rektech Posted March 27, 2018 Report Share Posted March 27, 2018 Hi I have Resilio Home pro. I use it to back up my wife and I's data. I just had a customer of my work get hit by ransomware and they lost everything. That got me thinking. Since my Wife works with her dad for their family deck business and hes not very knowledgeable with technology and will just open any file sent to him. If he would download so ransomware file and it were to get on my wife's computer. Is their any kind of safe guard in Resilio sync they would keep the ransomware from being synced to the rest of my computers? Quote Link to comment Share on other sites More sharing options...
Gane O'dwyer Posted March 28, 2018 Report Share Posted March 28, 2018 @rektech Sync itself doesn't detect ransomware files as it used only for the files transferring. You should protect your device using third-party tools that could detect such files. Quote Link to comment Share on other sites More sharing options...
seanfl Posted March 28, 2018 Report Share Posted March 28, 2018 I've had similar thoughts with systems setup to share between users of varying skill. I've thought Sync would keep the older versions of deleted or encrypted files for 30 days before removing them...it might be a safeguard. Maybe someone can comment on this scenario: A user clicks on something and is infected by ransomware. All of the files that were being synced in a certain directory get encrypted. On other computers that receive the updated (now encrypted files), does sync maintain the non-encrypted versions for 30 days? Sean Quote Link to comment Share on other sites More sharing options...
Frank Maier Posted March 28, 2018 Report Share Posted March 28, 2018 Resilio Sync is a two way sync and thus not a backup! Resilio Sync stores the old file in a so called Archive folder as a very very basic 'backup'. So in the case of a ransomware encrypting all files on computer A, these encrypted files will get synced to computer B, but on computer B Resilio Sync copies the not encrypted files to the Archive folder first. Still, because it's a two way sync, it's not a backup. It's more likely that the ransomware infects computer B through the network, too and thus encrypts all files there, too, including the archive. So don't skip the backup and don't omit an AV scanner on each computer, even if some people think they don't need one. Quote Link to comment Share on other sites More sharing options...
SinusPi Posted April 4, 2018 Report Share Posted April 4, 2018 It wouldn't seem impossible for Resilio to detect if a file's "magic bytes" changed (by being encrypted)... or when many files in a folder get deleted and they're about to be erased from all the synced locations... Resilio could show a warning in such a case, perhaps, to verify if the user really had just encrypted or deleted half of their files... orrrr maybe not and it's time to mark THESE data as infected and restore them from the "cloud". Quote Link to comment Share on other sites More sharing options...
Moe Posted April 7, 2018 Report Share Posted April 7, 2018 @SinusPi Resilio Sync was not designed for this need. What you are doing is called being a "Feature Creep". Quote Link to comment Share on other sites More sharing options...
SinusPi Posted April 7, 2018 Report Share Posted April 7, 2018 It could be handled by a plugin, called before a sync operation is commenced. Or are plugins considered feature creep as well..? Quote Link to comment Share on other sites More sharing options...
Frank Maier Posted April 10, 2018 Report Share Posted April 10, 2018 It's impossible for Resilio Sync. It's a sync and not a backup. For a ransomware you need a working backup and nothing else! Every other solution might work or not, depending on the ransomware. If you have a ransomware, it's very likely the remote location has it too, thus it would be useless if Resilio Sync tells me that files got encrypted if they get encrypted on each PC independently. That's why you need a backup, at best an offline backup! Resilio has a basic backup, which prevents the destruction of remote files due to a ransomware or deletion, it's the archive folder. I don't see why they should implement another additional layer if you could simply install an AV scanner on your PC to detect a ransomware? So what don't you like about the archive folder? Resilio Sync works in the background and the less I notice its presence the better. This means if I edit a lot of files (e.g. batch image editing) I don't want to get disturbed by some stupid warnings that a lot of files got changed recently. I know it. That's why I'm doing it. I also don't want another additional CPU load. So again, what's wrong with the archive folder? What's wrong with using an AV scanner? Quote Link to comment Share on other sites More sharing options...
SinusPi Posted April 10, 2018 Report Share Posted April 10, 2018 "We're a TV station, not a data analysis service - it's not our problem if that DVD with a commercial you sent in was broken in half; we'll just emit 10 seconds of white noise and charge you the normal screen time rate, even though we could have you provide another media." It's the approach you're presenting. Sure, a sync program is a sync program, but it's not uncommon at all for programs to interface with each other for a combined purpose. 1. It's not at all likely the remote location has ransomware too if it's on a different platform or hosting service altogether. 2. Is it practical to have my ENTIRE file collection in the archive folder? I have yet to use Resilio, so you'll have to judge for me. 3. Don't like a feature? Turn it off. Don't like confirmation messages popping up? Turn them off. "Thanks for asking, but I am, in fact, updating large numbers of files right now. Stop asking for, say, a day." Nothing's wrong with using an AV scanner, that's a ridiculous question. Not all viruses and ransomware get detected quickly enough for everyone to get their AV databases updated. Pretty much everyone's running Windows Defender now, and look, ransomware attacks spread like wildfire anyway. So apparently not all AV packages are equal. Then there's the accidental deletion, of course, with no malware involved. Oops, I pressed the wrong button, and the program I was using adopted the approach you outlined yourself: it wasn't built to prevent the user doing damage to their files, so they didn't build any "are you sure?" messages in. Now my files are gone... ah, but they're on my mobile. DOH! Not anymore! STOP! ABORT! Too late. So tell me, is it really that absurd to propose some sort of plugin solution (no feature creep) that could prevent or otherwise influence syncing in specific cases? Quote Link to comment Share on other sites More sharing options...
Frank Maier Posted April 11, 2018 Report Share Posted April 11, 2018 What you're asking for is what the archive folder does for you already. e.g. I have PC A, PC B and one NAS synced. I delete my entire collection on PC A, on PC B and the NAS the entire collection will get moved to the archive folder from where I can copy it back on PC B or the NAS. I modify my entire collection on PC A (e.g. optimize the images, did this just a few weeks ago. So the same a ransomware would do). On PC B and the NAS all files will get moved to the archive folder and the new files synced. So i could restore the files from PC B and the NAS from the archive if I did something wrong. In reality I had to delete the archive, to free some space afterwards Nevertheless, I have an incremental daily backup, too. So whenever I do something stupid, I could restore the files from the daily backup, too. Quote Link to comment Share on other sites More sharing options...
dtorrey Posted April 6, 2020 Report Share Posted April 6, 2020 Sorry for asking dumb question, but where does the archive folder live? I'm using a Mac (10.15.4) but interfacing with Windows PC. Quote Link to comment Share on other sites More sharing options...
Daria Posted April 7, 2020 Report Share Posted April 7, 2020 @dtorrey Archive folder can be found inside hidden .sync directory within the share. It can also be accessed via Sync UI - go to Share's Options (vertical ellipsis) > Open archive... Quote Link to comment Share on other sites More sharing options...
dtorrey Posted April 7, 2020 Report Share Posted April 7, 2020 Thanks for the reminder and guidance. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.