# FileVault performance issues



## zlinger (Aug 28, 2007)

I have been using FileVault for a while now on a Mac Mini and MacBook Air to secure my computers. It was a great idea at first (even though it is a pain to backup data properly with time machine). However, I have been finding that both systems have been gradually getting slower overall.

I suspect that as I loaded more photos, music, etc. into iLife, in addition to a Parallels PC running within my home folder, encryption on the fly was too much and the system was taking a performance hit.

Well, I turned off FileVault and created a series of sparse disk images to store sensitive data. Lo and behold, I think both systems (especially the MBA) are running much more responsive now. 

Some conclusions: Apple needs to improve this feature to allow users to secure individual folders, instead of an entire users home folder. A setting in the 'Get Info' on a folder would indicate if a folder is encrypted or not. This would also make Time Machine backups easier too.


----------



## eMacMan (Nov 27, 2006)

File Vault is extreme overkill. Create a regular read-write encrypted disk image and use it to store only the actual documents that really need to be secure. 

Encrypted Sparse images and File Vault have caused and continue to cause issues.

If Leopard allowed you to turn off File Vault and you did not end up doing a complete from scratch system install, then that in itself is a huge improvement over Panther and Tiger.


----------



## zlinger (Aug 28, 2007)

Here is a good article about normal disk images and sparse disk images.

Ease sparse disk image compaction - 
Macworld | Mac OS X Hints | Ease sparse disk image compaction

I have decided that I will use sparse disks since the performance seemed to be faster opening (and creating), and I like the fact that it incrementally grows in file size.

I will also experiment with automator workflows to compact the disk images once in a while to free up space in the image as it grows.


----------



## chas_m (Dec 2, 2007)

zlinger:

Agreed all around.


----------



## gordguide (Jan 13, 2001)

FileVault _is_ a SparseDisk image. I'm not sure where your performance issue lies, but an encrypted sparse image created by Disk Utility is exactly, and I mean exactly, the same as a FileVault image. The Finder and Disk Utility even call the same UNIX tools to create, encrypt, decrypt, etc the images.

The only thing different about a FileVault image is the Finder treats is as a directory, not a disk, which is a pretty neat trick but is all in the Finder. That is why if you do a Get Info from the same account it comes up as an alias. If you view it when you are not logged in, it's a sparse disk image.

Try this: log into a second account on your Mac (create one if it doesn't exist; it doesn't have to be an admin account), go to the /Users/ directory, and there you will see the sparse image in all it's glory. Double click it and enter your password. It will mount and behave exactly as any encrypted sparse image you can create with Disk Utiltiy, because that's exactly what it is.

How's the free space on your Hard Disk? Upon startup the Finder is going to want to reserve an amount for Virtual Memory equal to the amount of installed RAM, and as the computer is used that amount will increase; over a number of hours you can expect to need 3x the amount of installed RAM.

So, if you have 1GB of RAM you will experience performance issues if you have only 3GB of free space or less. My MacBook with 2GB of RAM routinely uses 5~6 GB for VM in extended use sessions. Newer MacBooks that can use 4GB RAM will likely need 12 GB of free disk space available upon startup for VM.

It's easy to move your iTunes, iPhoto or iMovie files out of your home directory, and it's also simple to store other files outside that directory as well. Certainly if you have only a few sensitive documents then an encrypted image created with Disk Utility is an option, but consider what data exists in your ~/Library folder.

FileVault is really the best option for those files, which contain plenty of sensitive data from your browser sessions and cache, your eMails, and the application support and preference files, and cannot be easily moved elsewhere.


----------



## Adrian. (Nov 28, 2007)

I agree. Filevault is mega overkill. It sets up so many more permissions hurdles for the system to go through and makes it slower.

bitclamp works fine for me. I just make a folder with all my sensitive stuff and 64 bit encrypt in.


----------



## zlinger (Aug 28, 2007)

Thanks all for the ideas and explanations. This makes sense and truly explains why my MacBook Air was running so lousy. The Mac Mini has more power so could grind through processes better. On the MBA, the hard disk also spins slower, so one more thing it had to deal with!

I decided that I will consider using TruCrypt TrueCrypt - Free Open-Source On-The-Fly Disk Encryption Software for Windows Vista/XP, Mac OS X and Linux which is an open source and cross platform solution to create encrypted vaults. I have been using it for a few years now on a PC (at work), and thumb drives and have found it reliable. Recently it was ported over to OSX, so I will give it a try. The nice thing is it is cross platform. Has anyone else used this application?


----------



## chas_m (Dec 2, 2007)

Just a second for bitclamp. That should do the job nicely, and has more fine control than Filevault.


----------



## zlinger (Aug 28, 2007)

UPDATE: After spending the day getting my MacBook Air secured vaults setup... I have now decided the best solution that works for me is a combination of all of the above while taking into consideration the issues mentioned by everyone here as well as a need for simplicity AND security. My early tests had me entering in passwords all the time to open vaults which was a pain.

What I did was move all my photos, movies, music to a folder outside of the home folder (not encrypted). I turned FileVault back on, as I'm paranoid when it comes to personal data and preferences/library/caches being carried around everywhere I go. 

I'm okay with a slight hit on performance, but I did make sure there is lots of elbow room for virtual memory to mitigate this loss. My work files (i.e. documents\work\*) will also be encrypted with TrueCrypt (so I can move this encrypted image file to a PC when needed).

The Parallels PC runs a Windows partition so no hit in performance. I tested it and it works great. Time machine will backup when I log out (don't care about hourly backups). I will also backup the home sparse disk to an external and offsite drive. I will do the same with the Mac Mini.


----------



## HowEver (Jan 11, 2005)

.


----------



## Silv (Mar 28, 2008)

HowEver said:


> Does anyone use, and want to share a review of, PGP?
> 
> PGP Corporation - Products - PGP Desktop Home


No, but here's something I read a while back (and bookmarked it too) on PGP.

What is the Best Version of PGP?


----------



## HowEver (Jan 11, 2005)

.


----------



## zlinger (Aug 28, 2007)

Further on the issue of encrypted disk images and to filevault or not, it seems that sparse bundle disk images are working well within my computing environment. Reading up on this, it seems time machine will recognize it as blocks of data so it does not need to waste disk space. So far, so good.


----------

