

Defeating CryptoLocker Attacks with ZFS - cpach
https://www.ixsystems.com/whats-new/defeating-cryptolocker/

======
houssc
What does ZFS have to do with this? This is like any other properly executed
backup. You may as well call it "defeating having your day ruined by keeping
proper backups". Granted I do like ZFS and I've literally been doing this for
ages, backing up my KVM guest images to ZFS SAN the KVM host can access to
save the snapshot and the KVM guest can't access at all.

However this can be done a million different ways. It's just a backup not
accessible to the affected system... I do the same thing with my bare metal
OSX machines (macbook, macpro, etc...) they use time machine to backup to
Netatalk shares, those shares are image files which again get backed to the
ZFS SAN. So even if the time machine share was encrypted I'd have a copy of
the image holding the share from X days ago.

~~~
NickHaflinger
> What does ZFS have to do with this?

Presumably ZFS is immune from CryptoLocker. CryptoLocker can only compromise
NTFS 'computers'.

~~~
houssc
Fancy!

------
viraptor
Or with btrfs, or rbackup, or crashplan, or ...

Basically they rely on any kind of backup which is not accessible as an
writable file on the currently mounted fs. There's nothing ZFS specific there.
That part is just an advertisement for ixsystems + freenas.

~~~
Rovanion
Though btrfs snapshots are writable, at least by default, right?

~~~
leni536
That's not really the point. Your btrfs file system to be an effective measure
against attack should be on a separate machine where you only have write
access to one single snapshot. If you have btrfs on your working machine it's
not effective. Once someone gets root then they can just unmount it and
encrypt the raw device.

The point is privilage separation and if you want to protect against root
exploits then you need a separate machine with appropriate access control
(which is basically an append-only backup).

~~~
XorNot
Cryptolocker doesn't get root though - that's the point. Cryptolocker exploits
the absurd situation that we protect system data better then we protect user
data - the irreplaceable part of your computer.

ZFS protection on Linux is also an accident here - because on Solaris users
can manage their own snapshots, but in ZoL you currently need root.

I've said it before: what people need is the concept of user privilege
namespaces. So you sudo elevate yourself into 'backup' privileges without
elevating to root.

------
NickHaflinger
Wouldn't it be simpler to design a 'computer' that can't be hacked by opening
an email attachment or clicking on a URL.

------
acd
Also how we run virtual machines. ZFS gives some of the same benefits as
Docker copy on write for virtual machines.

------
eps
And that's, kids, how you do content marketing.

------
edward
504 Gateway Time-out

