure? ..part 8 | aquafruit media blog

Share your thoughts, post a comment.

(required)
(required)

Note: HTML is allowed. Your email address will never be published.

Subscribe to comments