Knox vs Apimac Protect Files

For ten years, I have been a user of Intego's FileGuard for keeping confidential documents safe on my Mac. I have no complaint with it, it has always worked well, and I have never had any issue. But I have recently discovered that FileGuard will no longer be supported. It may still work for a long time, or a short time, depending upon what changes Apple introduces.

Anyway, I do not intend to wait for the day when I will no longer be able to use it and I am considering to switch to another, similar app, if I can find one adequate for my needs. What I want is to have protected folders, which I can open and to which I can add new documents, with sub-folders inside the protected folder.

There are not so many apps for Mac doing that. Knox is an obvious candidate, and I have just started testing it. It seems to work well (although reading some reports from users who are no longer able to open their vaults makes me slightly nervous!). But it happens that I had bought some time ago - without using it until now - Apimac's Protect Files. Very similar concept to Intego's FileGuard, thus the switch would be easy. Very easy to use too - but the same can be said for Knox.

Before deciding either to buy Knox or to switch to Protect Files, I would like to know what, according to you, should convince me to buy Knox? What does it offer that makes a difference, for my specific use? What makes it a better and more reliable tool? (Price is not an issue here, since both apps are reasonably priced for what they offer; just it happens that I do already own a Protect Files license, but I am willing to buy Knox if it has a decisive advantage such as more reliability, security, or whatever.)

Thank you for helping me to compare and to make my mind.


  • Uno_LavozUno_Lavoz
    edited October 2013

    Knox uses Apple's command-line tools for creating encrypted "disk image" containers (which you could do yourself for free via the command line or Disk Utility, by the way).

    It's therefore 100% bulletproof since it rides on great, standardized Apple technology and won't break due to some proprietary mess. You can always open them later on any Mac, with zero need for third party software.

    I don't see any reason to pick Apimac over Knox/Disk Utility/Terminal (the latter 3 are all the same).

    If you want to do it for free instead of using Knox, here's how to do the EXACT same thing via Apple's own tools:

    The only difference is in the "prettiness" of the user interface.

    The creation step via Disk Utility only has to be performed once. Once an OS X encrypted disk image has been created, you always mount it by double-clicking it and entering the password, and you eject it by pressing the Eject button for the volume in the Finder sidebar.

    I have extremely high respect for the engineering work that went into 1Password. Knox on the other hand is just a different GUI on top of Apple's own tools. It's up to you if you think it's worth paying for what is already in the OS.

    Knox applies some pretty icons on the volumes (cosmetic) and makes it easy to re-mount them via a drop-down menu (can be done via Spotlight too).

    I'd suggest you create a disk image via Apple's Disk Utility and try using it for a while. If you want a prettier disk image icon, you can quickly apply your own custom icon by using "Get Info" on the mounted image and pasting the icon (just like you do when overwriting any other icon in the OS). As for quickly re-mounting the image, you can use Spotlight to find it, or place a shortcut to it on the desktop, or any number of other methods that you're already using every day to open your files.

    The only way I'd ever recommend Knox would be if they could add 1Password integration so that it automatically fills in the mounting password. Then it'd finally offer something valuable over Apple's native tools.

  • Thank you for your comment and remarks. Definitely, it helps to clarify what to expect from Knox.

    I have never used 1Password. But maybe I shall also consider it at some point. For the time being, I use WebConfidential, which obviously is something different, but has proved stable over the years.

  • Uno_LavozUno_Lavoz
    edited October 2013

    You're welcome. I just discovered that Apimac Protect Files does the exact same thing; meaning that it also just uses Apple's built-in tools for creating disk images. I wonder why so many companies feel entitled to sell alternative GUIs for what's already in the OS? These are not the only two companies that do it. I've seen lots of others sell wrappers built on top of Apple's encryption tools.

    My best suggestion is to just use the official Disk Utility. It's free and it's what all of those other GUIs use under the hood, and you only need to use it once, when you first create the disk image. Get any of those alternative GUIs if they appeal to you, but they don't add anything at all security-wise.

    As for the security of Apple's disk images, they're using industry-standard 128/256-bit AES encryption, which cannot be cracked before the solar system ends - as long as you choose a long, secure password, of course.

    You can test your password strength at - it will tell you how long it will take to brute-force your password. Be sure to pick a password that's long and will never be in password dictionaries. For instance, "123$$$Correct!Horse!Battery!Staple$$$123" is infinitely more secure than "correct horse battery staple" which is infinitely more secure than "horse". The latter ("horse") would be instantly cracked via a typical common-passwords dictionary. The two prior, longer examples are both great. You can look at their relative bruteforce-strengths by inputting them at the website I just gave you. You'll see that combining upper- and lowercase, numbers and special characters greatly increases the strength.

    It goes without saying that you should come up with your own passwords, though.

    Lastly, I'd say you should download the 1Password 4 trial ( I just had a look at WebConfidential and almost laughed. :) You'll love 1Password if you thought WebConfidential was good. :D

    Use the $34.99 you saved on Knox and buy the $49.99 1Password instead. A far better investment.

    You'll love it.

  • Thank you for the advice, I will consider testing 1Password.

    Regarding Apimac's Protect Files, since I own it already, I may well use it after all.

  • MikeTMikeT Agile Samurai

    Team Member

    Hi @Helveticus,

    @Uni_Lavoz is correct, Knox is using Apple's built-in tools to create the vaults for you. Knox is being offered as a manager for folks working with multiple sparse images, so they can can control it all from a single menu bar app. Knox is more of a front end tool to manage the backups in the background among other features such as compacting the disk image and so on. Many of those things can be done via your own backup tool, the command line, and as well as some settings in Disk Utility. Basically, all of the common stuff is concentrated within the menu bar app instead of doing it separately in other areas.

    If you're happy with Apimac's Protect Files, then there's no need to switch over. I'd suggest waiting to see what we can do in the next-gen Knox.:)

  • Uno_LavozUno_Lavoz
    edited November 2013


    One idea for Knox 2 is to make it communicate with 1Password 4 to automatically store/retrieve the passwords for the images. When you go to mount an image via Knox, it simply has to pipe the password into STDIN of hdiutil to avoid the password prompt.

    Another idea is to make it capable of doing scheduled rsyncs into disk images. For instance: "Every monday at midnight, mount ~/Dropbox/Encrypted_Backups.sparsebundle, Sync ~/Application Support/OmniFocus/* and ~/Documents/SecretProject/* into the disk image."

    These two features are so easy to do under the hood. Use WebSocket IPC communication between Knox and 1Password to retrieve the password, pipe the password into stdin of hdiutil, wait until the backup-image is mounted, and finally call rsync under the hood to sync the list of folders into the mounted volume.

    The end result is secure, automated backups in the cloud. Plus a product that'd be more than just a basic wrapper. ;) May have to rename it Swiss Army Knox. :P

  • MikeTMikeT Agile Samurai

    Team Member

    Hi @Uno_lavoz,

    More likely to happen in Knox 3 than 2. These changes are not yet possible in the way Knox 2 is built right now. If we were to rebuild Knox, those changes would be considered. :)

This discussion has been closed.