Home ยป Forum ยป Author Hangout

Forum: Author Hangout

Word for Mac Recovery Help, Help!!!

Vincent Berg ๐Ÿšซ

After upgrading to Word for Mac 2019 (completely against my will, since the Mac now insists no nothing but 32-bit files), I've NEVER been able to work the "Recover file" facility.

So, of course, after struggling with editing a file, which kept suffering from display issues (in "Review" mode while flagging changes), the file crashed, taking an hour's work with it.

Is there ANY way to recover a Word for Mac 2019 file? The ~filename is present and intact, but the recovery process returns my name, repeated thrice, then "1//Desktop/Writing/~$" and nothing more.

Replies:   REP
Vincent Berg ๐Ÿšซ

By the way, since day 1 of using this version of Word, it has NEVER saved ANYTHING in the Word Recovery folder, though it leaves multiple unrecoverable ~filename.docx files in my work directories.

Replies:   Switch Blayde
Switch Blayde ๐Ÿšซ

@Vincent Berg

After upgrading to Word for Mac 2019

I'm on Word 16.16.24 on my Mac. What's the Mac 2019 version?

I don't use the Recovery feature (I simply back up individual files periodically), but I remember seeing some options about Word automatically saving for recovery. But I can't find it. I thought it would be in Preferences but I don't see it. I remember not checking that box.

Replies:   Vincent Berg
Vincent Berg ๐Ÿšซ

@Switch Blayde

I'm on Word 16.16.24 on my Mac. What's the Mac 2019 version?

It's version 16,29, but like you, I generally avoid the recovery (as again, I've NEVER gotten it to work), but today, I was working for quite some time, and then Word crashed, and when it came back, it never recovered anything.

Even worse, after running the Recovery Routine (not easily accessed, like on Windows), it also deleted all the accumulated recovery files (those I hadn't deleted manually), even the backup copy I made. So, while I'm assuming it NEVER backed up anything, there is NO way to recover now, even if they did.

Some things are better under Word for Mac, but some things are utter crap!

But, the default is for WfM to back up everything as you work on it, so you'll often notice a file in the form "~filename.ext" in your Finder directory which goes away once you exit Word. I always assumed that was your recovery file, as I used to always recover from that under Word for Windows 2010 (the last time I was ever able to use the recovery feature).

Replies:   Switch Blayde
Switch Blayde ๐Ÿšซ

@Vincent Berg

It's version 16,29,

That's odd. I just ran an update. I wonder why I'm not on 16.29.

Replies:   Vincent Berg
Vincent Berg ๐Ÿšซ

@Switch Blayde

That's odd. I just ran an update. I wonder why I'm not on 16.29.

I'm not sure. Do you have a monthly subscription, or did you purchase the program. The monthly subscription should always give you the latest version, while the purchase only gives you the version you purchased. Otherwise, maybe it only lists the version that you're licensed for, rather than the latest updated version you're currently working with.

Companies do odd things with licensing nowadays.

Replies:   Switch Blayde
Switch Blayde ๐Ÿšซ

@Vincent Berg

Do you have a monthly subscription, or did you purchase the program. The monthly subscription should always give you the latest version, while the purchase only gives you the version you purchased.

No license. I purchased it.

However, although they said no updates with purchase, I get updates all the time. It installed Microsoft AutoUpdater which notifies me when there are updates (I don't have auto update on) or I can go to Help and Check for Updates.

When Apple reinstalled the OS on my MacBook, they downloaded and installed Office again. It recognized my computer's serial number as the one that purchased it. The first thing I did was to do updates, and then I've been updating since then.

Replies:   Vincent Berg
Vincent Berg ๐Ÿšซ

@Switch Blayde

No license. I purchased it.

However, although they said no updates with purchase, I get updates all the time. It installed Microsoft AutoUpdater which notifies me when there are updates (I don't have auto update on) or I can go to Help and Check for Updates.

In that case, all the updater is updating is your version of the software, which at this point is exclusively security patches (as that version is still maintained, but no longer the current version.

That's standard practice with most software, though with standalone, non-subscription software, you license the app itself, rather than a particular version of the program.

Replies:   Switch Blayde
Switch Blayde ๐Ÿšซ

@Vincent Berg

In that case, all the updater is updating is your version of the software,

Aha. That makes sense.

palamedes ๐Ÿšซ

Try using another program to open files there are many programs out there that are even free.

openoffice

Is a go to program I use on old saved documents.

Replies:   Vincent Berg
Vincent Berg ๐Ÿšซ

@palamedes

Try using another program to open files there are many programs out there that are even free.

openoffice

Is a go to program I use on old saved documents

Alas, the .docx file was never saved/nor deleted. The only thing I had to work with, with the temporary file that Word creates, which contains no text, just the internal Word coding so they can potentially duplicate the updates the the existing file. I'm doubting that OO would understand it, as OO and OL both have their own internal coding, rather than duplicating Words. I'll try it, the next time I'm hip deep in an open file, but I'm not going to bet on it working. But, simply opening Word's Recovery option permanently erased every temporary Word file across my entire machine.

But, I really only have myself to blame. I was having my Mac read the text aloud to me, and modifying anything that didn't 'flow' naturally. And since I'd already saved the epub file with the latest chapter in it, I was planning to use the modified file to update the epub. Thus, I chose not to update it as I worked on it. So, I really got exactly what I deserved.

I was just disappointed because, so far, I haven't heard anyone say that they've ever gotten WFM's Recovery option to work as advertised. So, since I've never used it anyway, I'm going to save all that extra background processing and turn the 'save temporary files' option off and be done with it.

Replies:   Keet
Keet ๐Ÿšซ

@Vincent Berg

I was just disappointed because, so far, I haven't heard anyone say that they've ever gotten WFM's Recovery option to work as advertised. So, since I've never used it anyway, I'm going to save all that extra background processing and turn the 'save temporary files' option off and be done with it.

I don't know about Word but with LibreOffice you can set several options among which "Always create backup copy" and "Save AutoRecovery information every xx minutes". I doubt you couldn't set the same for Word so just check the backup copy setting and the autorecovery setting and set the number of minutes for the autorecovery to execute. Just remember to save the document immediately after starting it otherwise the program doesn't know what to save where.

Replies:   Vincent Berg
Vincent Berg ๐Ÿšซ

@Keet

I don't know about Word but with LibreOffice you can set several options among which "Always create backup copy" and "Save AutoRecovery information every xx minutes". I doubt you couldn't set the same for Word so just check the backup copy setting and the autorecovery setting and set the number of minutes for the autorecovery to execute. Just remember to save the document immediately after starting it otherwise the program doesn't know what to save where.

Alas, I make too many minor changes to keep track of multiple versions of each chapter, in a variety of different formats. But ...

It turns out that Word for Mac saves the files to a different location than a "Help for Word or Mac 2019" shows. However, despite the option clearly being turned on, nothing has ever been saved there, where I still retain multiple files from my old version of Word, dating from 2016 to 2018 (for some odd reason, Macs never purge old installs, despite asking if you want to, and they store their recovery files (and temp files) somewhere different too). In fact, I also have Clean My Mac doesn't regular maintenance, even purging old installations, yet it has never successfully purged any of my duplicate files, only those I've uninstalled.

So, for whatever reason, Word 2019 does not actually execute a single feature, despite it being set up to. :(

I guess, when I have time, I'll reinstall it, just to see whether I can get the feature to properly activate.

Replies:   Keet
Keet ๐Ÿšซ

@Vincent Berg

Alas, I make too many minor changes to keep track of multiple versions of each chapter, in a variety of different formats. But ...

In that case you are better of using a versioning system like GIT or Apple's MacOS versioning system.

Replies:   Vincent Berg
Vincent Berg ๐Ÿšซ

@Keet

In that case you are better of using a versioning system like GIT or Apple's MacOS versioning system.

I'd seen the Mac versioning system, but never paid much attention to it. As far as I can tell, Word for Mac has never supported versioning (none of the options appear in the "File" menu), what's more, there's no evidence that there are any versions of any file I've ever saved multiple copies of. So, unless there's some hidden 'activate' feature, I don't know how to access it.

But, more than that, the file in question was physically deleted when Word for Mac crashed, and the autosave didn't save anything. The temporary "~filename.ext" file was, but it contained nothing but my name, repeated three times and the supposed folder for the Word for Mac recovery files (which has always been empty, other than on my older Mac systems (pre 32-bit app restrictions?).

Also, versioning simply appears to be another way of accessing Time Machine, but I've never had a problem firing it up from my browser, any time I need to restore a file.

So, unless I'm missing something vital, I'm not sure what I'm losing by ignoring Mac Versioning. (Though the person I probably should ask is Lazeez, as he knows more about the Mac's functioning than most of us authors.

Replies:   Switch Blayde  Keet
Switch Blayde ๐Ÿšซ
Updated:

@Vincent Berg

Not that it will help you now, but I keep a thumb drive plugged in and periodically save to that. I save to my hard drive often, and copy to the thumb drive less often. I wonder if whatever deleted your files would have done that on a thumb drive.

I also have an external hard drive that's not powered on until I want to do a real backup. I believe that if it's not powered on and not connected to the Mac, nothing can get at it.

If you're using Time Machine, wouldn't the files be on it?

Replies:   Vincent Berg
Vincent Berg ๐Ÿšซ

@Switch Blayde

Not that it will help you now, but I keep a thumb drive plugged in and periodically save to that. I save to my hard drive often, and copy to the thumb drive less often. I wonder if whatever deleted your files would have done that on a thumb drive.

I have several USB-C external drives (both 5 and 7 tb), where I keep the current/most-recent versions of each chapter, which I manually back up fairly regularly.

However, since you can only back up files that you've successfully saved, it wouldn't have made any difference in this instance.

Unfortunately, my Mac Mini desktop was compromised by hackers (who planted a key-tracker in the root folder, despite the vaulted Mac security), so that machine is effectively dead now. And you have to plug an external drive (5TB) into your access ports to run Time Machine on a MacBook Pro, which also draws a Huge amount of power, draining my battery quickly, so I only manage Time Machine backups on my laptop every few days.

P.S. I've also set each of my external drives (other than the slower Time Machine drive), so they will not auto-mount, meaning that anyone breaking into my system is unable to access and mount the external drives, even if they're attached.

Keet ๐Ÿšซ

@Vincent Berg

Also, versioning simply appears to be another way of accessing Time Machine, but I've never had a problem firing it up from my browser, any time I need to restore a file.

Read the information on this page: https://blog.macsales.com/47415-auto-save-and-versions-an-often-overlooked-mac-feature/.

File versioning is built into the file manager, and is part of the Document Architecture that Apple provides. It's not part of Time Machine, nor is it reliant on any feature or service of Time Machine. The two are often confused because the Version History viewer looks almost the same as the Time Machine interface. And while they both allow access to earlier versions of a file, that's where their similarities diverge.

Mind you, I don't know anything about Apple or it's systems since I never used them and never will but I do try to keep up with the general news about everything.

REP ๐Ÿšซ

@Vincent Berg

I had a problem with MS Word where the file would lock up as I paged down through the text. I solved it by reopening the file and going straight to the end of the file. I added 3-4 returns to the end, and then copied everything but the last 2 returns and posted what I copied into a new file. I lost my formatting but saved all of the content.

The reason it worked for me is Word saves the file structure definition and text formatting information with the last return in the file. My file locked up because the file structure definition was corrupted, so by not copying the corrupted definition to the new file, I save my content and the new file built a new file structure definition when I pasted the text into the new file.

If it works for you great, otherwise good luck.

ystokes ๐Ÿšซ

I have always been a windows fan even before windows was just MSDos was because I would go to computer fairs where there was so many more programs for windows then mac.

Replies:   Vincent Berg
Vincent Berg ๐Ÿšซ

@ystokes

I have always been a windows fan even before windows was just MSDos was because I would go to computer fairs where there was so many more programs for windows then mac.

I was too, especially the large amount of 'hacks' you could install to the OS and various programs, but after one too many reinstalls, and finally a ransonware I couldn't recover from, I gave it up (first just using a laptop, then moving over to ALL Apple equipment), where I'm still being attacked by Russian hackers.

Replies:   Switch Blayde  Keet
Switch Blayde ๐Ÿšซ

@Vincent Berg

I'm still being attacked by Russian hackers

I didn't know you were running for president.

Keet ๐Ÿšซ

@Vincent Berg

I was too, especially the large amount of 'hacks' you could install to the OS and various programs, but after one too many reinstalls, and finally a ransonware I couldn't recover from, I gave it up (first just using a laptop, then moving over to ALL Apple equipment), where I'm still being attacked by Russian hackers.

There isn't a system exempt from being attacked. It's how much it's used that usually makes the difference. Windows is wide spread with most of the users having no idea how to secure it. Pretty much the same with Apple besides that it's is a different target group. Linux is used on many servers but these are mostly well protected. The number of Linux desktops is too low compared to Windows and Apple systems to put in the effort so it's relatively 'safe' against hackers.

Replies:   Vincent Berg
Vincent Berg ๐Ÿšซ

@Keet

There isn't a system exempt from being attacked. It's how much it's used that usually makes the difference.

Actually, I've found the (latest) Mac hardware & OS to be better at sheltering the core root & program files, unfortunately, since most current routers aren't worth a shit (in terms of security), it's relatively simple to grab ALL a computer's login passwords.

Unfortunately, it doesn't take long (only a couple years) for that security to erode. However, I've found the best security (so far), is simply to shut down my network (i.e. not leave my desktop running 24/7, even in sleep mode), because that's when the Russian hackers (Fancy Bear and Cozy Bear) are active. So, simply limiting their access seems to be the best option, even for older devices.

The thing with the Russian hacking groups, is that their 'day job' is working for Putin, but in exchange, he gives them carte blanche to hack into any computers they can, to generate whatever wealth they can steal for themselves (with Russian's guaranteed individual immunity from foreign prosecution). It's a lucrative proposition, as they trade the same 'hacks' and try to break into as many computers (both multi-national corporations and utilities and personal or family computers). Their randsomware works equally well on either.

ystokes ๐Ÿšซ
Updated:

I guess I am lucky. In the 24 years I have been on a computer I have only had one virus and that was in 2005. To my knowledge I have never been hacked and as for randsomeware I'll just tell them the same thing I tell anyone who says they'll sue me "Good luck since I am broke anyway."

I did have the blue screen of death a few times.

Dominions Son ๐Ÿšซ

@ystokes

and as for randsomeware I'll just tell them the same thing I tell anyone who says they'll sue me

Ransomeware is not about them suing you. It's a trojan/virus that makes it impossible for you to use your computer. If you pay the creator money (a ransom) he will deactivate it so you can use your computer again. There is never any threat to get a court involved.

Replies:   ystokes
ystokes ๐Ÿšซ

@Dominions Son

Ransomeware is not about them suing you. It's a trojan/virus that makes it impossible for you to use your computer. If you pay the creator money (a ransom) he will deactivate it so you can use your computer again. There is never any threat to get a court involved.

Well duh!! I know how ransomware works. That wasn't the point I was making. The point I was making which seem to go over your head was that like people who threaten to sue me my reply would be good luck getting any money from me because I have no money.

Replies:   Dominions Son
Dominions Son ๐Ÿšซ

@ystokes

my reply would be good luck getting any money from me because I have no money.

Some how I don't think that would get the ransomware people to release your computer for free.

Replies:   ystokes
ystokes ๐Ÿšซ

@Dominions Son

Some how I don't think that would get the ransomware people to release your computer for free.

You seem to have a deep-seated obsession to twist my words. Again that was not my point. It boggles the mind how you came to the conclusion that I would think that they would just release my computer. That's just dumb.

Replies:   Dominions Son
Dominions Son ๐Ÿšซ

@ystokes

Again that was not my point. It boggles the mind how you came to the conclusion that I would think that they would just release my computer. That's just dumb.

Your choices would be either pay the ransom or replace your system. Responding to ransomware with "To bad, I'm broke" seems entirely pointless.

Replies:   ystokes  Vincent Berg
ystokes ๐Ÿšซ

@Dominions Son

Your choices would be either pay the ransom or replace your system. Responding to ransomware with "To bad, I'm broke" seems entirely pointless.

I don't think it would be pointless. My point in telling them that would be they were morons for wasting their time and energy going after me.

Dominions Son ๐Ÿšซ
Updated:

@ystokes

My point in telling them that would be they were morons for wasting their time and energy going after me.

They don't target specific people. They blast their ransom ware out there shotgun style either as trojans buried in "freeware" downloads or via spam.

If one in 10,000 pays up, they make a profit.

Replies:   Vincent Berg
Vincent Berg ๐Ÿšซ
Updated:

@Dominions Son

If one in 10,000 pays up, they make a profit.

Which is why, I'd rather pay thousands for a new machine than pay a cent in ransomware. It's like paying actual ransoms. As long as you pay, they'll continue to thrive. As soon as people (collectively) start saying 'Up Yours!' it'll no longer be profitable.

Note: Sorry for the Post Deluge, but I hadn't visited in some time, and there was a lot to respond to!

Vincent Berg ๐Ÿšซ

@ystokes

I don't think it would be pointless. My point in telling them that would be they were morons for wasting their time and energy going after me.

Yeah, I did that. That's how you get added to the dark web's 'hit lists'! So, it's better to simply take the infected machine offline, move to a separate secure machine, and not antagonize the 'morons'. There's nothing to be gained by issuing a chaleange, because while it may frustrate one hacker, there are literally thousands who are capable of getting around your safeguards!

Vincent Berg ๐Ÿšซ

@Dominions Son

Your choices would be either pay the ransom or replace your system. Responding to ransomware with "To bad, I'm broke" seems entirely pointless.

That's why it always pays to back your system (executables and system files) to a secure hard drive, and keep a spare backup computer (like a cheaper laptop), so you have a fallback in these circumstances.

I also have Internet Blockers (Little Snitch on the Mac) where you can prevent the OS from connecting with specific sites, but since they do that with the Mac addresses (not related to which computer you're on), there's no way of knowing which transmissions need to be blocked.

Unfortunately, the latest version of Little Snitch's default setting is to either allow or block everything, rather than their old behavior, where you could allow each new site to connect before deciding whether to block it or not. At that point, once you've already allowed every single site access, an internet blocker is rendered worthless. :(

Vincent Berg ๐Ÿšซ

@ystokes

I guess I am lucky. In the 24 years I have been on a computer I have only had one virus and that was in 2005. To my knowledge I have never been hacked and as for randsomeware I'll just tell them the same thing I tell anyone who says they'll sue me "Good luck since I am broke anyway."

I will NEVER surrender to ransomware demands, as I'd rather pay several thousand for an all-new computer than to give a dime for some nameless hacker to blackmail me for the rest of my life (talk about lifetime subscription models). However, after surviving one such attack (taking the computer in question permanently off-line, since there was no way to remove the link in the root to the hacker with a fresh install), the hacker notified me that he was placing the information he could steal from me (from a keyboard tracing program) on the dark-web, and ever since, I've had repeated attempts to compromise my systems.

Luckily, my machines are new enough (and updated enough) that they haven't been able to compromise any others, but at this point, it's only a matter of time, especially since there appears to be not a single wireless router than can't be compromised to release the password of every machine that's connected to it!

My biggest worry now, though, is my iPhone X, already more than 3 years old. I've been waiting patiently for the new iPhone 12 Pro model (rather than the default, low-end device, since I use my devices so heavily), but there is currently NO release date for it. So, there's no telling when I'll be able to upgrade it.

In the worst case, I'll have to dumb it and replace it with another second-hand phone until I can get another to last me a while, but I no longer trust most devices beyond a year (since my less than a year-old Mac Mini was compromised (again, it was set to 'always on', which isn't a wise option nowadays).

Replies:   ystokes
ystokes ๐Ÿšซ

@Vincent Berg

Luckily, my machines are new enough (and updated enough) that they haven't been able to compromise any others, but at this point, it's only a matter of time, especially since there appears to be not a single wireless router than can't be compromised to release the password of every machine that's connected to it!

I admit I do not know how the mechanics of ransomware works but couldn't you just replace the hard drive with a new one and while off-line hook your old drive up as a external HD and move most your information to the new one.

Replies:   Keet  Vincent Berg
Keet ๐Ÿšซ

@ystokes

I admit I do not know how the mechanics of ransomware works but couldn't you just replace the hard drive with a new one and while off-line hook your old drive up as a external HD and move most your information to the new one.

Replace the hard drive yes, hooking up the old drive will probably infect your system again and it's useless for retrieving data because all that is encrypted. Just boot with a Linux live CD, remove all partitions, repartition, and fully format the hard drive, then reinstall the OS. BEFORE you do all that check with the police because a number of decryption keys have been found or they know of a glitch in the ransomeware which they know you can use to decrypt the drive. So make sure you take a picture of the ransomeware message to show them.

Switch Blayde ๐Ÿšซ

@Keet

Just boot with a Linux live CD

Who has a CD drive on their computer nowadays?

Replies:   Keet  palamedes  Vincent Berg
Keet ๐Ÿšซ

@Switch Blayde

Who has a CD drive on their computer nowadays?

You can do the same with a USB drive, just make sure it's read-only. Otherwise you will have to go to a repair shop.

palamedes ๐Ÿšซ

@Switch Blayde

Who has a CD drive on their computer nowadays?

I do in every one of my computers. Just built a intel i7 9700k on a Gigabyte H370 with 16 megs ram and a 2TB m.2 using on board graphics.

Why all that because it was what was available, in my price range, and most important able to handle the job needed to be done and one requirements is having to be able to read cd/dvd disks.

I live and work in an area where not only do we not have internet there is also no cell signal though this area is getting smaller. Don't get me wrong where the house is we have everything but if you go out into the farm fields where there is no houses around for 20 miles (32K) you get no utilities at all.

As for USB drives had to many of them fail from being cooked when left in vehicles .

Replies:   Keet  Vincent Berg
Keet ๐Ÿšซ
Updated:

@palamedes

Who has a CD drive on their computer nowadays?

I do in every one of my computers. Just built a intel i7 9700k on a Gigabyte H370 with 16 megs ram and a 2TB m.2 using on board graphics.

Yup, me too. In both my laptops as well. I even have a portable DVD drive. I keep ISO backups of several Linux distributions on DVD and CD. Nothing beats a certified read-only install medium with an image that you can also run as a live system.

Vincent Berg ๐Ÿšซ

@palamedes

As for USB drives had to many of them fail from being cooked when left in vehicles.

Also, ALL electronic media (CDs, hard drives, USB and external drives), and especially SSD have notoriously short lifespans (especially if left exposed to bright sunlight), so you have to continually keep re-backing everything up to newer devices and the older ones begin to lose data, thousands of individual 'blocks' (i.e. generally half a byte) at a time.

The Mac's Time Machine is great for this, as it keeps backing up any new data, and can reinstall the files (or backups) to another drive, but alas, Time Machines has an especially high failure rate itself (20%), so you can never guarantee than any single restore will succeed. :(

Replies:   Keet
Keet ๐Ÿšซ

@Vincent Berg

The Mac's Time Machine is great for this, as it keeps backing up any new data, and can reinstall the files (or backups) to another drive, but alas, Time Machines has an especially high failure rate itself (20%), so you can never guarantee than any single restore will succeed. :(

(bold added by me)
"Great" and "high failure rate", that's contradictory. A failure rate of 20% is huge and would make it useless in my opinion.

Vincent Berg ๐Ÿšซ

@Switch Blayde

Who has a CD drive on their computer nowadays?

I assume he meant 'installation image', which you can then load onto a separate bootable drive (like an external SSD) to do a fresh install. In that case, CD drive wouldn't be required.

Dominions Son ๐Ÿšซ

@Keet

Just boot with a Linux live CD, remove all partitions, repartition, and fully format the hard drive, then reinstall the OS. BEFORE you do all that check with the police because a number of decryption keys have been found or they know of a glitch in the ransomeware which they know you can use to decrypt the drive. So make sure you take a picture of the ransomeware message to show them.

This presumes you actually have install media for the OS. Most people don't with Windows or Apple systems bought as complete units.

Replies:   Keet  Vincent Berg
Keet ๐Ÿšซ

@Dominions Son

This presumes you actually have install media for the OS. Most people don't with Windows or Apple systems bought as complete units.

Apple I don't know but Windows you can download and install. Don't know if you still need a key these days, I haven't touched Windows in a very long time.

Dominions Son ๐Ÿšซ
Updated:

@Keet

Don't know if you still need a key these days, I haven't touched Windows in a very long time.

Yes, you still need a key. Yes, you can download and install, but that requires a currently working system and you can't reformat the drive that way.

To reformat the hard drive, you need OEM install media.

The average user would have to take their machine into a shop that does custom builds and have them do it. That will cost money.

Replies:   Keet  Vincent Berg
Keet ๐Ÿšซ

@Dominions Son

Yes, you still need a key. Yes, you can download and install, but that requires a currently working system and you can't reformat the drive that way.

To reformat the hard drive, you need OEM install media.

The average user would have to take their machine into a shop that does custom builds and have them do it. That will cost money.

Yes, the average user will have to take into a shop, but you can use an Ubuntu or Linux Mint live CD to boot, partition, and format the drive, and then to download Windows. Fairly simple but a lot of work and indeed not for the average user.

Replies:   irvmull  Vincent Berg
irvmull ๐Ÿšซ

@Keet

Yes, the average user will have to take into a shop, but you can use an Ubuntu or Linux Mint live CD to boot, partition, and format the drive, and then to download Windows. Fairly simple but a lot of work and indeed not for the average user.

Far better solution is to boot the Linux Mint CD, click on "install", and forget about the tedious task of installing Windows 10, and then waiting for all the updates. You'll have a faster, safer, easier to use OS that doesn't need continual updating.

Replies:   Keet
Keet ๐Ÿšซ

@irvmull

Far better solution is to boot the Linux Mint CD, click on "install", and forget about the tedious task of installing Windows 10, and then waiting for all the updates. You'll have a faster, safer, easier to use OS that doesn't need continual updating.

Totally agree :)

Vincent Berg ๐Ÿšซ

@Keet

Yes, the average user will have to take into a shop, but you can use an Ubuntu or Linux Mint live CD to boot, partition, and format the drive, and then to download Windows. Fairly simple but a lot of work and indeed not for the average user.
{/quote>
External CDs are also useful for running diagnosis on problematic computers (where your regular computer suddenly starts acting funky), so you'll know how to fix it.

Vincent Berg ๐Ÿšซ

@Dominions Son

The average user would have to take their machine into a shop that does custom builds and have them do it. That will cost money.

I've been doing custom installs (and system recoveries) for years, as I used to build my own high-end Windows systems (you can't do that under Apple), where I'd purchase the components and build the whole system myself, or more often, have someone else custom build my desired system, yet get a STEEP discount on one purchased through a computer seller.

Michael Loucks ๐Ÿšซ
Updated:

@Keet

Apple I don't know but Windows you can download and install. Don't know if you still need a key these days, I haven't touched Windows in a very long time.

You can boot recent Macs into 'internet recovery' which requires little more than working firmware and a network connection by pressing Option-Command-R.


Mac OS Recovery
[Link to Apple]

No license code required.

Replies:   Keet
Keet ๐Ÿšซ

@Michael Loucks

You can boot recent Macs into 'internet recovery' which requires little more than working firmware and a network connection by pressing Option-Command-R.

I don't have anything from Apple but how would you go about formatting the disk before that? I assume that you can't get to the recovery as long as ransomeware has a hold on the computer.

Replies:   Michael Loucks
Michael Loucks ๐Ÿšซ
Updated:

@Keet

I don't have anything from Apple but how would you go about formatting the disk before that? I assume that you can't get to the recovery as long as ransomeware has a hold on the computer.

The computer actually boots over the internet with the entire recovery system held in RAM. At that point, you would run Disk Utility (again, in RAM) and be able to erase/partition/format the drive.

Also, given the way the most current version of Mac OS works, it would be nearly impossible for the OS itself to be corrupted, and even more unlikely for the recovery partition to be corrupted. But, if they were, then the above will resolve the problem.

Replies:   Keet  Vincent Berg
Keet ๐Ÿšซ

@Michael Loucks

The computer actually boots over the internet with the entire recovery system held in RAM. At that point, you would run Disk Utility (again, in RAM) and be able to erase/partition/format the drive.

Also, given the way the most current version of Mac OS works, it would be nearly impossible for the OS itself to be corrupted, and even more unlikely for the recovery partition to be corrupted. But, if they were, then the above will resolve the problem.

Looks like a good system to me but be aware that there's a new ransomware system found specifically targeted to MacOS systems: https://thehackernews.com/2020/07/macos-ransomware-attack.html (EvilQuest, also named ThiefQuest).

Replies:   Michael Loucks
Michael Loucks ๐Ÿšซ

@Keet

Looks like a good system to me but be aware that there's a new ransomware system found specifically targeted to MacOS systems: https://thehackernews.com/2020/07/macos-ransomware-attack.html (EvilQuest, also named ThiefQuest).

Well, when I start loading pirated apps (never have in 45 years of computer usage), I'll worry about that one. I have a CISSP, and I'm one of the more paranoid users of computers.

Not saying that Macs can't get viruses or malware, but, generally speaking, you have to pretty much go out of your way to get them.

Replies:   Vincent Berg
Vincent Berg ๐Ÿšซ

@Michael Loucks

Well, when I start loading pirated apps (never have in 45 years of computer usage), I'll worry about that one. I have a CISSP, and I'm one of the more paranoid users of computers.

I've long used 'hacking software' to 'augment' my OS software, in addition to testing out and learning expensive new software before purchasing it, but in all my years, aside from a few bad installs or corrupted drives/backups, I've never been compromised by a torrenting site.

The key, is that you learn which sites are secure, and which (cough, cough, Pirate Bay) allows virus-laden adds to proliferate, or which don't allow users to flag modified or infected installations.

But once you've hung around the communities for long, it's pretty easy keeping yourself safe.

Granted, though, that most of the pirated software (never movies or music, which will always get you into deep legal troubles, was for bootlegged and modified Windows installs. Now that I'm on a Mac full time, there's no pressing need since there's very little bootleg software available, anyway.

Vincent Berg ๐Ÿšซ

@Michael Loucks

Also, given the way the most current version of Mac OS works, it would be nearly impossible for the OS itself to be corrupted, and even more unlikely for the recovery partition to be corrupted.

It's much more difficult, but with an all new class of 'warrior hackers' (permanently employed by foreign governments and shielded from foreign prosecutions, it's becoming increasingly common, with the necessary code freely shared online across a wide variety of sites.

Thus, all the vaulted Apple system integrity only buys you about a year or two of safety, which is why it's important to stay off the internet as much as possible, especially during the hours that most Russian, Chinese and Ukrainian operatives are likely to access it.

Local hackers can typically access the same software, but don't have the brute-force attacks the government-sponsored hackers do.

Replies:   Michael Loucks
Michael Loucks ๐Ÿšซ

@Vincent Berg

Thus, all the vaulted Apple system integrity only buys you about a year or two of safety, which is why it's important to stay off the internet as much as possible, especially during the hours that most Russian, Chinese and Ukrainian operatives are likely to access it.

There is no such thing as 'standard work hours' for hackers. They adapt to their target.

That said, it isn't necessary to stay off the internet. A NAT router with a firewall, proper system updates, and a modicum of care and you can be safe. A good setup is to have a firewall device (like this: SG1100) inline between your router and your WiFi device. Breaching that kind of network security, as well as the local security on the Mac, is tough even for state-level actors. Add in using a VPN and running your own mail server with appropriate anti-spam and anti-virus software, makes it such that those state-level actors would be better served buying a plane ticket.

It's more likely someone will break into my house and use the thunderbolt port to suck out the contents of my hard disk than for a remote hacker to access my machine. There are some mitigations for that attack, but not many. The only defense is a powered-off machine with an encrypted drive and firmware password.

Vincent Berg ๐Ÿšซ

@Dominions Son

This presumes you actually have install media for the OS. Most people don't with Windows or Apple systems bought as complete units.

You can download the installation as a separate file (using system specific commands). These allow you to install the software on external drives to 'test out' Beta Software, yet still retain the ability to reinstall your old OS in case you encounter significant issues with the newest version.

This is common practice, and operates on ALL machines, you just have to know how to authorize it to download rather than perform a direct install.

Vincent Berg ๐Ÿšซ

@ystokes

I admit I do not know how the mechanics of ransomware works but couldn't you just replace the hard drive with a new one and while off-line hook your old drive up as a external HD and move most your information to the new one.

If Ransomware was that easy to bypass, then it would be easily solved. Instead, they only inform you that you've been targeted, once your computers have been compromised. So, rather than simply locking a single directory, or drive, they load something into the computer's root (the protected portion that no one can access), so that even after a complete reinstall, you are still infected by the mysterious key logger (which you can't view), which downloads the ransomware code and reinfects your system all over again.

If this happens, there are a couple trusted sites (companies who create legitimate keyloggers for employers to track employees), which offer key-logger sniffers. But, if they turn up nothing, than there's no hope to recover your machine, as the code is buried too deeply to be detected or replaced by a reinstall. At that point, you're toast!

But, to answer your question, after my recovery software couldn't determine where the keylogger was hiding, I took my computer offline (where the hackers can no longer 'activate' the ransomware), and then backed everything up to an external drive to transfer to another machine. But again, you pretty much have to assume that most of the executable and installation software has also been infected (to allow them to capture the new machine), so you begin can ONLY access the codes/programs you'd previously transferred to the 'safe' machine.

As you can see, it get really complicated, quickly.

Replies:   Michael Loucks  joyR
Michael Loucks ๐Ÿšซ
Updated:

@Vincent Berg

As you can see, it get really complicated, quickly.

For the scenario you described to happen, it would require that the system firmware be compromised. That's orders of magnitude more difficult than compromising the operating system.

Generally speaking, if you replace the internal storage (HD or SSD) nothing can survive. Recent Macs (which I know best, my MCSE expired twenty years ago) have signed firmware and it's nigh-on-impossible for it to be compromised by anything the user does (including 'hackers'). Hell, I've configured my Mac so that you can't even downgrade the firmware or operating system.

Is is perfect? No software is. Can it be exploited? Any software can. What are the odds of the firmware being modified to include a keylogger? Infinitesimal, and I know of no cases of this happening on any Mac which has the T2 chip.

Windows machines have similar secure boot features, but I don't know enough about them to speak with any kind of authority.

Dominions Son ๐Ÿšซ

@Michael Loucks

Generally speaking, if you replace the internal storage (HD or SSD) nothing can survive.

Sure, you can swap out for a clean drive. But you lose all your data. You can't hook up your old drive even as a secondary drive without risking the new drive getting infected.

Replies:   Vincent Berg
Vincent Berg ๐Ÿšซ

@Dominions Son

Sure, you can swap out for a clean drive. But you lose all your data. You can't hook up your old drive even as a secondary drive without risking the new drive getting infected.

No, you can't restore the compromised OS, but if you have a dedicated (and secure) backup facility, like Time Machine, you can select your last-secure backup, and then only transfer data files (i.e. no executables) from the compromised system. But again, that presupposes you already have a backup system and that you regularly transfer your latest software downloads and updates, which very few of us do. In an emergency, a little paranoia tends to pay off!

@Keet:

"Great" and "high failure rate", that's contradictory. A failure rate of 20% is huge and would make it useless in my opinion.

They're often 'intermittent' failures, where rather than compromising ANY restores, they prevent you from accessing particular files, so you often have to make several attempts, restoring larger and larger swatths of individual files, until one succeeds. So far, I haven't had any system restores (even across machines) fail on me, but again, you've got to fairly regularly replace the drives as they lose a host of individuals blocks, which ultimately compromise the quality of the data. But, in most cases, the latest safe backup is still stable enough to work, while the older backups may not be.

Thus, they're more 'regular usage' errors than systematic failures.

Replies:   Dominions Son
Dominions Son ๐Ÿšซ

@Vincent Berg

but if you have a dedicated (and secure) backup facility

If you have a dedicated and secure backup.

Someone up thread suggested a new drive but then hooking the infected drive up to recover data directly from the infected drive using a clean system. That would likely just infect the clean system.

Vincent Berg ๐Ÿšซ

@Michael Loucks

For the scenario you described to happen, it would require that the system firmware be compromised. That's orders of magnitude more difficult than compromising the operating system.

Exactly, so today's hackers are orders of magnitude more advanced than the neighborhood kid seeing what he can get away with in his basement.

Again, my recent hack was a less than one-year old 2018 Mac Mini, which was regularly updated to keep the clearly identified vulnerabilities patched. So again, there is no longer any such thing as a 'secure' system, only more secure than most computers.

I've currently had three 'secure' Apple devices compromised, an older iPhone I no longer used and a newer iPad I'd already replaced, and the more recent less than 1-year-old Mac Mini T2 chip (which couldn't keep the hackers out of the root firmware code. If the code in the root firmware was at least detectable, I'd know how to respond and at least prevent it from operating/communicating, but some infections are simply too friggin' advanced, even for us supposed experts.

That most recent infection is the one that's really put me into 'high-alert' mode against any more system compromises, since these guys have been targeting me for some time, but they rarely succeeded, until now (and no, the infection was not the very public EvilQuest or ThiefQuest Mac hacks, as those were the first things I checked for.

A good setup is to have a firewall device (like this: SG1100) inline between your router and your WiFi device. Breaching that kind of network security, as well as the local security on the Mac, is tough even for state-level actors.

Yeah, that's the one thing I haven't installed that I really need too, but the VPN options for Macs are generally pretty limited, given the OS's restrictions on what they can control. And the vast majority of anti-malware apps only flag the particularly notorious websites, but won't perform any 'deep dive' security sweeps (I use CleanMyMac X, which regularly updates and performs thorough checks, but it didn't register either the key logger nor the compromised firmware).

Again, the way they initially gained access was through my NetGear router, which are fairly easily hacked to reveal ALL the connecting devices passwords, so yeah, and hardware middleman would be an important protection. Thanks for the suggestion!

Replies:   Michael Loucks
Michael Loucks ๐Ÿšซ
Updated:

@Vincent Berg

I would love to have the technical explanation of how what you claim has happened, as without it, I can't evaluate it. But forget that, I absolutely have to address this:

Yeah, that's the one thing I haven't installed that I really need too, but the VPN options for Macs are generally pretty limited, given the OS's restrictions on what they can control.

Absolutely not true in any way, shape or form. I use Mullvad (from Sweden) and it has full and complete control of ALL network access, without any special setup, special settings, or disabling any security features.

You can use a service like Mullvad and use their client, or use your own OpenVPN client or Wireguard client.

Now, if you're talking IOS, that's a different story. But MacOS has full VPN support (including full IPv6 support). Period.

Replies:   Switch Blayde
Switch Blayde ๐Ÿšซ
Updated:

@Michael Loucks

I didn't understand most of what was said, but I have a question.

My wife and I have a MacBook Pro. It's connected to the internet through a Netgear router. Mine is ethernet; my wife's is wifi.

Do I have to shut down every night to be safe?

And if I shut down, do I have to disconnect from the internet every night? I can't just unplug my router because my landline (phone) wouldn't work.

Replies:   Michael Loucks
Michael Loucks ๐Ÿšซ
Updated:

@Switch Blayde

Do I have to shut down every night to be safe?

Assuming your router is doing NAT properly (i.e. your IP address is 192.168.x.x or 10.x.x.x), no, you don't. My point about shutting down was only to prevent a local attack against thunderbolt ports.

Just make sure a) you have a good backup; b) you don't click on unknown links or open unknown documents; c) use Firefox with uBlock Origin enabled; d) use a password manager so you can use long (> 12 character) passwords; e) never reuse a password.

Using a VPN will make you even safer. I recommend Mullvad (no logging, completely anonymous if you use cash, which they accept). Full IPv6 support, not blocked anywhere I need to go.

Unless Mossad, SVR, CIA, or some other security service is after you, you're safe. If they are after you, you're f-cked no matter what.

Replies:   Switch Blayde
Switch Blayde ๐Ÿšซ
Updated:

@Michael Loucks

c) use Firefox with uBlock Origin enabled; d) use a password manager so you can use long (> 12 character) passwords; e) never reuse a password.

I use Safari and occasionally Chrome.

I don't use a password manager.

Unfortunately I reuse passwords.

But I thought this thread was about ransomeware hackers highjacking your computer, not getting at your personal data by getting your password.

ETA: The only software I downloaded not from the Apple Store is GIMP, Calibre, and Malwarebytes. I guess MS Office (Word, Excel), but I bought that through Apple and when they reinstalled my OS they downloaded it again.

Replies:   Michael Loucks
Michael Loucks ๐Ÿšซ
Updated:

@Switch Blayde

I use Safari and occasionally Chrome.

Safari is fine, but unfortunately you can't use uBlock Origin with it. Just get a good ad blockr from the App Store.

I don't use a password manager.

Unfortunately I reuse passwords.

You need to start using a password manager and stop reusing passwords. A hacker could easily hijack an account and in doing so, create all kinds of possible avenues for attacking your system.

I use Remembear, which works great, but there are many options (lastpass, 1Password). A good free, open source option is KeePassX.

But I thought this thread was about ransomeware hackers highjacking your computer, not getting at your personal data by getting your password.

There are plenty of attack vectors and you need to close all of them to the best of your ability. For a ransomware attack, you just need to click on the wrong link, or access the wrong site. Protecting your passwords is key. Ditto having good backups (encrypted, online+offline). I use both TimeMachine (locally) and Backblaze (remote).

ETA: The only software I downloaded not from the Apple Store is GIMP, Calibre, and Malwarebytes. I guess MS Office (Word, Excel), but I bought that through Apple and when they reinstalled my OS they downloaded it again.

Malwarebytes isn't all that good, but it's a start. CleanMyMacX is a great choice, along with ClamXAV.

IMHO, all of this is necessary to ensure you don't get caught!

joyR ๐Ÿšซ

@Vincent Berg

So, rather than simply locking a single directory, or drive, they load something into the computer's root (the protected portion that no one can access),

Umm. If no one can access the root, then the hacker can't either...

Replies:   Michael Loucks
Michael Loucks ๐Ÿšซ

@joyR

Umm. If no one can access the root, then the hacker can't either...

Exactly, though bugs do exist (cf the iPhone firmware problem that can't be patched and allows jailbreaking on iPhone 10 and earlier).

Back to Top

 

WARNING! ADULT CONTENT...

Storiesonline is for adult entertainment only. By accessing this site you declare that you are of legal age and that you agree with our Terms of Service and Privacy Policy.


Log In