Monday 28 November 2011

Mac OS X Lion: Saved Versions considered harmful

Lion has a new feature designed to take safety copies of files you are editing.   But this isn't a good idea if you edit confidential documents, as it will result in copies of your sensitive documents spreading beyond the folder you put them in.  There's no easy way to disable it..

The idea is that Lion will keeps a local backup in a special place on your disk.  Any application compliant with this new scheme will have a little triangle next to the filename in the window title bar, allowing you to browse different saved versions (using the Time Machine 'Star Wars' GUI).   Also you will notice that "File/Save" has become "File/Save a version".

Annoyingly, this means that the hidden folder /.DocumentRevisions-V100 contains extra copies of every file you've edited with a recent Apple application.   See this Reg article for more details. 

So, how to disable automatic document backups? 

Some  commentators are wrongly suggesting that opening up a Terminal window, and using the command sudo tmutil disablelocal will stop new file copies being created in /.DocumentRevisions-V100. That is incorrect.  The tmutil disablelocal command refers to local backup files that are taken between runs of Time Machine.  That's not what I'm seeing on my iMac.

As a workaround, at your own risk, you might try opening up a Terminal, and executing the command:-

cd /
sudo rm -rf .DocumentRevisions-V100

That will delete any lingering unwanted backup copies of your documents.  But the next time you use a Versions-aware application, the directory structure will be re-created, and the madness will start again.  Well done Apple!  You've just given corporations another reason not to use your products.

PS: If you worry about due diligence (whether for commercial reasons, or to keep personal data safe from computer thieves etc) then you should be using Lion's new Full Disk Encryption feature.    See System Preferences / Security & Privacy / FileVault.   Set this to encrypt the whole system volume.  On the plus side, this means that once your computer is switched off, no-one can access the hard drive without a valid password (not even if they boot from a LiveCD).   On the minus side, it means you lose everything if you forget your password.   This is the most secure solution: it's much better than just encrypting your home directory.

PPS: If you use FileVault full disk encryption, you need to think about how your backups are protected.   If you use Time Machine to make backups, then you need to tick the box to encrypt them (System Preferences / Time Machine / Select Disk / Encrypt backup disk).   If the tick box is greyed out, then you are probably using an external network drive to hold your backups.   In this case, I recommend that you use Disk Utility to create a "spare encrypted image" on the external backup drive.   Make a point of mounting the encrypted image before you take a Time Machine backup, and dismounting it again afterwards.

PPPS:  Need to lend someone your MacBook to surf the web?  If you want to keep your files private, log out, and click the icon to reboot the box into secure mode.  They won't be able to save or print anything - but if they just want to surf the web, maybe that's a good thing.

No comments:

Post a Comment

Spammers: please stop wasting my time. All comments are moderated before publication.