MacInTouch Amazon link...

security questions and advice

Channels
Security, Questions

Ric Ford

MacInTouch
Does anyone here have a suggestion for an alternative app that can encrypt and hide folders?
That seems like a perfect use case for Disk Utility.
Apple Disk Utility Help said:
Create a secure disk image
If you have confidential documents that you don’t want others to see without your permission, you can put them in an encrypted disk image.
Here's a very simple alternative (with no encryption):
Brynjar Saunes Bye said:
Obscurity
Obscurity seems just like a generic Mac OS X folder. Simply place the 'folder' anywhere you want, and anyone snooping around your stuff deciding to double-click it will unknowingly arrive in an empty mock folder. However, if you right-click the 'folder' and choose 'Show Package Contents' from the contextual menu, a completely different folder will show up ready for you to hide all those intimate movies, pictures and old love letters in. It even hides all your secret documents from Spotlight and those pesky 'All Images', 'All Movies' and 'All Documents' Smart Folders in Finder.
 


I believe "Snapshot" depends on the Btrfs file system. My understanding of a main benefit of snapshots is they can be transmitted to other connected Synologies or connected backup drives.
While transmitting snapshot deltas is an easy and efficient remote backup mechanism, it is by no means the only benefit of snapshots. A snapshot also allows you to revert all or part of a filesystem to the point in time when the snapshot was taken.

For example, if you take a snapshot of the filesystem at 1 PM, and at 5 PM a ransomware attack encrypts every file on the volume (or, say, someone does "rm -rf /"), then you can simply revert the entire filesystem to the 1 PM snapshot, and none of those changes will have ever happened.
 


While transmitting snapshot deltas is an easy and efficient remote backup mechanism, it is by no means the only benefit of snapshots. ... if you take a snapshot of the filesystem at 1 PM, and at 5 PM a ransomware attack encrypts every file on the volume ... none of those changes will have ever happened.
My personal experience with snapshots:
  • Windows "Restore Points" that didn't, after malware removal
  • Apple Time Machine "Restore" that wouldn't, after user inadvertently deleted applications and data (suspected cause: Time Machine had filled the backup drive, didn't delete old versions, and provided no user notification)
  • Apple "Versions" that complicate simple photo and text edits and weren't as useful (to me) as simply versioning file names using File > Save As...
As to Btrfs on a Synology, if all works as it should, I see the theoretical advantage. I'd think that advantage would be greater when multiple users are actively creating and editing large numbers of files, though that's when the faster peformance of ext4 might also matter.
ZDNet (Aug. 2014) said:
Ransomeware attacks Synology NAS devices
The attack replaces the DSM management software on the NAS, encrypts the files on the device and demands that the user pay 0.6 BitCoins to retrieve the files.
If that should happen, I don't think either Btrfs or ext4 is safe. I searched rather throughly for Internet reports comparing the vulnerability of Btrfs and ext4 NAS file systems to ransomware and just didn't find any. Back to that air-gapped backup.
 


My personal experience with snapshots:
  • Windows "Restore Points"
  • Apple Time Machine "Restore"
  • Apple "Versions"
None of those technologies is a Copy-on-Write filesystem (such as Btrfs, ZFS, ReFS, and APFS). CoW snapshots really are as magical as I described. It would allow you to recover from a volume completely encrypted by ransomware in a matter of minutes. Your recovery point would depend on how often you take snapshots. You could theoretically take snapshots every second. But, for example, on the ZFS servers I used to administer it was more practical to take snapshots every hour.

Since APFS is a CoW filesystem, you can actually test this out yourself. Just take a manual snapshot of your volume (do a quick Google search for how to create a snapshot from the command-line). Then, do something catastrophic to your files, like delete everything in the Applications folder.

Then, reboot in Recovery Mode and choose "Restore from Time Machine Backup". You'll be given a list of available APFS snapshots on the volume (we're not using Time Machine, that's just where Apple makes the snapshots available in Recovery Mode). Revert to the snapshot you took. When you reboot, you'll find that everything on your volume is magically exactly the same as it was at the point in time when you took the snapshot.
 


None of those technologies is a Copy-on-Write filesystem (such as Btrfs, ZFS, ReFS, and APFS). CoW snapshots really are as magical as I described. It would allow you to recover from a volume completely encrypted by ransomware in a matter of minutes. Your recovery point would depend on how often you take snapshots. You could theoretically take snapshots every second. But, for example, on the ZFS servers I used to administer it was more practical to take snapshots every hour.

Since APFS is a CoW filesystem, you can actually test this out yourself. Just take a manual snapshot of your volume (do a quick Google search for how to create a snapshot from the command-line). Then, do something catastrophic to your files, like delete everything in the Applications folder.

Then, reboot in Recovery Mode and choose "Restore from Time Machine Backup". You'll be given a list of available APFS snapshots on the volume (we're not using Time Machine, that's just where Apple makes the snapshots available in Recovery Mode). Revert to the snapshot you took. When you reboot, you'll find that everything on your volume is magically exactly the same as it was at the point in time when you took the snapshot.
Todd, after reading the linked Wikipedia page, I will agree to the magical assessment. I find the explanation of CoW there to be confusing and contradictory when compared to your description here on MacInTouch, but your example of an intentional sabotage followed by a snapshot recovery seems worthy of testing. I might sleep better if it succeeds. Thanks.
 


I agree that snapshots are a fantastic technology, and ZFS allows you to replicate one server to another securely using snapshots. However, they are not completely foolproof, as once the recipient server starts to fill up, the oldest snapshot images (usually) start getting deleted.

Thus, unless the server you're backing up to is capable of holding several complete copies of the machine it is replicating from, the system may literally iterate / snapshot / backup its way out of a "working", i.e. non-corrupted, backup.

Some of the past ransomware takeovers did exactly that, wait until everything was encrypted, locally and 'abroad', before locking down the NAS.

That aside, the real question in my mind is how to deal with a system takeover in the first place. Todays malware / viruses / etc. are not like the primitive stuff I first encountered on a Mac SE. Between the BIOS, EFI, and all the other management chips with flash memories, etc., there is ample opportunity for stuff to stay behind where the OS can't find it, only to "own" the machine again later. (Never mind that the flash drive in most portables is now soldered in, i.e. not replaceable either.)

So, once malware is in the the system, would you ever trust it again? Barring a better technology, I air-gap my backups... Granted, there are risks with that approach also, but I'd rather lose a few days of data than the whole set.
 


There's a thorough discussion of APFS Snapshots here, from which I extract a warning pertinent to the direction this thread has taken:
Bombich said:
The Role of Snapshots in a Comprehensive Data Protection Strategy
If your startup disk fails, all the snapshots in the world aren't going to help you restore your startup disk and data. Having a bootable backup on an external disk will get you back to work immediately.
 



ICQ is still being updated by a Russian firm. [See ICQ on Wikipedia]. Along with others, I've written to the popular "Macupdate" site asking them not to post this application and to clear releases off with a warning about the very real probability you are compromised the second you initiate it.

What are others' thoughts about trying to get the word out about this 'product', once a pretty good chat program before it was acquired?
 


I've used both. I liked Hands Off and found it friendly, but I've been using Little Snitch lately. ... You can also try out Hands Off free of charge....
I decided to email One Periodic, the developers of Hands Off, to ask them some questions before considering a trial. I emailed their support address and received no reply – not even an automated reply that would expend no human effort. A week later, I figured that perhaps they didn't appreciate sales questions being emailed to the support department, so I forwarded it to their "info" address. Days later, still crickets. I understand if they are busy – just tell me and I would understand – even an auto-reply goes a long way towards customer relations.

So as I await a reply that may never come, and the lack of even a simple reply makes me question whether I personally want to give them my money in the event that a search of my email archives should reveal that I do not already hold a license, I figured I would ask... the MacInTouch community.

My questions were the following:
  1. Does Hands Off protect against connections before/during login?
  2. Does it include a throughput meter in the menu bar? This is a feature that I would want even if I didn't care about a firewall. I could find the answer to that question by installing a free trial, but I am hesitant to do so without first having the answer to question 1.
  3. Bonus question for MacInTouch: If the answer to question 2 is no, is there a good menu bar utility that can provide that information, with regard to throughput and direction of traffic?
Thank you, all!
 


Ric Ford

MacInTouch
Does it include a throughput meter in the menu bar? This is a feature that I would want even if I didn't care about a firewall.
I don't know about Hands Off (which I'm not currently running), but that's very definitely a feature provided by Little Snitch.

You could also take a look at the Vallum and Murus firewall siblings.
 


I recently installed an Eyez-On Envisalink EVL-4EZR on my home security system in place of the phone lines that were used for monitoring by the previous owner. I then connected the Envisalink to a small travel router via ethernet. The router is in client mode and connected to my guest WiFi network (provided by Apple AirPort routers). I created an account on the Eyes-ON web site and can monitor the security system from there or on a companion iPhone app.

However, I am puzzled how the Eyez-ON apps are able to communicate with the Envisalink. I did not implement port forwarding on the AirPort. My Eyez-ON account password is pretty secure (I think), but the password to login to the Envisalink device directly is only six characters (and the default login password was "user" and there is no login name).

How vulnerable is this setup? Can I do more to secure the system? The apps know the WAN and LAN IP numbers, as they are listed on the status page. I am concerned I am getting protection from one kind of threat (burglars) but am now susceptible to another (hackers).
 


So, just found out a family member installed something called "Netflix party extension" on their computer ,,, um with my account 8-\

Anybody heard of this app? It seems to have big name corporate news agency coverage but does not appear to be a Netflix sponsored piece of software.

I am advising said family member to uninstall, or at the very least run this sort of thing on a user account not used for personal business that should remain secure.

My concerns still lie with the notion that these extensiond (apps?) are engineered to have full access to all data transferred through a browser, not just generic data like browsing history and the like, but all activity in the browser including transmission of passwords ... I have no idea whether a browser's encryption protocol protects this data... I assume not, as keystrokes are keystrokes.

Advice would be appreciated
 


So, just found out a family member installed something called "Netflix party extension" on their computer ,,, um with my account 8-\
Anybody heard of this app? It seems to have big name corporate news agency coverage but does not appear to be a Netflix sponsored piece of software.
I am advising said family member to uninstall, or at the very least run this sort of thing on a user account not used for personal business that should remain secure.

My concerns still lie with the notion that these extensiond (apps?) are engineered to have full access to all data transferred through a browser, not just generic data like browsing history and the like, but all activity in the browser including transmission of passwords ... I have no idea whether a browser's encryption protocol protects this data... I assume not, as keystrokes are keystrokes.
Advice would be appreciated
Yes. There was recently an article about this:
CNN said:
 


Two followups:

It does not appear to be a Netflix-sponsored app.

Does it make sense to utilize this extension in a user account dedicated for installs like this, separate from your more important account and important navigational activities ... or am I being overly concerned?
 


Two followups:
  • It does not appear to be a Netflix-sponsored app.
  • Does it make sense to utilize this extension in a user account dedicated for installs like this, separate from your more important account and important navigational activities ... or am I being overly concerned?
Up to you. If you give/gave the other person your credentials?
 


Up to you. If you give/gave the other person your credentials?
Right, the account credentials not so much at issue, permission granted (no credit card on file in the account) ,with the exception of the particular issue of using browser extensions. I would have preferred prior knowledge of that, and would have advised other options. Like advising... "Perhaps, it's time for you to get your own account." ;-)
 


Amazon disclaimer:
As an Amazon Associate I earn from qualifying purchases.

Latest posts