OT Ransomware for everybody and, yes, Mac users, that includes you.

In article , Eric Stevens
wrote:


The best consumer backup solution right now is the $399 Time Capsule:

http://www.apple.com/shop/product/ME182LL/A/airport-time-capsule-3tb

It's a wifi hotspot and a 3TB backup drive that lives on your network. When
configured Time Machine will mount the drive over the network, backup your
data and then unmount it. It is 100% automatic.

That's not so good if you are running Windows. :-(

easily fixed.

On 11/03/2017 23:58, Savageduck wrote:
On 2017-03-11 23:21:19 +0000, "David B."
said:

On 11/03/2017 22:33, Eric Stevens wrote:
On Sat, 11 Mar 2017 14:10:28 -0800, Savageduck
wrote:

On 2017-03-11 21:08:57 +0000, Eric Stevens
said:

On Sat, 11 Mar 2017 12:47:49 -0500, nospam
wrote:
In article , David B.
wrote:


complete non-issue for those with a good backup strategy,
regardless of
platform.

I seem to recall reading that simply using Time Machine, which is
physically connected to my iMac, will be inadequate protection
against a
ransomware attack.

Is that right?

no it's not, but if you want to be safer, put it on the network.

As you know, I'm not a Mac user and I know almost nothing about how
time machine works. But can you tell me how in its normal installation
Time Machine is protected from and protects from Denial of Service
attacks?

The first clue as to how "Time Machine" works to backup all, or
selected files and folders on a Mac lies in its name.

After set up and initial back up, it will run at selected time
intervals to run a back-up/file update which is accessible for various
levels of recovery in date and time slices. These "time slices" can be
weekly, daily, but most commonly hourly, and occasionally a back-up on
demand. "Time Machine" keeps hourly backups of files for the previous
24 hours, then a single daily backup of your files for each of the last
30 days, and then weekly backups until such point as the backup disk
becomes full and TimeMachine needs to remove the oldest backups to make
space for new ones.

If you don't care to make hourly back-ups and prefer to isolate your
back-up drive between back-ups, you can always connect the drive to the
computer and make an on demand back-up, and then disconnect. This needs
a good amount of discipline to keep up, as doing things that way can be
a royal PIA, and is subject to lapses.

Using this method limits an hourly back-up to a few Mb to multiple GB.
This means that once the damage or contamination event is identified,
recovery of files, damaged or otherwise contaminated can be easily
located.

So each recovery can be made back to a known clean back-up which is
going to be isolated from a contamination event.

But what is to stop the ransomware corrupting the backup drive?

Good question!

I've read that the malware CAN corrupt the Time Machine back-up. :-(

https://discussions.apple.com/thread...art=0&tstart=0

D.

Did you actually fully comprehend what was asked in that forum and what
the responses were?

I did - but decided to use it anyway! ;-)

It was late and I was ready for my bed!

First, kclark40 says he downloaded and installed an Adobe Flashplayer
Update (he does not name the source of that update) and assumes that his
Mac has been infected with some unnamed virus. He then tells us his hard
drive is beyond repair and that somehow the installation of a
Flashplayer update is responsible. Hard drives fail for all sorts of
reason, I have yet to hear of a hard drive failure due to a Flashplayer
update. He then asks if this as yet unidentified and assumed virus would
"affect my external Passport backup".

The first response from thomas_r confirms my argument that whatever was
downloaded didn't cause the hard drive problem, and advises to just
restore to a time prior the problem installation. He also adds the
further caveat that the hard drive might be dying, without refering to
possible infection of the back-up drive.

The second responder, Linc Davis says the following:
"Disk Utility can't repair this disk. Back up as many of your files as
possible, reformat the disk, and restore your backed-up files.

That means the drive has malfunctioned. The association with a Flash
update is a coincidence. In your place, I would have the machine tested
at an Apple Store for a hardware fault, and even if the test was
negative I would consider replacing the drive. If you want to continue
using it, do what the message says."

Note: Nowhere does anybody say that the "Time Machine" back-up could be
corrupted.
So that was a poor example to use to support your assertion.

I concur that it WAS a poor example and for that I apologize.

To be honest, I didn't expect anyone reading here to actually follow the
link to the Apple forum. Have you any idea how many folk using this
Usenet group also get/give advice from/on the Apple site?

--
"Do something wonderful, people may imitate it." (Albert Schweitzer)

On 12/03/2017 9:04 @wiz, Davoud wrote:
Alan Browne:
This Mac user would be up and running in 30 minutes or less and fully
recovered in a couple hours.

But then, ****, I've only been using, programming, building, repairing,
maintaining and backing up computers for 40 years.

Ah, well, you're still new at this. You'll get the hang of it after a
bit. 55 years for me, age 18, USAF.



Pah! 1971, on mainframes.
1974 on smaller stuff.
1986 on databases and data management only.
And of course, every home desktop PC I've ever used, put together by
yours truly.

But I must admit: the latest ransomware shewt scares me.
It's using inbuilt scripting in Windoze 7, 8 and 10.
Scary...

My backup disks are now very religiously kept up to date with all my
photos! Under lock and key, only to be used when I'm 1000% sure there
is nothing else running behind the scenes.

On 2017-03-12 09:09:32 +0000, "David B." said:

On 11/03/2017 23:58, Savageduck wrote:
On 2017-03-11 23:21:19 +0000, "David B."
said:
On 11/03/2017 22:33, Eric Stevens wrote:
On Sat, 11 Mar 2017 14:10:28 -0800, Savageduck
wrote:
On 2017-03-11 21:08:57 +0000, Eric Stevens
said:
\
On Sat, 11 Mar 2017 12:47:49 -0500, nospam
wrote:
In article , David B.
wrote:


complete non-issue for those with a good backup strategy,
regardless of
platform.

I seem to recall reading that simply using Time Machine, which is
physically connected to my iMac, will be inadequate protection
against a
ransomware attack.

Is that right?

no it's not, but if you want to be safer, put it on the network.

As you know, I'm not a Mac user and I know almost nothing about how
time machine works. But can you tell me how in its normal installation
Time Machine is protected from and protects from Denial of Service
attacks?

The first clue as to how "Time Machine" works to backup all, or
selected files and folders on a Mac lies in its name.

After set up and initial back up, it will run at selected time
intervals to run a back-up/file update which is accessible for various
levels of recovery in date and time slices. These "time slices" can be
weekly, daily, but most commonly hourly, and occasionally a back-up on
demand. "Time Machine" keeps hourly backups of files for the previous
24 hours, then a single daily backup of your files for each of the last
30 days, and then weekly backups until such point as the backup disk
becomes full and TimeMachine needs to remove the oldest backups to make
space for new ones.

If you don't care to make hourly back-ups and prefer to isolate your
back-up drive between back-ups, you can always connect the drive to the
computer and make an on demand back-up, and then disconnect. This needs
a good amount of discipline to keep up, as doing things that way can be
a royal PIA, and is subject to lapses.

Using this method limits an hourly back-up to a few Mb to multiple GB.
This means that once the damage or contamination event is identified,
recovery of files, damaged or otherwise contaminated can be easily
located.

So each recovery can be made back to a known clean back-up which is
going to be isolated from a contamination event.

But what is to stop the ransomware corrupting the backup drive?

Good question!

I've read that the malware CAN corrupt the Time Machine back-up. :-(

https://discussions.apple.com/thread...art=0&tstart=0

D.

Did you actually fully comprehend what was asked in that forum and what
the responses were?

I did - but decided to use it anyway! ;-)

It was late and I was ready for my bed!

Don't write stuff that might be subject to some scrutiny when fatigued. ;-)

First, kclark40 says he downloaded and installed an Adobe Flashplayer
Update (he does not name the source of that update) and assumes that his
Mac has been infected with some unnamed virus. He then tells us his hard
drive is beyond repair and that somehow the installation of a
Flashplayer update is responsible. Hard drives fail for all sorts of
reason, I have yet to hear of a hard drive failure due to a Flashplayer
update. He then asks if this as yet unidentified and assumed virus would
"affect my external Passport backup".

The first response from thomas_r confirms my argument that whatever was
downloaded didn't cause the hard drive problem, and advises to just
restore to a time prior the problem installation. He also adds the
further caveat that the hard drive might be dying, without refering to
possible infection of the back-up drive.

The second responder, Linc Davis says the following:
"Disk Utility can't repair this disk. Back up as many of your files as
possible, reformat the disk, and restore your backed-up files.

That means the drive has malfunctioned. The association with a Flash
update is a coincidence. In your place, I would have the machine tested
at an Apple Store for a hardware fault, and even if the test was
negative I would consider replacing the drive. If you want to continue
using it, do what the message says."

Note: Nowhere does anybody say that the "Time Machine" back-up could be
corrupted.
So that was a poor example to use to support your assertion.

I concur that it WAS a poor example and for that I apologize.

No need to apologize. It was after all, your supporting evidence for
your proposition/conjecture, and you made formulating my response
simple.

To be honest, I didn't expect anyone reading here to actually follow
the link to the Apple forum.

Why not? There are Mac users here, I am one of them, and vulnerability
in what is a usually reliable back-up system is something we could all
be concerned with.

Have you any idea how many folk using this Usenet group also get/give
advice from/on the Apple site?

No.


--
Regards,

Savageduck

Per Eric Stevens:
OK, so when you say 'backup' you mean ... exactly what? I'm not trying
to argue: only to clarify.

To me, a "Real" backup:

- Is air-gapped (i.e. not connected to my system or LAN except when
it is being written to)

- Lives in a separate physical location from the PC or NAS that
it is backing up.


My system is probably far from bulletproof, but here it is:

- A stack of 5 1 and 2TB drives that I rotate through my system (while
one is being updated incrementally each day), my car, the garden shed,
and the neighbor's garden shed. One of these will hold all my
non-media stuff and is always mounted. It gets written to by
Macrium Reflect. So if I get hit by Ransomware, chances are that
I will lose that currently-mounted incremental backup drive, but
be able to revert to one of the four others.

- A monster 12-TB DriveBender box in my garden shed that backs up all my
media plus my system images plus the above-mentioned "Data".
That one only gets re-synched when I think of it - more like once
every week or two.
--
Pete Cresswell

Per Eric Stevens:
You haven't actually told me what you mean by 'backup' but I can
guess. You mean a backup system which will protect your data (of all
kinds) from fire, flood or burglary.

I would add:

- Ransomware

- Stupidity: I once had a bad USB card that was frying backup drives
as they were connected. Went through a couple of drives before it
dawned on me. That's where having some of the backups in relatively
hard-to-get-to locations can be helpful.
--
Pete Cresswell

Per Alan Browne:
Indded. The sole bomb in it is the potential that undetected malware
activate but not do anything; end up in the backups and one day you
recover after a disaster to belatedly discover the malware is in the
backup set and that if activated again it will clobber you.

This is really edge case, but it is possible.

That one really made my day !.... Time to talk a walk, get some coffee
and forget about this....

But it *did* make my "Keepers" file.

What do people think about the ability of Avast to spot something like
that? I tested with a fake virus/text file once and Avast caught it
during a file-copy backup. But I have to wonder if it can get into the
workings of Macrium Reflect as it updates it's backup DB's.
--
Pete Cresswell

Per Alan Browne:
But then, ****, I've only been using, programming, building, repairing,
maintaining and backing up computers for 40 years.

I'm kind of in the same boat: application development for about the same
length of time.

After trying to impose backup discipline/functionality on a bunch of
people I have come to believe that even the simplest backup procedures
are way, waaaaay beyond most of the users that I know and people like us
live in a different world from most.

Seems to me like the only viable solution of those people are
fully-automated Cloud solutions like Carbonite - and even then most of
then need somebody to do the initial setup.
--
Pete Cresswell

On 2017-03-12 14:46:18 +0000, "(PeteCresswell)" said:

Per Eric Stevens:
OK, so when you say 'backup' you mean ... exactly what? I'm not trying
to argue: only to clarify.

To me, a "Real" backup:

- Is air-gapped (i.e. not connected to my system or LAN except when
it is being written to)

- Lives in a separate physical location from the PC or NAS that
it is backing up.


My system is probably far from bulletproof, but here it is:

- A stack of 5 1 and 2TB drives that I rotate through my system (while
one is being updated incrementally each day), my car, the garden shed,
and the neighbor's garden shed. One of these will hold all my
non-media stuff and is always mounted. It gets written to by
Macrium Reflect. So if I get hit by Ransomware, chances are that
I will lose that currently-mounted incremental backup drive, but
be able to revert to one of the four others.

- A monster 12-TB DriveBender box in my garden shed that backs up all my
media plus my system images plus the above-mentioned "Data".
That one only gets re-synched when I think of it - more like once
every week or two.

It is simple enough to establish a redundant "air gap" back-up with
Time Machine hard drives. All one needs to do is have a "rotation &
clone" protocol with at least two TM drives. If you are maintaining an
off site, non-cloud back-up then add a third TM drive to that "rotation
& clone" protocol.
--
Regards,

Savageduck

On 12/03/2017 14:37, Savageduck wrote:
On 2017-03-12 09:09:32 +0000, "David B."
said:

On 11/03/2017 23:58, Savageduck wrote:
On 2017-03-11 23:21:19 +0000, "David B."
said:
On 11/03/2017 22:33, Eric Stevens wrote:
On Sat, 11 Mar 2017 14:10:28 -0800, Savageduck
wrote:
On 2017-03-11 21:08:57 +0000, Eric Stevens
said:
\
On Sat, 11 Mar 2017 12:47:49 -0500, nospam
wrote:
In article , David B.
wrote:


complete non-issue for those with a good backup strategy,
regardless of
platform.

I seem to recall reading that simply using Time Machine, which is
physically connected to my iMac, will be inadequate protection
against a
ransomware attack.

Is that right?

no it's not, but if you want to be safer, put it on the network.

As you know, I'm not a Mac user and I know almost nothing about how
time machine works. But can you tell me how in its normal
installation
Time Machine is protected from and protects from Denial of Service
attacks?

The first clue as to how "Time Machine" works to backup all, or
selected files and folders on a Mac lies in its name.

After set up and initial back up, it will run at selected time
intervals to run a back-up/file update which is accessible for
various
levels of recovery in date and time slices. These "time slices"
can be
weekly, daily, but most commonly hourly, and occasionally a
back-up on
demand. "Time Machine" keeps hourly backups of files for the previous
24 hours, then a single daily backup of your files for each of the
last
30 days, and then weekly backups until such point as the backup disk
becomes full and TimeMachine needs to remove the oldest backups to
make
space for new ones.

If you don't care to make hourly back-ups and prefer to isolate your
back-up drive between back-ups, you can always connect the drive
to the
computer and make an on demand back-up, and then disconnect. This
needs
a good amount of discipline to keep up, as doing things that way
can be
a royal PIA, and is subject to lapses.

Using this method limits an hourly back-up to a few Mb to multiple
GB.
This means that once the damage or contamination event is identified,
recovery of files, damaged or otherwise contaminated can be easily
located.

So each recovery can be made back to a known clean back-up which is
going to be isolated from a contamination event.

But what is to stop the ransomware corrupting the backup drive?

Good question!

I've read that the malware CAN corrupt the Time Machine back-up. :-(

https://discussions.apple.com/thread...art=0&tstart=0

D.

Did you actually fully comprehend what was asked in that forum and what
the responses were?

I did - but decided to use it anyway! ;-)

It was late and I was ready for my bed!

Don't write stuff that might be subject to some scrutiny when fatigued. ;-)

I accept that advice! :-)

First, kclark40 says he downloaded and installed an Adobe Flashplayer
Update (he does not name the source of that update) and assumes that his
Mac has been infected with some unnamed virus. He then tells us his hard
drive is beyond repair and that somehow the installation of a
Flashplayer update is responsible. Hard drives fail for all sorts of
reason, I have yet to hear of a hard drive failure due to a Flashplayer
update. He then asks if this as yet unidentified and assumed virus would
"affect my external Passport backup".

The first response from thomas_r confirms my argument that whatever was
downloaded didn't cause the hard drive problem, and advises to just
restore to a time prior the problem installation. He also adds the
further caveat that the hard drive might be dying, without refering to
possible infection of the back-up drive.

The second responder, Linc Davis says the following:
"Disk Utility can't repair this disk. Back up as many of your files as
possible, reformat the disk, and restore your backed-up files.

That means the drive has malfunctioned. The association with a Flash
update is a coincidence. In your place, I would have the machine tested
at an Apple Store for a hardware fault, and even if the test was
negative I would consider replacing the drive. If you want to continue
using it, do what the message says."

Note: Nowhere does anybody say that the "Time Machine" back-up could be
corrupted.
So that was a poor example to use to support your assertion.

I concur that it WAS a poor example and for that I apologize.

No need to apologize. It was after all, your supporting evidence for
your proposition/conjecture, and you made formulating my response simple.

OK. Thanks.

To be honest, I didn't expect anyone reading here to actually follow
the link to the Apple forum.

Why not? There are Mac users here, I am one of them, and vulnerability
in what is a usually reliable back-up system is something we could all
be concerned with.

As you know, I am new here. I'll eventually work out just who is who!

Have you any idea how many folk using this Usenet group also get/give
advice from/on the Apple site?

No.

Are you an ordinary 'end user' (like me) or are you in some way involved
in 'computing' in a professional capacity?

--
"The important thing is not to stop questioning."
- Albert Einstein