Are separate users protected from malware?

Discussion in 'Mac Basics and Help' started by AppleInLVX, Mar 11, 2016.

  1. AppleInLVX macrumors 6502a

    AppleInLVX

    Joined:
    Jan 12, 2010
    #1
    In the wake of the whole ransomware thing that happened this past week, I've been reconsidering my backup strategy. I had a question though: If I had a dummy user set up on my Mac, and that user's space on the Mac housed critical files that were mirrored from my primary account, would those files then be safe from something like the ransomware that circulated? Or would the fact that ransomeware was run from an Admin account make the whole thing moot because it would simply use those credentials to encrypt the whole drive no matter who was logged in?

    I'm thinking it might be some extra small layer of protection if there were files there that didn't didn't get encrypted.
     
  2. Alrescha macrumors 68020

    Joined:
    Jan 1, 2008
    #2
    An admin user does not run with all its abilities turned on - you have to type in your password to get those. Unix file permissions still apply - and in this particular case - would have foiled the ransomware if the files were owned by a different user.

    Another small layer of protection would be to not use an admin-level account for your day-to-day activities. It would not have helped in this case, but it might make a difference in some future attack.

    Time Machine supports multiple backup drives. It is a good idea to have a backup which is not normally attached to your computer/in a different room/in a different building/etc.

    A.
     
  3. AppleInLVX thread starter macrumors 6502a

    AppleInLVX

    Joined:
    Jan 12, 2010
    #3
    This has been an annoying nut to crack for me. I have multiple backup drives and also use Backblaze, with the issue being that BB only backs up what's connected to the computer by cable. Since my HDD is only .5TB, I keep the absolutely mission-critical and irreplaceable files there, and I use CCC to back those up to an external drive every week. But there's data everywhere and I need to consolidate somehow. I was thinking of buying a NAS and just using it for my day to day and then using CCC to clone weekly to a backup drive, but then BB won't grab everything, and I don't know how safe it'd all be from malware like the one unleashed this week. It's maddening. The idea that I should lose the last audio interviews I did with my mom before she passed to some hacking scum terrifies me.

    Anyway, that rant aside, I see the benefit of using a non-admin account as a daily driver. Thank you for the suggestion.
     
  4. Alrescha macrumors 68020

    Joined:
    Jan 1, 2008
    #4
    I think buying a big locally-attached drive and having it backed up by Backblaze outweighs the value of separation by NAS (if your computer can access the files, so can malware).

    I understand your desire for consolidation - I used to have data scattered across many drives and it was a problem. I finally bought one big array for everything and life is much better.

    A.
     
  5. AppleInLVX thread starter macrumors 6502a

    AppleInLVX

    Joined:
    Jan 12, 2010
    #5
    Maybe just buying two really big locally attached drives and having one backed up to BB and the other cloned weekly is the ticket. I currently have my data scattered across no less than five drives. It's maddening.
     
  6. ApfelKuchen macrumors 68020

    Joined:
    Aug 28, 2012
    Location:
    Between the coasts
    #6
    While we can't ignore the lessons taught by one attack or another, there's that old saying about generals always fighting the last war... We don't know where the next attack will come from, or what weapons will be used. Yesterday's attack could be a feint.

    What's true is that compartmentalizing computer usage with user accounts and restricted permissions can thwart some kinds of attack. However, if a process is given admin or super user rights, the entire system is at risk, not just the compartmentalized user data.

    Certainly, user data can be the hardest to replace/reconstruct - off the shelf software is far easier to obtain. For this particular attack, which reportedly could have affected Time Machine backups as well as the local HDD, a backup scheme that included an offline backup as well as a connected backup could have been very useful, and, of course, there are other good reasons for having an off-site, offline backup.
     
  7. AppleInLVX thread starter macrumors 6502a

    AppleInLVX

    Joined:
    Jan 12, 2010
    #7
    I think I'm mostly on board with what Alrescha is suggesting. I keep going back and forth between locally attached storage of some kind and NAS of some kind. I think maybe the best option would be to forego the NAS and have the main HDD containing just system files and absolutely critical files, which probably amount to something like 200GB. Then do a large ~4TB drive to house all the data and have it attached locally. Then, have an identical ~4TB drive that is a clone of the first which happens automatically through CCC on some kind of schedule. I'd have a 1TB Time machine drive hooked up to the system, and all of that would backup to BB. Finally, I'll just sign up for a 1TB plan from Dropbox and use CCC to backup the mission critical information on a schedule, thereby having an accessible store of my critical data from anywhere, negating the need for a NAS.

    Yeah... maybe that'll be a good solution.

    PS. Love the user name. Now I want to have some of my mom's Apfelstrudel. :)
     

Share This Page