# Ransomware protection and disk corruption



## LRList001 (Sep 3, 2016)

The rise to epidemic proportions of ransomware has given me pause to think about my backup regimen and I would appreciate the views of the forum on how to do better.

1/  I have a backup regimen that provided I suffer no disk corruption, is pretty solid, with off-site storage, and many copies.
2/  Over time though, I rotate all the media, so if I get a corrupted file that I don't know about, it will (eventually) replace the good one I already have.
3/  I can't think of an easy way to find out if I have any corrupted files now, with many 10s of thousands of files, I am not about to open each one in turn to find out.
4/  I am thinking of changing the ownership of the files to ANOther, so that I only have read permissions on the master image files.  I can cope with LR's catalogue and anyway, that gets checked frequently by LR.  The snag is the workflow of having two users.
5/  I could try to find some software which generates a hash of every file and if ever one changed, I would get notified, this seems to be my leading option.
6/  What thoughts do others have?

TIA


----------



## rob211 (Sep 3, 2016)

Not sure why the corrupted file will eventually replace the good one...are these files currently in use? or archives?

Use DNG. It has file verification built in, and Lr can do a mass check of the status of DNGs for corruption. Only gonna help with photos of course.


----------



## LRList001 (Sep 3, 2016)

rob211 said:


> Not sure why the corrupted file will eventually replace the good one...are these files currently in use? or archives?
> 
> Use DNG. It has file verification built in, and Lr can do a mass check of the status of DNGs for corruption. Only gonna help with photos of course.



 Thank you for your thoughts.

As media age, it is wise to replace the entire archive.

If your archive is stored on magnetic media, it can be corrupted.  You might prefer to read 'it will be corrupted', it is a matter of time.

I do not use DNG.  I am seeking to protect the original raw files out of camera.  However, I am unfamiliar with the bulk check function of LR, a quick wander round the menus hasn't identified it and Adobe's help function hasn't pointed me to it either.  Also, as you suggest, I have other files that cannot be DNGs.


----------



## rob211 (Sep 3, 2016)

In Lr, Library>Validate DNG files

Yeah, entropy gets everything eventually. I just rotate off site backups and count on redundancy. I'm pretty much ransomproof.


----------



## clee01l (Sep 3, 2016)

My backup scheme uses versioning   That means only incremental changes get saved.  If I import an original NEF. That gets saved in the backup. Never touched again (So yes, that backup drive could eventually get some corruption)  I'd never know it if I did not need the original to make an export or a print and discover the original is also corrupted. 
However, I have 5 copies of all of my critical data.   First there is the 'Master' copy found on my Primary drives/ Next I have a TimeMachine backup of my critical user data.  This backup alternates between an Airport Time Capsule and a local EHD.  This is all I need for recovery.  My 4th copy of my critical user data is a CrashPlan backup to another EHD. This insures against data degradation of the other three local disk drives.  And finally, my ultimate insurance is a Crashplan Cloud backup.  If my local drives get wiped out in some catastrophic calamity such as fire, flood or other pestilence, I can resort to the cloud backup to retrieve all of my critical user data. 

Now, how would a Ransomware situation apply to this?   First, Ransomware works by encrypting your data and without the key, you are locked out.  Ransomware sells you the private encryption key used to encrypt your data.  Second, Ransomware is rare on a Mac, the first Mac Ransomware was spotted in the wild only in March 2016 (this year!). It was isolated and neutered by Apple within a week of its discovery.  So, in the unlikely event that I should click on some undiscovered Ransomware app before Apple neutralized it AND my local drives were ALL encrypted, I would still be able to restore from my Time Capsule backup which is on it own network OS.  If that failed for some reason, then I have the servers at CrashPlan Cloud  for the ultimate recovery. 

I trust local disk drives for about three years.  Any drive older than that could fail or have data degradation.   So, when my backup drives get that old, I typically replace them with larger capacity drives and relegate the older drives to non critical work.  This is something that I am doing right now.  I've just ordered an 8TB drive to replace my local 3TB TimeMachine Backup that is nearing capacity.


----------



## LRList001 (Sep 3, 2016)

rob211 said:


> In Lr, Library>Validate DNG files
> 
> Yeah, entropy gets everything eventually. I just rotate off site backups and count on redundancy. I'm pretty much ransomproof.



I'm pleased to report that all my DNGs are valid.  As I don't have any, it didn't take long to find out!

So, I am thinking I need some kind of hash to keep an eye on all the files I care about, that way I can know to go fetch a replacement if (when) I need it.  This would be a useful LR function.

I have thought about tape, but the cost makes me think twice, given the amount of data I am storing.

Be careful about being ransom proof, ransomware is entering into some very sophisticated attacks, defences include some kind of non-networked or write once capability.  Hence revisiting my regimen, from time to time it pays to review data for measures covering both disaster and continuity.


----------



## clee01l (Sep 4, 2016)

LRList001 said:


> I have thought about tape, but the cost makes me think twice, given the amount of data I am storing.


Have you looked into Cloud backup services?  I use CrashPlan which offers unlimited backup including versioning for ~$60USD per year.  When the Cloud service has your backup date, they are responsible for maintaining the data integrity.  Though I don't know what the processes are but your file won't be allowed to get stale sitting on their disk drive.   If you read my previous post, you know that cloud backup is not my only backup.


----------



## tspear (Sep 4, 2016)

There was a thread here a while back about a checksum/hash for raw files. But I cannot find a link.


----------



## PhilBurton (Sep 4, 2016)

clee01l said:


> My backup scheme uses versioning   That means only incremental changes get saved.  If I import an original NEF. That gets saved in the backup. Never touched again (So yes, that backup drive could eventually get some corruption)  I'd never know it if I did not need the original to make an export or a print and discover the original is also corrupted.
> However, I have 5 copies of all of my critical data.   First there is the 'Master' copy found on my Primary drives/ Next I have a TimeMachine backup of my critical user data.  This backup alternates between an Airport Time Capsule and a local EHD.  This is all I need for recovery.  My 4th copy of my critical user data is a CrashPlan backup to another EHD. This insures against data degradation of the other three local disk drives.  And finally, my ultimate insurance is a Crashplan Cloud backup.  If my local drives get wiped out in some catastrophic calamity such as fire, flood or other pestilence, I can resort to the cloud backup to retrieve all of my critical user data.
> 
> Now, how would a Ransomware situation apply to this?   First, Ransomware works by encrypting your data and without the key, you are locked out.  Ransomware sells you the private encryption key used to encrypt your data.  Second, Ransomware is rare on a Mac, the first Mac Ransomware was spotted in the wild only in March 2016 (this year!). It was isolated and neutered by Apple within a week of its discovery.  So, in the unlikely event that I should click on some undiscovered Ransomware app before Apple neutralized it AND my local drives were ALL encrypted, I would still be able to restore from my Time Capsule backup which is on it own network OS.  If that failed for some reason, then I have the servers at CrashPlan Cloud  for the ultimate recovery.
> ...



I use local backup, and each year I use a new 4 TB drive.

Ransomware these days will encrypt not only the C:\ drive on a Windows system but all other local drives and all drives that have network shares. The only real defense against ransomware is an offline backup. I', thinking very seriously about getting a USB 3 external drive case, so I can turn on the backup drive only when actually running backups, and taking the drive offline the rest of the day.

Phil


----------



## Jack Henry (Sep 4, 2016)

If you're on a Mac, I highly recommend the free Avast anti-virus. it includes ransomware detection etc


----------



## LouieSherwin (Sep 4, 2016)

tspear said:


> There was a thread here a while back about a checksum/hash for raw files. But I cannot find a link.



You may be referring Image Verifier


----------



## clee01l (Sep 4, 2016)

Jack Henry said:


> If you're on a Mac, I highly recommend the free Avast anti-virus. it includes ransomware detection etc


I've been using a Mac for nearly 5 years.  I have yet to see the need to install an anti-virus scanning app like Avast that runs constantly in the background interfering access between my apps and the files that they need to access.  Apple is pretty quick to issue security patches that resolve any vulnerabilities as they are discovered in the wild.  
I am not naive to think that my Mac is invincible and I am also pretty diligent and careful about the web sites that I visit. So far the risk or perceived risk of malware does not exceed my desire to limit the apps that impede my computer's performance.


----------



## LRList001 (Sep 4, 2016)

clee01l said:


> Have you looked into Cloud backup services?  I use CrashPlan which offers unlimited backup including versioning for ~$60USD per year.  When the Cloud service has your backup date, they are responsible for maintaining the data integrity.  Though I don't know what the processes are but your file won't be allowed to get stale sitting on their disk drive.   If you read my previous post, you know that cloud backup is not my only backup.



Thanks Cletus

I have several issues with Cloud backup, a leading one is this:

1/  I have never managed to convince myself that services that cost in the range of $60 per year will actually take responsibility for restoring my data if bad things happen at their end.  I have an idea that if you lose a file that they have also corrupted, their limitation will cut in and they will say 'too bad'.  I'm not a lawyer though.

I too keep refreshing the hardware I use.

I'm still looking into a simple means to find files that have changed (unexpectedly).


----------



## LRList001 (Sep 4, 2016)

LouieSherwin said:


> You may be referring Image Verifier



That product is discontinued, replaced by Ingestamatic.  Might do some of what I want, thanks for the suggestion.


----------



## LRList001 (Sep 4, 2016)

clee01l said:


> I've been using a Mac for nearly 5 years.  I have yet to see the need to install an anti-virus scanning app like Avast that runs constantly in the background interfering access between my apps and the files that they need to access.  Apple is pretty quick to issue security patches that resolve any vulnerabilities as they are discovered in the wild.
> I am not naive to think that my Mac is invincible and I am also pretty diligent and careful about the web sites that I visit. So far the risk or perceived risk of malware does not exceed my desire to limit the apps that impede my computer's performance.



I too would like to think that I am careful about which sites I visit.  However, if you click a link with malware on it and you have no protection, you are that much easier to breach.  Do not under estimate how easy it is one day to click a link that didn't do what you thought it was going to do.  It only takes a moment's inattention.  (And if you are that person who caused a whole company's file system to be encrypted, it doesn't make you a bad person either, some ransomware is very, very clever.)


----------



## LRList001 (Sep 4, 2016)

PhilBurton said:


> I use local backup, and each year I use a new 4 TB drive.
> 
> Ransomware these days will encrypt not only the C:\ drive on a Windows system but all other local drives and all drives that have network shares. The only real defense against ransomware is an offline backup. I', thinking very seriously about getting a USB 3 external drive case, so I can turn on the backup drive only when actually running backups, and taking the drive offline the rest of the day.
> 
> Phil



I use ones that allow the HDD to plug in and out of the chassis, very simple.  I also have SATA hot-pluggable.


----------



## clee01l (Sep 4, 2016)

LRList001 said:


> if you click a link with malware on it...


The Key word here is "IF".  Between Apple doing a good job and me being very vigilant, I've managed to stay safe for  over 4 years on a Mac without running an anti virus app in the background. I've been using personal computers since the 1980's  Only once about 15 years ago (on Windows) did I get malware on my machine. 
Much of the threat is perceived rather than real.  Anti-virus manufacturers invoke an irrational fear to induce you to buy their products.  Apple has always had a good reputation for quickly removing vulnerabilities.  By the time Microsoft released Windows 10, they too are finally on top of the problem and Windows 10 is the safest Windows OS released to date.


----------



## PhilBurton (Sep 4, 2016)

clee01l said:


> I've been using a Mac for nearly 5 years.  I have yet to see the need to install an anti-virus scanning app like Avast that runs constantly in the background interfering access between my apps and the files that they need to access.  Apple is pretty quick to issue security patches that resolve any vulnerabilities as they are discovered in the wild.
> I am not naive to think that my Mac is invincible and I am also pretty diligent and careful about the web sites that I visit. So far the risk or perceived risk of malware does not exceed my desire to limit the apps that impede my computer's performance.


Cletus,

There are many threats that exist at the browser level, not at the OS level.

There is an old saying in the security field, "Security Through Obscurity."  For a long time, that idea certainly benefited Mac users, but with the increasing popularity of Macs, you can't assume that you will always be safe.

Also, Android phone users are very vulnerable to malware and hacks because Google does not do the same thorough job as Apple of vetting apps that go into their online store.  However, there was a security breach against iOS that was caused by someone distributed a malware-ridden copy of one of the iOS development toolkits.  

Phil


----------



## clee01l (Sep 4, 2016)

PhilBurton said:


> Cletus,
> 
> There are many threats that exist at the browser level, not at the OS level.


If you don't know what you are clicking, then don't click.  Hard for some people to discipline themselves I know. 
I know the level of risk exposure that I incur and I'm probably more risk tolerant than your typical unknowing Windows user. (But also note that I am the one sitting here with 5 current system backups)


----------



## PhilBurton (Sep 4, 2016)

A news item just released.

New OS X ransomware discovered in the wild | ZDNet

Phil


----------



## Johan Elzenga (Sep 4, 2016)

Just released? The date of the article is March 7, 2016.


----------



## LRList001 (Sep 4, 2016)

clee01l said:


> If you don't know what you are clicking, then don't click.  Hard for some people to discipline themselves I know.
> I know the level of risk exposure that I incur and I'm probably more risk tolerant than your typical unknowing Windows user. (But also note that I am the one sitting here with 5 current system backups)



Hi Cletus

After this post I'm not going to use this thread to comment any further on ransomware and file loss or corruption because what I wanted to discuss was what regimens people use to limit their risk to data loss.

I want to make clear too that I have enormous respect for your LR skills, and you are one of the few to have responded to my OP, for which thank you.

However, I am going to raise the risk faced by those not running any kind of AV.  We live in a litigious world, and if somebody provided a file to somebody else that resulted in that second person suffering a data loss, then the first person might well find that their insurers are reluctant to defend them and pick up the cost.  Risk reduction is not always about the direct risk.  As I have already said, I am not a lawyer.


----------



## clee01l (Sep 4, 2016)

PhilBurton said:


> A news item just released.
> 
> New OS X ransomware discovered in the wild | ZDNet
> 
> Phil





JohanElzenga said:


> Just released? The date of the article is March 7, 2016.


It was the one that I referenced earlier.  A patch was sent out by Apple probably by the time the article first appeared.


----------



## Johan Elzenga (Sep 4, 2016)

clee01l said:


> If you don't know what you are clicking, then don't click.  Hard for some people to discipline themselves I know.
> I know the level of risk exposure that I incur and I'm probably more risk tolerant than your typical unknowing Windows user. (But also note that I am the one sitting here with 5 current system backups)



With all due respect Cletus, I think you are a little naive. Malware can even get onto your computer if you visit a perfectly legitimate website at the wrong time: How malware works: Anatomy of a drive-by download web attack (Infographic) | Sophos Blog


----------



## clee01l (Sep 4, 2016)

LRList001 said:


> Hi Cletus
> 
> After this post I'm not going to use this thread to comment any further on ransomware and file loss or corruption because what I wanted to discuss was what regimens people use to limit their risk to data loss.... and you are one of the few to have responded to my OP...


I think the reason that you have not received more answers is that most folks haven't even considered the possibility.   May be this thread will put that thought into their head. 

I've considered it because it happened to my SIL.  She had no system backup (still doesn't) and no mode of recovery except to wipe her hard drive and do a clean install or pay the ransom.  She doesn't keep critical information on her computer so there were no big losses to start over.  I also have trained my wife not to click.  Often I get called in to her office with "Should I click on this?"  Most of these are benign (Java updates, etc.)

My solution though untested is that you can't have too many backups. Two such backup are on other computers (my local network Airport and Crashplan's Cloud. Presumably CrashPlan also has redundant back ups of my data.


----------



## LRList001 (Sep 3, 2016)

The rise to epidemic proportions of ransomware has given me pause to think about my backup regimen and I would appreciate the views of the forum on how to do better.

1/  I have a backup regimen that provided I suffer no disk corruption, is pretty solid, with off-site storage, and many copies.
2/  Over time though, I rotate all the media, so if I get a corrupted file that I don't know about, it will (eventually) replace the good one I already have.
3/  I can't think of an easy way to find out if I have any corrupted files now, with many 10s of thousands of files, I am not about to open each one in turn to find out.
4/  I am thinking of changing the ownership of the files to ANOther, so that I only have read permissions on the master image files.  I can cope with LR's catalogue and anyway, that gets checked frequently by LR.  The snag is the workflow of having two users.
5/  I could try to find some software which generates a hash of every file and if ever one changed, I would get notified, this seems to be my leading option.
6/  What thoughts do others have?

TIA


----------



## PhilBurton (Sep 4, 2016)

JohanElzenga said:


> With all due respect Cletus, I think you are a little naive. Malware can even get onto your computer if you visit a perfectly legitimate website at the wrong time: How malware works: Anatomy of a drive-by download web attack (Infographic) | Sophos Blog


In real life, I do computer security.  And I'm always struck by the overconfident attitudes of Mac users.  "It only happens to Windows users."

You are right to have backups and more backups.  A system that keeps track of versions is important.

Phil


----------



## clee01l (Sep 5, 2016)

PhilBurton said:


> ...I'm always struck by the overconfident attitudes of Mac users...l


Don't put me in that category.  I've worked with computer security too.  I am well aware of the risks.  I simply do not buy into the hype that every computer needs brand X antivirus software running 24X7.  While a few years back this might have been a critical app for Windows, I don't believe it merits strong consideration with the latest Windows OS either.

I could take an anti Malaria pill daily.  Something I might consider if I were going into a Malaria infested region.  A better solution is to not go into the region. And if I did go into the region just taking the pill should not give me a false sense of security.   Running the anti Virus software  does not give you immunity  I don't go places where I could pick up something.  If I do find my self in such a place, I leave.


----------



## Jack Henry (Sep 5, 2016)

Wow, talk about head in the sand. 

I'll often get warnings about malware piggy-backing on legitimate emails from people I know. Why, becaue they haven't bothered to protect their system and have become infected. So, when I get malware notification, I let them know. And, lo and behold, when they do check their systems, they find that they are infested with the stuff. So, in most cases are their backup files.

If you do find yourself in such places you leave? A tad too late, I'd think.


----------



## Johan Elzenga (Sep 5, 2016)

clee01l said:


> I could take an anti Malaria pill daily.  Something I might consider if I were going into a Malaria infested region.



Good analogy (and one I like because I go to Africa each year, and _always_ take malaria prophylaxis). Unfortunately, _the internet_ is that region...


----------



## clee01l (Sep 5, 2016)

JohanElzenga said:


> Good analogy (and one I like because I go to Africa each year, and _always_ take malaria prophylaxis). Unfortunately, _the internet_ is that region...


Like Africa, not all of the internet is infected.  This forum is a safe place for instance.  Others include Amazon, and international brands websites etc. I don't visit bit torrent sites or any site that might offer pirated movies and music. Sites with Russian domains are also off limits to me.  I will only download files from websites that are vetted.


----------



## LouieSherwin (Sep 5, 2016)

LRList001 said:


> That product is discontinued, replaced by Ingestamatic.  Might do some of what I want, thanks for the suggestion.


 
ImageVerifier is a standalone product that you can purchase separately. You are thinking of ImageIngester which has been replaced by Ingestamatic. 

-louie


----------



## Johan Elzenga (Sep 5, 2016)

clee01l said:


> Like Africa, not all of the internet is infected.  This forum is a safe place for instance.  Others include Amazon, and international brands websites etc. I don't visit bit torrent sites or any site that might offer pirated movies and music. Sites with Russian domains are also off limits to me.  I will only download files from websites that are vetted.



This site is safe, because it doesn't have any third party generated adds. I wouldn't be so sure about Amazon however, and certainly not about news websites such as CNN. They have adds that are generated by third party vendors, and those adds can be infected by 'drive by' attacks. It has happened before, and it will happen again. That is exactly the point: _completely legitimate websites_ can contain malware this way, not just Russian sites, porn sites or bit torrent sites.


----------



## clee01l (Sep 5, 2016)

JohanElzenga said:


> This site is safe, because it doesn't have any third party generated adds...


And you routinely click on "clickbait"?  Yes, then you need an antivirus app to protect you from your own self.


----------



## Jimmsp (Sep 5, 2016)

I have been following this thread for a bit. Since the topic is ransomware, I am surprised that cloning the HD that the OS is on has not come up.
If you really want full protection from someone who grabs and encrypts your pc, you should have your OS drive backed (clone or image) as well as your data.
You could then easily and relatively quickly wipe your system clean, and then do a complete restore.


----------



## clee01l (Sep 5, 2016)

Jimmsp said:


> I have been following this thread for a bit. Since the topic is ransomware, I am surprised that cloning the HD that the OS is on has not come up.
> If you really want full protection from someone who grabs and encrypts your pc, you should have your OS drive backed (clone or image) as well as your data.
> You could then easily and relatively quickly wipe your system clean, and then do a complete restore.


You make a good point. Something that is often overlooked by both Windows users and Mac users  is that there is a hidden partition on your primary disk drive that has enough on it to recreate the primary partition and then facilitate a restore from your system backup.   Recently I got a new iMac. Using this partition on my new iMac, I was able to initialize the primary partition and "restore" my new iMac with a TimeMachine backup from my old iMac. 

If you can't do a complete restore from your system backup, then you really don't have a complete backup.  Cloning the boot drive is a solution, but a time consuming task that may take several hours and needs to be done on a regular basis since your cloned drive is only good to the point when it was created.  A system Backup like TimeMachine or CrashPlan is only at the most 30 minutes out of date.


----------



## Gnits (Sep 5, 2016)

clee01l said:


> Cloning the boot drive is a solution, but a time consuming task that may take several hours and needs to be done on a regular basis since your cloned drive is only good to the point when it was created.



I just checked my backup logs.
A full system image of my C drive happens every Sunday morning at 6.am (unattended) and takes approx 40 mins.
An incremental backup happens Mon - Sat at 6 am unattended and takes approx 3 mins.   I get an email to confirm successful completion.

Other than the effort to configure this once, it is a painless process.

[PS 1. I keep my O/S on a relatively small SSD which is only used for O/S and apps.  ]
[PS 2. As a Windows user, I envy Mac users who have the benefit of Time Machine]


----------



## Johan Elzenga (Sep 5, 2016)

clee01l said:


> And you routinely click on "clickbait"?  Yes, then you need an antivirus app to protect you from your own self.



Sigh. You don't have to click anything for a drive by attack... Please read that link I gave earlier (and you apparently didn't bother to check): "The term drive-by download describes how malware can infect your computer simply by visiting a website that is running malicious code". The code can be in an add, that is served on that site by a third party vendor. How malware works: Anatomy of a drive-by download web attack (Infographic) | Sophos Blog


----------



## clee01l (Sep 5, 2016)

Gnits said:


> [PS 2. As a Windows user, I envy Mac users who have the benefit of Time Machine]


Did You Know Windows 8 Has a Built-In Time Machine Backup?
Time Machine Backup for Windows 10 PC — Zinstall - Transfer programs and files to new PC, to Windows 10, 8, 7


----------



## PhilBurton (Sep 5, 2016)

JohanElzenga said:


> Sigh. You don't have to click anything for a drive by attack... Please read that link I gave earlier (and you apparently didn't bother to check): "The term drive-by download describes how malware can infect your computer simply by visiting a website that is running malicious code". The code can be in an add, that is served on that site by a third party vendor. How malware works: Anatomy of a drive-by download web attack (Infographic) | Sophos Blog


Corrupt advertising is sometimes called "malvertising."  However, a website with insufficient security can be attacked by hackers, who then plant malware onto that website.

Security of this forum is only as good as the security of the web host.

Phil


----------



## Johan Elzenga (Sep 5, 2016)

The point is that the website you visit can be a reputable website, that did nothing wrong. The malware isn't inserted directly into that website because its security is compromised, it is inserted at the level of the advertiser. Did you visit HuffPo last week? You might have a virus


----------



## PhilBurton (Sep 5, 2016)

JohanElzenga said:


> The point is that the website you visit can be a reputable website, that did nothing wrong. The malware isn't inserted directly into that website because its security is compromised, it is inserted at the level of the advertiser. Did you visit HuffPo last week? You might have a virus


Agreed.  But malvertising is not the only way to install drive-by malware on a website.


----------



## Johan Elzenga (Sep 5, 2016)

PhilBurton said:


> Agreed.  But malvertising is not the only way to install drive-by malware on a website.



Of course not, but this third party route is the most dangerous form. You visit a very reputable website like Huffington Post or CNN, you only read some of the news articles, you don't click on any adds, and still you could become infected. That is the point I was making, because some people in this forum still believe that you can't get malware as long as you don't visit dubious websites and don't click on clickbait links.


----------



## Replytoken (Sep 5, 2016)

JohanElzenga said:


> Of course not, but this third party route is the most dangerous form. You visit a very reputable website like Huffington Post or CNN, you only read some of the news articles, you don't click on any adds, and still you could become infected. That is the point I was making, because some people in this forum still believe that you can't get malware as long as you don't visit dubious websites and don't click on clickbait links.


And this happened to me several years ago.  I visited a site that I had visited on numerous occasions and considered safe.  After having malware detected after a visit, I contacted the site owner to ask if he knew more about the incident.  After researching into it, he informed me that one of the ads that appeared on the site, over which he had no control, was indeed infected.  Yes, you could say that you will only visit sites that have no advertising, but that rule out much of the internet these days.  I think it comes down to one's level of risk averseness, and some of us are more averse than others.

--Ken


----------



## clee01l (Sep 6, 2016)

Replytoken said:


> I think it comes down to one's level of risk averseness, and some of us are more averse than others.


 This is probably the only useful statement made in this thread!!


----------



## Gnits (Sep 6, 2016)

clee01l said:


> Did You Know Windows 8 Has a Built-In Time Machine Backup?


Apologies for late reply.

I was never comfortable using the  Windows backup tools. Sometimes I had difficulty even finding them in the menus.   I am happy with Macrium Reflect which is working perfectly for me, has all the features I need and allows me to configure schedules and alerts, etc with an easily accessable log.


----------



## LRList001 (Sep 6, 2016)

There is Microsoft's SyncToy too.  It is here:  Download SyncToy 2.1 from Official Microsoft Download Center

I have tended towards the view that it is the data I want to protect, building or buying another machine is not a huge problem compared to losing photos.  I am looking to ensure that every photo I have (and other data that goes with them) can last for the long haul.  For example, I make sure I have all the software installs (eg LR) (and their keys) so that I can open the files.  With the two 'ten' version OSs, both Apple and Microsoft appear to be indicating long term support of what might be considered 'main stream' software.  I have software from years ago that won't run under the latest OSs and even older old software that will, so I'm not sure how well I can define 'main stream'.


----------



## LRList001 (Sep 6, 2016)

clee01l said:


> This is probably the only useful statement made in this thread!!



I hope not, the intention is to look at the tools, techniques and workflows we use to provide protection to irreplaceable imagery.  People are chipping in with ideas and tools, lets stop discussing whether AV is essential, and if possible, think about tools, workflow, usability and which risks they mitigate.


----------



## Jack Henry (Sep 7, 2016)

Remember this, if your not running AV and your computer is infected with ANYTHING, then chances are that your cloned copy or backup is also infected. Was becoming unusable, you'll not be able to restore it with that infected clone. It becomes a time sucking effort to completely rebuild a machine from clean sources (that aren't a clean backup)


----------



## Linwood Ferguson (Sep 8, 2016)

LRList001 said:


> 5/  I could try to find some software which generates a hash of every file and if ever one changed, I would get notified, this seems to be my leading option.



If you are on windows and want to try a free one I wrote one mentioned here: LRValidate - Validate image data from Lightroom Catalog

I don't think it got much interest, but I use it all the time.  Runs on Windows 10 x 64, and latest lightroom versions.


----------



## LRList001 (Sep 10, 2016)

Ferguson said:


> If you are on windows and want to try a free one I wrote one mentioned here: LRValidate - Validate image data from Lightroom Catalog
> 
> I don't think it got much interest, but I use it all the time.  Runs on Windows 10 x 64, and latest lightroom versions.



On the face of it, it should be exactly what I want (and I agree, it could usefully be part of core LR).  However, the snag for me is I have many more files and file types than are in (or will go into) LR.

Out of curiosity, how do you determine if a file has changed?  The SHA2-256 hash makes sense to me, though an MD5 would likely be equally good for this purpose.

Also, in your notes you identify the risk of a file change when re-building after a LR migration.  If you ran the new catalogue to build the database and then re-ran the old one one final time, you would know if you had an unexpected change?


----------



## LRList001 (Sep 3, 2016)

The rise to epidemic proportions of ransomware has given me pause to think about my backup regimen and I would appreciate the views of the forum on how to do better.

1/  I have a backup regimen that provided I suffer no disk corruption, is pretty solid, with off-site storage, and many copies.
2/  Over time though, I rotate all the media, so if I get a corrupted file that I don't know about, it will (eventually) replace the good one I already have.
3/  I can't think of an easy way to find out if I have any corrupted files now, with many 10s of thousands of files, I am not about to open each one in turn to find out.
4/  I am thinking of changing the ownership of the files to ANOther, so that I only have read permissions on the master image files.  I can cope with LR's catalogue and anyway, that gets checked frequently by LR.  The snag is the workflow of having two users.
5/  I could try to find some software which generates a hash of every file and if ever one changed, I would get notified, this seems to be my leading option.
6/  What thoughts do others have?

TIA


----------



## LRList001 (Sep 10, 2016)

Jack Henry said:


> Remember this, if your not running AV and your computer is infected with ANYTHING, then chances are that your cloned copy or backup is also infected. Was becoming unusable, you'll not be able to restore it with that infected clone. It becomes a time sucking effort to completely rebuild a machine from clean sources (that aren't a clean backup)



And even if you are running AV and you get infected...  No AV solution is perfect.  I agree that rebuilding from scratch is not a frequent exercise, but as I will replace the hardware from time to time, it is a full rebuild in effect.  No machine arrives configured with the software I want already on it!


----------



## Linwood Ferguson (Sep 10, 2016)

LRList001 said:


> On the face of it, it should be exactly what I want (and I agree, it could usefully be part of core LR).  However, the snag for me is I have many more files and file types than are in (or will go into) LR.
> 
> Out of curiosity, how do you determine if a file has changed?  The SHA2-256 hash makes sense to me, though an MD5 would likely be equally good for this purpose.
> 
> Also, in your notes you identify the risk of a file change when re-building after a LR migration.  If you ran the new catalogue to build the database and then re-ran the old one one final time, you would know if you had an unexpected change?


It uses an MD5 as that was convenient at the time.

As to the catalog upgrade issue, yes, rerunning the old one would indeed let you know if there was a change in that small window of time.  Since a lot of times people do major software upgrades as part of hardware changes, that's a good idea. 

As to the broader issue: it's useful to distinguish two types of changes.  There is what most people refer to as "bit rot" which is a side effect of hardware or low level software issues (think drivers, firmware) that cause a change in a file when no change was requested from any application.   The other is the issue of changes made by programs which is inappropriate.  Certainly malware falls into this latter, but (in my mind) the more dangerous ones are cases where a program just runs a bit amok.  Consider the upgrade to Mac Lightroom a while back, that just randomly deleted a folder (or file, I forget) when it first ran.  Just whacked the alphabetically first one in (I think it was) the root folder.  No warning, no notice, and the file was a photo and was not in a folder that was in the catalog.  How do you notice something like that, unless it quickly breaks something.  It might be a file you need only once a year, or less.  

The Lightroom case I addressed in the Validate program is a niche -- because LR is non-destructive, and omitting issues of writing back metadata to files, and edit-in-place-in-photoshop type edits, once you put a file in the catalog, it is expected never to change.   Thus ANY change from any source can be reported as a potential problem.   So it covers most issues.   You can't do that with just files in general.

So in general there are two fixes for the two issues (bit rot and run-amok programs).  For bit rot it is to detect changes not made explicitly by high level applications.  This seems best addressed by file systems aimed at detecting and correcting it.  zfs is probably the gold standard, though btrfs is a competitor, and microsoft is promoting their own ReFS.  I was going to use the latter in my new PC build, but found its support still shaky (notably the lack of any operational documentation as to what happens when it actually DOES detect a problem, how you deal with it). Fundamentally all of these try to structure updates so they are interruptable (e.g. copy on write, logged writes), and then small sections are checksumed and reconstructable.  As an example it solves a long standing problem in raid mirrors, in that if you know a block is different between two mirrors -- which one is right?  Here it knows from the checksum, and picks the correct one to use to reconstruct the bad side of the mirror.  Auto-magically.

To the other aspect - programs doing bad things to files not their responsibility -- I think the solutions remain spot solutions.  For malware, anti-malware and versioned backups.  Big malware like ransomware is not a problem to "notice".   But for innocuous bad changes where noticing them timely is a challange, there are numerous checksum validity checkers (even Microsoft has one called fciv) you can use on files and programs, but you have to keep up with when change is expected.  Databases are getting better and more aggressive about internal validity controls, but that is out of the hands of users (other than to choose well their databases).   These can be applied to areas manually and managed manually (filtering out false positives from changes you expect).

The real answer would only come if OS's and application vendors build in more application isolation (e.g. only Excel can change a spreadsheet, protected at the OS level), and that's not going to happen for user level systems as interoperability, "open" and "don't confuse the user" are among the prime directives, not data integrity.  Heck look at "Data Execution Prevention" which was a hardware/software feature from long, long ago - it still cannot be routinely used as application vendors still write sloppy code that breaks basic isolation protocols.  Image how hard sandboxing each individual application will be (though unix is ahead in that regard with all the various containers, I just doubt they will show up on the average desktop soon). 

Sorry... rambling... good luck finding some good general tools.


----------



## LRList001 (Sep 10, 2016)

Ferguson said:


> It uses an MD5 as that was convenient at the time.



Thanks for the info.  When I started the OP, I didn't go into detail but all forms and causes of corruption were in my mind.  The files I want to protect can all be read only.  Indeed, I usually set them to read only, but that is no guarantee.


----------



## Linwood Ferguson (Sep 12, 2016)

LRList001 said:


> Thanks for the info.  When I started the OP, I didn't go into detail but all forms and causes of corruption were in my mind.  The files I want to protect can all be read only.  Indeed, I usually set them to read only, but that is no guarantee.



Setting the Read Only bit is like a post-it note on the front door that says "locked" without having a real lock. :(

It does nothing to prevent bit rot, and is pointless for protecting against malware.

It will (mostly) prevent you from yourself saving a file over top of it with a save-as command.


----------

