What is going on with File Vault 2?

Rod


Joined
Jun 12, 2011
Messages
7,952
Reaction score
716
Points
113
Location
Melbourne, Australia and Ubud, Bali, Indonesia
Your Mac's Specs
2015 MacBook Pro Retina 13" macOS 11.1, iPhone SE 2, iPad 6, Apple Watch SE.
I have recently seen an number of new MBA's and MBP's where File Vault was On where the users claimed they had not initiated that option. Is this a default setting on new laptops with Yosemite installed? Because if so it's causing all sorts of problems for my clients.
Obviously one can just switch it off in System Prefs > Security & Privacy > File Vault. The only catch is it takes hours to de encrypt and there is the risk of failure.
I dont use it myself preferring encrypted .dmg folders for the few pieces of data I want kept secure.
File Vault on the other hand causes all sorts of problems when it comes to repair, backup and restoring HD's. I hate to say it but many people cant even remember their Admin Password much less a Recovery Key.

It seems to me that unless you are carrying secret military files around with you encryption is likely to cause you more problems than it is ever likely to solve.
 
Joined
Mar 17, 2008
Messages
6,879
Reaction score
191
Points
63
Location
Tucson, AZ
Your Mac's Specs
Way... way too many specs to list.
FileVault was off (which is the default) when I received my new MBA in Jan. It's on now, I wouldn't have a non-encrypted mobile device that was anything more than a netbook. To be frank, most people have enough personal information on their laptops that it's not even funny how vulnerable they are to a single theft.

By the way, it's not a trivial 'click' of the mouse to enable it. You're prompted to write down the recovery key, have the option to store it with apple (using your AppleID), etc.. then it takes some time to perform the actual encryption, the process makes all of this clear.
 

chscag

Well-known member
Staff member
Admin
Joined
Jan 23, 2008
Messages
65,249
Reaction score
1,829
Points
113
Location
Keller, Texas
Your Mac's Specs
2017 27" iMac, 10.5" iPad Pro, iPhone 8, iPhone 11, iPhone 12 Mini, Numerous iPods, Monterey
I have recently seen an number of new MBA's and MBP's where File Vault was On where the users claimed they had not initiated that option. Is this a default setting on new laptops with Yosemite installed? Because if so it's causing all sorts of problems for my clients.

File Vault 2 is not on by default and as stated above, not easy to initiate. Your clients are likely turning it on by mistake - in other words, user error or a new user fidgeting with their machine.
 
OP
Rod

Rod


Joined
Jun 12, 2011
Messages
7,952
Reaction score
716
Points
113
Location
Melbourne, Australia and Ubud, Bali, Indonesia
Your Mac's Specs
2015 MacBook Pro Retina 13" macOS 11.1, iPhone SE 2, iPad 6, Apple Watch SE.

chscag

Well-known member
Staff member
Admin
Joined
Jan 23, 2008
Messages
65,249
Reaction score
1,829
Points
113
Location
Keller, Texas
Your Mac's Specs
2017 27" iMac, 10.5" iPad Pro, iPhone 8, iPhone 11, iPhone 12 Mini, Numerous iPods, Monterey
Interesting. I wouldn't have thought (if that is in fact true) that Apple would implement FileVault 2 without the user's input. Shades of Microsoft if that's true. :Angry-Tongue:
 

bobtomay

,
Retired Staff
Joined
Dec 22, 2006
Messages
26,561
Reaction score
677
Points
113
Location
Texas, where else?
Your Mac's Specs
15" MBP '06 2.33 C2D 4GB 10.7; 13" MBA '14 1.8 i7 8GB 10.11; 21" iMac '13 2.9 i5 8GB 10.11; 6S
None of the portable Macs I did in place upgrades to Yosemite (only 4 or 5) enabled Filevault including 2 here in the house - a MBA and a MBP.
It is true that it is using LVG.
 
Last edited:

Slydude

Well-known member
Staff member
Moderator
Joined
Nov 15, 2009
Messages
16,707
Reaction score
601
Points
113
Location
North Louisiana, USA
Your Mac's Specs
2.8 GHz 2008 MacBook Pro 10.11, 8 GB mem, iPhone 12 Pro Max, 2015 iMac 16 GB Big Sur
Interesting. I wouldn't have thought (if that is in fact true) that Apple would implement FileVault 2 without the user's input. Shades of Microsoft if that's true. :Angry-Tongue:

Is this supposed to be happening on a clean install or upgrade? I did an upgrade install and don't remember having to turn FileVault 2 off.
 

chscag

Well-known member
Staff member
Admin
Joined
Jan 23, 2008
Messages
65,249
Reaction score
1,829
Points
113
Location
Keller, Texas
Your Mac's Specs
2017 27" iMac, 10.5" iPad Pro, iPhone 8, iPhone 11, iPhone 12 Mini, Numerous iPods, Monterey
Is this supposed to be happening on a clean install or upgrade? I did an upgrade install and don't remember having to turn FileVault 2 off.

According to the link that Rod provided and the ongoing discussion, it appears that the answer was a brand new Mac portable computer (MacBook Pro, Air, etc) shipped with Yosemite and FileVault 2 on by default.

I personally find this hard to believe. And as I stated above, if it is true, it's like something that only Microsoft would do. I noticed that chas_m said in his reply that it's a lie. I wish he would have given some supporting information to back that statement up.
 

Slydude

Well-known member
Staff member
Moderator
Joined
Nov 15, 2009
Messages
16,707
Reaction score
601
Points
113
Location
North Louisiana, USA
Your Mac's Specs
2.8 GHz 2008 MacBook Pro 10.11, 8 GB mem, iPhone 12 Pro Max, 2015 iMac 16 GB Big Sur
Agreed. I was thinking the same thing. If it is true then it would be something of a departure for Apple. Usually anything like that, including firewall and automatic login, are off by default and must be turned on by the user.

I thought maybe the machine was a refurb but I don't remember it being that way even then.
 
Joined
Mar 17, 2008
Messages
6,879
Reaction score
191
Points
63
Location
Tucson, AZ
Your Mac's Specs
Way... way too many specs to list.
According to the link that Rod provided and the ongoing discussion, it appears that the answer was a brand new Mac portable computer (MacBook Pro, Air, etc) shipped with Yosemite and FileVault 2 on by default.

I personally find this hard to believe. And as I stated above, if it is true, it's like something that only Microsoft would do. I noticed that chas_m said in his reply that it's a lie. I wish he would have given some supporting information to back that statement up.

If so, something has changed since January. When I took delivery of the MBA I'm currently using. I had to enable FV2.
 
OP
Rod

Rod


Joined
Jun 12, 2011
Messages
7,952
Reaction score
716
Points
113
Location
Melbourne, Australia and Ubud, Bali, Indonesia
Your Mac's Specs
2015 MacBook Pro Retina 13" macOS 11.1, iPhone SE 2, iPad 6, Apple Watch SE.
This has really piqued my curiosity now. I too upgraded two existing MBP's to Yosemite only months ago and no FV enabled.
chscag may have hit the nail on the head with the, "brand new Mac portable computer (MacBook Pro, Air, etc) shipped with Yosemite and FileVault 2 on by default."
The author of the thread sounded genuine and although lot's of people on various forums get things wrong ie I dont believe everything I read I may just reply to the thread and see if I can get more information.
At this point I am not willing to dissmiss this out of hand as it would certainly explain what I have observed with some of my clients.
I will get back to this thread with results/replies as soon as I find out more.
 

chscag

Well-known member
Staff member
Admin
Joined
Jan 23, 2008
Messages
65,249
Reaction score
1,829
Points
113
Location
Keller, Texas
Your Mac's Specs
2017 27" iMac, 10.5" iPad Pro, iPhone 8, iPhone 11, iPhone 12 Mini, Numerous iPods, Monterey
Thanks Rod. Please keep us posted with what you find out.
 
OP
Rod

Rod


Joined
Jun 12, 2011
Messages
7,952
Reaction score
716
Points
113
Location
Melbourne, Australia and Ubud, Bali, Indonesia
Your Mac's Specs
2015 MacBook Pro Retina 13" macOS 11.1, iPhone SE 2, iPad 6, Apple Watch SE.
Ah ha!

Got it! Now I understand; "But what's new in OS X Yosemite, is that more users are likely to enable FileVault than ever before—as at installation you have to consciously opt-out of having your hard drive encrypted, rather than opt-in."
Taken from this site (all credit to them)Take that FBI! OS X Yosemite Encrypts Disks by Default, Better Protecting Privacy | The Mac Security Blog
So it would appear that my source is (sort of) correct. File Vault will be enabled unless you choose not to.
I can only say if I was given the option at my recent upgrades I must have pressed "no".
Can't say I remember that so it may be an inclusion of the most recent version 10.10.2 that behaves this way.
My guess is a lot of people would opt for this without thinking much about the possible complications. After all everybody wants security, right?
Setting it this way Apple seems to be saying, this is what we advise but the choice is up to you. I'd call that enticement.
As for devices bought already set up with Yosemite by a dealer for a purchaser my guess is they would advise enabling File Vault.
I love the heading "Take that FBI !!" Wow, emotive stuff for the paranoid among us.;)
 
Last edited:

chscag

Well-known member
Staff member
Admin
Joined
Jan 23, 2008
Messages
65,249
Reaction score
1,829
Points
113
Location
Keller, Texas
Your Mac's Specs
2017 27" iMac, 10.5" iPad Pro, iPhone 8, iPhone 11, iPhone 12 Mini, Numerous iPods, Monterey
I love the heading "Take that FBI !!" Wow, emotive stuff for the paranoid among us.

Thanks Rod. If encrypting one's hard drive would really keep the FBI out, there would be some value to it if you were into doing nasty things with your machine. I don't think anyone actually believes that FileVault 2 is able to keep the FBI out. Or, for that matter the NSA. ;)
 
Joined
May 19, 2009
Messages
8,428
Reaction score
295
Points
83
Location
Waiting for a mate . . .
Your Mac's Specs
21" iMac 2.9Ghz 16GB RAM - 10.11.3, iPhone6s & iPad Air 2 - iOS 9.2.1, ATV 4Th Gen tvOS, ATV3
I HATE FileVault.
Rod, I remember having to make sure I checked NO for that feature. Most new people don't understand FileVault, and this can cause massive issues as you have found out. Although FV 2 is a step up from the original, have a read of this thread, where ways back in '09' I had a BIG problem, not understanding what I was getting myself into.
My solution is in the last paragraph, but the crux of it all, is Apple really really need to inform people more about the implications of turning FV on. Basically, if your HD hasn't got the room to put the de-encyption into a swap file, the FV won't be able to decrypt the Disk, and will give you a massive headache.

EDIT : The sad part is, people think they NEED to have FV on, but IMHO, unless you have secret squirrel stuff on your Mac, then its not needed. With the way Yosemite is, and earlier OS's, if you have a Mac stolen, you can remotely wipe it. Have a good PassPhrase to get into it, don't have Auto Login for Safari, and have a 1Password type password manager, you are generally 99% safe.
Another solution I have found I can't live without, id Little Snitch, and nothing can get onto my Mac, without my say so, and if I'm not sure where something is coming from, I click "Don't Allow" and I sleep happy at night.

I dont envy you mate !!
 
Last edited:
Joined
Mar 17, 2008
Messages
6,879
Reaction score
191
Points
63
Location
Tucson, AZ
Your Mac's Specs
Way... way too many specs to list.
Really, what needs to happen is the drives just need to all be SED. Seriously. Oh, and this really is where things will head.
 

Slydude

Well-known member
Staff member
Moderator
Joined
Nov 15, 2009
Messages
16,707
Reaction score
601
Points
113
Location
North Louisiana, USA
Your Mac's Specs
2.8 GHz 2008 MacBook Pro 10.11, 8 GB mem, iPhone 12 Pro Max, 2015 iMac 16 GB Big Sur
Thanks for running that down for us Rod. When this thread started I was sure I had never seen anything about FileVault during the update. Since I didn't do a clean install I figured it preserved my setting from the previous install. Based on what you're saying I must have opted out and not realized it.
 

Shop Amazon


Shop for your Apple, Mac, iPhone and other computer products on Amazon.
We are a participant in the Amazon Services LLC Associates Program, an affiliate program designed to provide a means for us to earn fees by linking to Amazon and affiliated sites.
Top