13 comments

[ 3.3 ms ] story [ 44.0 ms ] thread
Or with btrfs, or rbackup, or crashplan, or ...

Basically they rely on any kind of backup which is not accessible as an writable file on the currently mounted fs. There's nothing ZFS specific there. That part is just an advertisement for ixsystems + freenas.

Though btrfs snapshots are writable, at least by default, right?
That's not really the point. Your btrfs file system to be an effective measure against attack should be on a separate machine where you only have write access to one single snapshot. If you have btrfs on your working machine it's not effective. Once someone gets root then they can just unmount it and encrypt the raw device.

The point is privilage separation and if you want to protect against root exploits then you need a separate machine with appropriate access control (which is basically an append-only backup).

Cryptolocker doesn't get root though - that's the point. Cryptolocker exploits the absurd situation that we protect system data better then we protect user data - the irreplaceable part of your computer.

ZFS protection on Linux is also an accident here - because on Solaris users can manage their own snapshots, but in ZoL you currently need root.

I've said it before: what people need is the concept of user privilege namespaces. So you sudo elevate yourself into 'backup' privileges without elevating to root.

Also how we run virtual machines. ZFS gives some of the same benefits as Docker copy on write for virtual machines.
And that's, kids, how you do content marketing.
504 Gateway Time-out
What does ZFS have to do with this? This is like any other properly executed backup. You may as well call it "defeating having your day ruined by keeping proper backups". Granted I do like ZFS and I've literally been doing this for ages, backing up my KVM guest images to ZFS SAN the KVM host can access to save the snapshot and the KVM guest can't access at all.

However this can be done a million different ways. It's just a backup not accessible to the affected system... I do the same thing with my bare metal OSX machines (macbook, macpro, etc...) they use time machine to backup to Netatalk shares, those shares are image files which again get backed to the ZFS SAN. So even if the time machine share was encrypted I'd have a copy of the image holding the share from X days ago.

(comment deleted)
> What does ZFS have to do with this?

Presumably ZFS is immune from CryptoLocker. CryptoLocker can only compromise NTFS 'computers'.

Wouldn't it be simpler to design a 'computer' that can't be hacked by opening an email attachment or clicking on a URL.