A pretty gruesome predicament

No matter how much I fantasize myself a man of the world, the embodiment of culture, the essence of charm and knowledge, my friends and family remind me on a daily basis that I am, also and above all, the group's resident technical guy.

That means that between my moments of memorable brilliance and subtlety I answer questions about email servers, provide technical support, track lost computer shipments on UPS and run hardware tests on weary machines. Things have taken off so much over the past few months, as everyone around me started switching to the Mac, that my hobby now closely resembles a small side business, complete with tracking system, dedicated phone line and irregular hours. The only thing missing, frankly, is revenue of some sort and a rubberized stamp bearing my name in small lettering.

Luckily, I absolutely love computers, and I'm a sucker — pardon my French — for extending a helping hand to a friend in need. Hence, I always jump to these keyboards, all with their particular size, font, color and level of incrusted oily grime, with joy, warmth and a genuine pleasure at solving or, at least, attempting to solve, whatever problem I am confronted with.

There is, however, one speech I fear, and this speech, ironically enough, is often the first I deliver to my switcher friends or those who have recently upgraded to Leopard: FileVault is not compatible with Time Machine, and backing up their computers is going to be a painful, manual process without any of the eye candy and spontaneous fun promised in the O'Reilly book I always have them purchase right after ordering the machine for them.

Why bother with FileVault might you ask… That, certainly, is a sensible question, and one I often ask myself in moments of self-pity and bug fatigue. You see, for all its flaws, for all its cryptographic feebleness, for all its limitations, FileVault remains a pretty smart, transparent way to ensure a lost computer does not become a full blown catastrophe. Certainly, only a select few among my friends work in counter-espionage, but all of them are in the habit of doing a modicum of online banking or a soupçon of Internet trading. Some even keep titillating shots of themselves on their hard drives — or so I am told —, that they would prefer not to be widely distributed on YouTube, with accompanying ABBA soundtrack, by a vengeful, formerly significant, other. Hence the FileVault.

Luckily, the esteemed PGP Corporation recently released PGP Desktop 9.0 for Mac, featuring, for the first time ever, boot disk encryption. Now, I have been bitten by PGP products in the tenderest places of my infrastructure more than decency allows me to say. I especially remember a painful incident involving a trashed hard drive, a crippled Disk Utility and an incapacitated iChat, luckily solved by the thorough eradication of anything blue, corporate and acronymic from my machine.

This time, however, it appears that PGP got it right, maybe because the Mac market is finally worth a sliver of their time, efforts and attention. PGP Desktop as a whole is still an encumbered mess of wizards and icons, a pretentious pile of sordidly useless features. It does, however, encrypt boot drives remarkably well.

Upon installation, all one needs to do is to select the boot drive and ask the software to transform it into an encrypted drive. The fact this is actually the machine's boot volume is decently hushed, and PGP Desktop unobtrusively gets to work, as if it were a mere routine operation. Conveniently, the encryption process happens in the background, meaning one can carry on one's daily YouTubing activities without fear of skipping a single video response.

The result? An amusing, if somewhat vulgar, PGP splash screen appearing before the traditional "gray apple" at boot, and what appears to be a transparently encrypted drive. After a couple weeks, I am happy to report that I have not noticed any slowdown or stuttering. All my applications, including those dealing with the hard drive on an intimate footing, seem unaffected by the change. Even Mac OS X v. 10.5.5 installed and multi-rebooted without registering any perplexity.

I should note also that I am currently testing FileVault on top of PGP, with the same blissful tranquility, on a SSD-equipped MacBook Air.

I haven't yet attempted to test the quality of the encryption or research potential flaws in PGP Desktop's enforced security structure. Truthfully, I can't, as I have none of the required algebraic knowledge. I am sure the regular drama of security products will unfold over the coming months: bugs will be found, weaknesses exploited by the "authorities," backdoors will be suspected and data will be lost.

If, however, the PGP Corporation can be trusted, and let us hope they can be, then this Whole Disk Encryption affair is, in Internet parlance, a Pretty Big Deal, and a Killer Feature. To sum up, it's convenient, it's transparent, and it's fast. What's more, it requires no knowledge of security procedures once it is installed as it appears to be, to the legitimate end user at least, just one more annoying password prompt cum billboard.

Provided the experience proves successful over time — two weeks is a bit on the short side to decide on deploying a low-level piece of software onto grandma's computer —, PGP Whole Disk Encryption is a fine candidate to replace or complement FileVault. Being more extensive, it is can be more secure, and being transparent to the operating system, it does not rely on Apple's desire — or, indeed ability, the way things seem to be designed — to combine what is essentially a consumer feature with a relic from their enterprise aspirations of yesteryear.

I am, of course, a bit unmerciful, as FileVault was the theater of vast experiments in Tiger, finally receiving a much needed boost in Leopard, thanks to the introduction of sparse "bundles" in lieu of sparse "images." Of course, given Apple's statement that "sparse images and shadow files were designed for intermediate use when creating other images," it seems the improvement was very much needed and, in retrospect, little trust should be placed in the early iterations of the system.

So, to sum it all up, as they say, whatever you use your computer for, I would recommend you keep an eye on PGP Desktop for Mac OS X. There is a trial license scheme, so there is little risk in installing it on that grimy MacBook you keep for the guests in the spare bedroom. It's too early for me to recommend it, as I have FileVault in the past — and still do — but it definitely ought to blip steadily on every Mac user's radar.