You should use FileVault from the first day you purchase your Mac. Probably cant get it to work with Windows 7, cuz bootcamp assistant on Mac High Sierra will not accept a windows 7 iso, insist on windows 10. Should be able to use / also. Installer -pkg Finkpkg -target LocalSystem similar to rpm -i sw.rpm -target LocalSystem is the equiv of the GUI telling where to put the program.
![]() Fink Sierra Mac High SierraWhen said file is deleted it remains encrypted but its unique encryption key is eliminated so the file is unrecoverable. The new APFS file system - when used in conjunction with an encrypted SSD via filevault - uses a random, dynamically created and of course, fiercely strong and unique encryption key for each file. No individual file secure erase needed.If I understand this correctly, in concept:1. Of 2014 and encrypted its SSD in Dec. It is NOT used by default.Sierra uses your existing HFS+ file system, and you should continue to use your existing HFS+ file system, because a "New" file system is going to have all kinds of issues and problems with it (my day job is as a file system developer for Unix operating system (never for Apple), and I know very well how difficult it is to get everything working perfectly on the first release).Here are some additional links about APFSGoogle can find you more by search for APFSThey if you do not have FileVault enabled, you should consider doing that "Real Soon Now"Thanks again to all.and hope all had a good wk end.Acquired a brand spanking new macbook pro (MBP) in Nov. Am assuming that the flash drive is now using APFS and has the same pretty good security characteristics as the SSD?BTW this stuff important to me as I travel with the Mac book (my only system) and want to avoid (as much as possible) any issues associated with theft/loss or some strange customs guy.APFS, while available to try in Sierra, really should not be used for anything except experiments to see what it is all about. The secure erase function was then no longer available. Did this, which took over an hr, reformatting and re-encrypting. Previously the secure erase/secure empty trash function would overwrite files but was not entirely effective due to the inherent limitations of an overwrite strategy when using an SSD?Thus an SSD's free space encrypted and running Sierra is more secure (once trash is emptied) than the same encrypted system under 10.11 using secure empty trash/erase or other overwriting technique? With the added advantage of being faster and easier on the SSD?Am assuming that the Sierra upgrade procedure processes all existing data to allow these capabilities for existing files?Interestingly I plugged in a thumb drive (SanDisk 128gb/ usb 3.0) i had created and encrypted using OS X containing back up files and was able to access secure erase. That was meaningless to begin with since this hypothetical machine was already encrypted.But if your hypothetical thieves were really that fast, even secure erase wouldn't help you. This does not seem to be the case.Sierra only eliminates the secure erase. Based on comments received i thought this might all be due to a file system change occasioned by the upgrade to sierra and was replaced by a more secure approach. I should have time to deal with things before anyone is able to breakthrough.Sierra apparently eliminates that particular approach. This is analogous to taking my old LAN with me on the road.So before leaving, i back up what i consider to be sensitive files to an encrypted flash drive.I then delete all those files from the encrypted MBP using secure empty trash.So when i am sitting at an outdoor cafe with my MBP reviewing my upcoming agenda and someone runs by and snatches my encrypted but logged on MBP, I’m not too happy, but it is not a disaster.All my self identified sensitive files are somewhat mangled by secure empty trash. I travel and now take the MBP. I think we've been through this several times by now. If I assume these thieves are as clever as they are fast, they will make sure to recover any recently deleted files from your snapshots.I'm not sure what you are getting at. Since this is a MacBook Pro, it likely has Time Machine local snapshots enabled. People use it to watch movies, do term papers, and post on Facebook. A MacBook Pro is not a device the CIA issues to secret agents. The idea of thieves snatching your MacBook Pro and running down the street with it, careful moving the mouse pointer every 45 seconds to ensure it doesn't go to sleep or lock the screen, and then raiding your carelessly deleted files, is just silly. FileVault is better and has always been better. Resizing software for macYou could create a partition for APFS and keep those sensitive files on the experimental APFS partition. DO NOT use these on an SSD, as it does nothing except shorten the life of the SSD.Again for a rotating hard disk, you could get the open source 'srm' command line utility via something like , , , then create an Automator drag and drop app that will use the 'srm' command via "run shell script" to use the same LESS THAN 100% secure erase.If you wish to experiment with APFS, then it is available on Sierra. Just don't worry about it.If your Macbook Pro has an SSD, then today FileVault withSystem Preferences -> Security -> General -> Require password after sleep or screen saver beginsAnd a moderately short Screen Saver "Start after" interval (not too short, as it can make it difficult to get any work done), is the current Best Practice approach.If your Macbook Pro has a rotating hard disk, then go to the Applications -> App Store and search for "Secure Erase", and you will find several utilities that do the same LESS THAN 100% secure erase as you had before, but it might be good enough for what you want.
0 Comments
Leave a Reply. |
Details
AuthorEric ArchivesCategories |