Bombich Software offers a range of backup and cloning software for Mac OS platforms. The company’s main product, Carbon Copy Cloner, was the first software to allow the creation of a bootable Mac OS X backup. The cloner supports block-level clones for fast upgrades; takes incremental backups of items that have only changed after the last. Get 12 Bombich Software coupon codes and promo codes at CouponBirds. Click to enjoy the latest deals and coupons of Bombich Software and save up to 50% when making purchase at checkout. Shop bombich.com and enjoy your savings of April, 2021 now! Overview of Bombich Software Inc., Carbon Copy Cloner Carbon Copy Cloner backups are better than ordinary backups. Suppose the unthinkable happens while you're under deadline to finish a project — your Mac is unresponsive and all you hear is an ominous, repetitive clicking noise coming from its hard drive. Founded in 2002, Bombich Software has been a leader in backup and cloning software for Mac OS X for over 10 years. Our main product, Carbon Copy Cloner, was.
At its core, Carbon Copy Cloner is a product that is designed to make bootable backups of your Mac's operating system. In order for CCC to be able to make copies of system files, CCC needs to have the privilege of copying files that can't be read nor written by just any user – CCC requires elevated privileges to copy macOS system files. Likewise, CCC is often tasked with copying the data associated with multiple users. macOS prevents you from accessing files that belong to other users. If you, as the administrator of the Mac, want CCC to back up everybody's files, then again, CCC requires elevated privileges.
Acquiring elevated privileges on macOS
There are a few different ways to perform a task on macOS with elevated privileges. The simplest – and least secure – method to do this would be to prompt the user to authenticate when he opens the application, and then relaunch the application as the 'root' user. The application would then have all of the privileges it needs. This would grant far too much privilege, though, because it also gives the user (or malware that is exploiting the application) privileged access to other users' files.
A better way to securely acquire elevated privileges is to isolate the code that requires those privileges into a separate, 'faceless' application. This is a common practice known as privilege separation. Even here, though, there is a right way and a wrong way for the isolated application to gain elevated privileges. The antiquated technique is for the parent application to ask for administrator authentication, then change the owner of the privileged application to the root user, then set a special mode on that application that allows that application to run with the privileges of the owner of the application (root). While this is a popular technique on Linux and much, much older versions of Mac OS X, there is still a significant potential vulnerability with this approach – any user can open that privileged application and potentially use it as a puppet to perform privileged tasks. Apple specifically discourages this practice:
setuid
and setgid
bits for the executable file, and sets the owner and group of the file to the privilege level it needs (often with the root
user and the wheel
group). Then when the user runs that tool, it runs with the elevated privileges of the tool’s owner and group rather than with the privileges of the user who executed it. This technique is strongly discouraged because the user has the ability to manipulate the execution environment by creating additional file descriptors, changing environment variables, and so on, making it relatively difficult to do in a safe way.Adhering to a higher standard of security
Starting in Mac OS X 10.6 (Snow Leopard), Apple introduced a more secure paradigm for performing tasks with elevated privileges. Rather than blindly granting privileged access to an application, developers can ask the system to install a 'privileged helper tool'. macOS then invokes the privileged helper tool on demand, and the calling application can only communicate with the helper when it has met stringent requirements:
- The calling application and the privileged helper tool must be code signed (and valid)
- The calling application must be one of the applications that is specifically approved to make requests to that specific helper
- The calling application must have a valid authorization reference
These requirements prevent unauthorized use of the helper tool and they prevent maliciously modified applications from making requests to the helper tool.
CCC has leveraged a privileged helper tool since version 3 and Mac OS X Snow Leopard – right from the start. This architecture is not only more secure and future-proof than using setuid binaries, it also affords us, for example, the ability to perform backup tasks when no users are logged in to the system.
Related Documentation
Some antivirus applications may prevent Carbon Copy Cloner from reading certain files, mounting or unmounting disk image files, or, in general, degrade the performance of your backup. In some cases, antivirus applications can even affect the modification date of files that CCC has copied, which will cause CCC to recopy those files every time as if they have substantively changed. In another case, we have seen such software create massive cache files on the startup disk during a backup, so much so that the startup disk became full. We recommend that you temporarily disable security software installed on your Mac (e.g. for the duration of your backup task) if problems such as these arise.
If CCC reports that antivirus software may be interfering with your backup task, here are some troubleshooting steps that you can take to resolve the problem:
- Determine whether the files in question are being quarantined by your antivirus software. Perform a system scan with your antivirus software and address any issues that are reported. Please refer to the Help documentation associated with your antivirus product for more information.
- If the problem persists, try running your backup task with the antivirus software temporarily disabled.
Bombich Software Sales
If the antivirus software's behavior cannot be resolved, you may be able to workaround the problem with an advanced setting. Select your task in CCC's main application window, then:
- Click the Advanced Settings button.
- Check the Don't update newer files on the destination option in the Troubleshooting box
- Save and run your task.
Bombich Software
If these steps do not address the issue, or if you do not have antivirus software installed, please open a support request and we'll do our best to help you resolve the problem.
'Real time' protection scanning and Digital Loss Prevention applications have significant performance ramifications
We regularly receive reports that the backup task is running too slow, only to find that some 'real time' protection application is directly causing the problem by taking too long to either scan content that CCC is writing, or by taking too long to permit the filesystem requests that CCC makes to the source or destination. While these applications do provide a valuable service to protect your Mac from malware, they're doing a disservice if they're interfering with backups.
The following applications are frequently implicated in these scenarios:
- Symantec DLP (com.symantec.dlp.fsd)
- Avira (avguard-scanner)
- Sophos File Protection (OnAccessKext)
Problem reports related to antivirus software
- System hangs during scheduled backup task (Sophos)
- Backup task is slower than it should be (VirusBarrier)
- Slow performance during backup (F-Secure)
- BitDefender may generate excessive read activity on the destination volume during a backup task, and may cause the destination device to spontaneously eject. Add the destination volume to BitDefender's exclusion list to avoid the problem.
- We have received a report that agreeing to Webroot SecureAnywhere's request to 'remove threats' during a backup task can produce a non-bootable backup.
- Little Flocker (now Xfence) can interfere with some of the subtasks required (e.g. creating a kernel extension cache, blessing the destination) to make a cloned system volume bootable.
- We have received and confirmed a report in which Sophos CryptoGuard can have a debilitating effect on system performance while running a backup task.
- We have received several reports that McAfee's FileCore and Symantec's Data Loss Prevention software can cause the backup task to hang or to take a very, very long time. The applicable daemon processes may also consume an exceptional amount of CPU during a backup task leading to debilitating system performance for the duration of the task.
- We have received a report that ESET Endpoint Security can cause the backup task to hang or to take a very, very long time.
- We have received a report that Bit9 Carbon Black can cause the backup task to hang or to take a very, very long time.
- We have received a report that TrendMicro's 'filehook' service can cause the backup task to hang or to take a very, very long time.
- We have received a report that Cylance's 'CyProtectDrvOSX' kernel extension can cause the backup task to hang or to take a very, very long time.
- We have multiple reports in which CoSys Endpoint Protector prevents CCC from backing up a pair of video-related system files (e.g. /Library/CoreMediaIO/Plug-Ins/DAL/AppleCamera.plugin).
- We have received reports that Avira antivirus may terminate CCC's file copier resulting in an incomplete backup. Avira 'Real time protection' will also cause the backup task to take a very long time and consume an exceptional amount of CPU resources.
Antivirus Software concerns regarding the BaseSystem.dmg file
There is a file named 'BaseSystem.dmg' on the Recovery volume associated with your Mac's startup disk. That disk image file contains the lightweight recovery operating system that is used when your Mac is booted in Recovery mode. At the beginning of every backup task that backs up a startup volume, CCC mounts the recovery volume and creates an archive of the data on that volume. Copying the 'BaseSystem.dmg' file is part of that procedure. CCC stores an archive of the recovery volume at /Library/Application Support/com.bombich.ccc/Recovery on the startup disk so that the archive can be included in the backup of that volume.
We have received some reports of users seeing a dialog window (presented by antivirus software) reporting that 'the BaseSystem.dmg disk image is being opened', perhaps with a suggestion that the disk image contains a virus or malware. This dialog appears and disappears very quickly, and some users are understandably concerned about the presence and erratic behavior of that dialog. Lacking any creditable information from the AV software, users naturally turn to the Internet, and unfortunately are greeted with terrible advice and misinformation. The BaseSystem.dmg file is not a virus. You should not attempt to delete parts of the operating system.
Bombich Support
Users that have attempted to delete that file are prompted for admin credentials, and the deletion attempt still fails. Contrary to what AV software purveyors may claim, the prompt for admin credentials is not coming from a virus, it's coming from macOS because you're trying to delete system files. The attempt to delete system files subsequently fails thanks to macOS's System Integrity Protection. This is not an attempt to get your admin credentials, it's normal macOS system processes working to protect the operating system. The BaseSystem.dmg file is not a virus. You should not attempt to delete parts of the operating system.
If you're seeing a dialog related to the BaseSystem.dmg file and it occurs at the beginning of a CCC backup task, this is a false positive from your antivirus software. Please contact your antivirus application vendor and ask them to fix that. Making a backup of the BaseSystem.dmg file is not something that should be brought to your attention.