PGP: Whole disk encryption for Mac OS X is 'in active development'
PGP Corp. says a full-disk encryption utility for Mac OS X is being developed, which will pick up where existing programs like the built-in FileVault leave off.
PGP Corp. is planning to release a version of its whole-disk encryption software for Apple Macintosh computers running OS X.
Jon Callas, PGP's chief technology officer, told me on Monday that the software is "in active development" and will run on Intel-based Macs. Callas didn't want to elaborate on a shipping date, unfortunately.
This promises to be a boon for OS X users, especially laptop users who are more likely to lose their machines or run into snoopy border police and airport security guards who want to poke around the contents of their hard drives. Right now there's no way for OS X users to encrypt their entire boot disks.
OS X already features FileVault, of course, but that focuses on encrypting the user's home directory. Without whole-disk encryption, Unix-derived systems including OS X store in unencrypted form details about VPN usage, login times, and what applications are installed in the default location. Some applications including Thunderbird save working copies of documents in an unencrypted area outside the home directory.
Another problem with FileVault is that it hasn't always been implemented that securely. Earlier versions of OS X didn't encrypt the swapfile used for virtual memory, meaning the password could in many cases be easily extracted. And a paper (click for PDF) published last year by Jacob Appelbaum and Ralf-Philipp Weinmann found other potential security weaknesses.
PGP its whole-disk encryption utility for Windows in May 2005. A perpetual license for PGP Whole Disk Encryption 9.8 for Windows costs $149.
I should also note here that a free volume encryption utility called TrueCrypt was released for OS X last week (it was previously available for Windows and Linux). TrueCrypt doesn't do whole-disk encryption, but it does offer a way to conceal the fact that an encrypted volume exists--although that handy feature isn't yet available on OS X and Linux.