Skip to content
Thoughtful, detailed coverage of everything Apple for 34 years
and the TidBITS Content Network for Apple professionals

Retrospect 18.5.2

StorCentric has issued Retrospect 18.5.2 with updates to Anomaly Detection. Introduced in version 18.5.1, the Anomaly Detection feature identifies changes in an environment that might be related to ransomware activity. The current release improves Anomaly Detection with detailed logging and the capability to suppress alerts for rolling synthetic full backups. The update also clarifies the immutable retention expiration log message, fixes an engine issue where client errors during the building snapshot phase stopped the entire script, fixes a bug that did not show internal drives when paths matched a share, and resolves an issue where favorite folders on Mac clients did not show up until engine restart. ($49 for Retrospect Solo and $159 for Retrospect Desktop new, free update, upgrade pricing available, 170 MB, release notes, macOS 10.8.5+)

Subscribe today so you don’t miss any TidBITS articles!

Every week you’ll get tech tips, in-depth reviews, and insightful news analysis for discerning Apple users. For over 33 years, we’ve published professional, member-supported tech journalism that makes you smarter.

Registration confirmation will be emailed to you.

This site is protected by reCAPTCHA. The Google Privacy Policy and Terms of Service apply.

Comments About Retrospect 18.5.2

Notable Replies

  1. TidBITS didn’t announce the Anomaly Detection feature when it was released in 18.5.1 on 15 February 2022; StorCentric subsidiary Retrospect “Inc.” seems to have made that release in a hurry. I’m still on Retrospect Mac 16.6, so I can’t test it. However Agen Schmitz left out any mention of “Script Hooks: Fixed issue where intervention file was not deleted (#9873)”. The “How to Stop a Backup” section of the Knowledge Base article “Extend Anomaly Detection for Ransomware with Script Hooks” says

    The administrator can use the AnomalyAlert script hook to know when an anomaly has been detected and then use the $interventionFile file within the launch script to stop the backup. See Script Hooks Examples for sample scripts. ¶ With this simple process, the administrator can stop a backup as soon as an anomaly is detected, without preserving the suspect files.

  2. We’re having a little trouble figuring out how much to say about Retrospect’s ransomware features. The problem is that they’re a great idea and seem very cool, but there is basically no threat to Mac users from ransomware at this point—it’s a Windows concern. I wrote about this in:

  3. A problem with your “it’s a Windows concern”, Adam Engst, is that the June 2020 MacWorld article you linked to in your 15 November 2021 issue cites examples of Mac ransomware that are mostly at least 5 years old. The exception is ThiefQuest / EvilQuest, which is as much an espionage/sabotage tool as a ransomware tool. And I think potential Russian sabotage was what motivated Retrospect “Inc.” to hurriedly release 18.5.2 on 15 February 2022. To see what I mean by “hurriedly”, read my posts from 20 February through 28 March in “Retrospect 13: a choice for backup of multiple drives to offsite rotation or cloud”—a thread I’ve maintained since 2015 in the Ars Technica Mac forum (I can’t remove the version number from the thread title after my 2016—when Retrospect cloud backup was announced—revision).

    A foundation of Retrospect is that its “backup server” Engine code has remained common to both its Mac and Windows variants since Fall 2009. Currently Retrospect’s Anomaly Detection feature looks—in the Engine’s Compare phase—for updates to files that change their extensions. That seems as though it’d be a Windows-only anomaly, but such changes’ purpose is to flag a file that’s been encrypted so the ransomware won’t encrypt it again—which would make decryption when the ransom has been paid impossible. However file-name prefixing is another possible method of flagging, but in any case IMHO a ransomware application that has been adapted for pure sabotage wouldn’t need to flag encrypted files.

  4. A problem with your “$119 for Desktop”, Agen Schmitz, is that the Desktop Edition price is really $159—because “All editions above Solo include Annual Support and Maintenance (ASM)” per Retrospect Backup 18 Licensing Changes. That’s the least part of a general Retrospect Version 18 de-facto price increase, which appears to have been motivated by StorCentric’s Drobo subsidiary being temporarily unable to deliver its hardware product because of supply chain disruptions. Part of that de-facto price increase is the restriction of features in the Solo and Desktop Editions, intended to make customers upgrade to the $549 Single Server 5 Edition—or $799 Single Server 20 Edition to continue tape backup.

    The implementation of one of those feature restrictions—the limitation of Solo and Desktop Edition “backup servers” to 2 and 4 concurrent script operations respectively per “Retrospect Backup: Compare Editions”—has resulted in a Version 18 bug that remains unfixed 9 months after customers reported it in Retrospect’s Mac Bug Reports sub-sub-forum. Retrospect Mac’s GUI is in a separate Console, which has long had an Allow __ Activity Threads preference setting that tells the Engine to limit concurrent script operations to a number that a customer’s “backup server”—often an old Mac—can handle. That preference setting used to be saved in the bowels of the running-so-long-as-machine-booted Engine, so that the Console—when it’s started and stopped like an ordinary application—would re-initialize it to its previously-set limit. Mac Version 18, in order to make sure that Solo and Desktop Edition customers don’t get more concurrent script operations than they’re paying for, re-initializes that preference based purely on the Edition license whenever the Console is started. Thus, whenever a customer with a license for more than the Desktop Edition starts his/her Console, the Engine reverts to running up to 14 concurrent script operations—likely more than his/her probably-old “backup server” Mac can handle without bogging down its CPU. As I edit this, 587 users have viewed the thread discussing this bug in Retrospect’s Mac Bug Reports sub-sub-forum—so I think the lack of a fix is a real problem.

    P.S.: The maximum in the Retrospect Mac Console preferences is Allow 16 Activity Threads for Editions more expensive than Desktop. However this has always seemed to mean 14 generated component Activity Thread sub-Scripts—plus one for a possible parent Proactive Script and one for the overall “backup server”. I don’t know how many generated component Activity Thread sub-Scripts are allowed for the Desktop Edition in Retrospect Version 18.

  5. I’ve updated the price for Retrospect Desktop to $159 to reflect the 1 year of ASM.

  6. Retrospect, because its “backup server” can back up both Windows and macOS “client” machines, raises an even-more-basic issue for the TidBITS “basically no threat to Mac users from ransomware” attitude. Especially in these days of Work From Home, it’s not unusual for a Mac-centric organization—household or small business—to also have Windows machines on its LAN that need to be backed up.

    The home I used to share with my now-deceased ex-wife was an early example of this. (Forgive some personal details; IMHO you wouldn’t believe this story without them.) My wife and I each had a Mac, and I used a third older Mac as the Retrospect “backup server” for both our machines. However my final job was as an applications programmer for the newly-acquired software subsidiary of a Teaneck NJ market research company. I directly reported to two bosses located in a suburb of Melbourne Australia, but their boss worked down the hall from me. At the end of 2001 I came down with shingles, and my bosses’ boss (who was Native American on his mother’s side and had some non-modern health beliefs) expressed fear—once I returned to my windowless Teaneck office after 3 days because I’d used up my 2001 vacation/sick leave—I’d give shingles (not merely chickenpox) to the other Teaneck employees when I got hot water from the break room for my tea. :face_with_raised_eyebrow: He ordered IT—who also reported to him—to build me a Windows 95 (our lowest-common-denominator work platform) “flat tower” with a slide-out HDD tray so that I could work from home, and to also give my office Windows 95 tower a slide-out HDD.

    IMHO he primarily needed an over-the-Internet “guinea pig” :face_with_hand_over_mouth: for market researcher employees who’d henceforth bring Windows 95 laptops to the offices of their corporate clients, and connect to the server-stored client data at our Teaneck office. My bosses’ boss was therefore happy when I decided to work from home on Wednesdays, given that I’d frequently also do a bit of work from home on weekends. At vast personal expense :rofl: I bought a chest-worn camera bag suitable for bus travel, so I could carry the slide-out HDD home on Tuesday and Friday nights and back to the office on Thursday and Monday mornings. I backed up the HDD at home using Retrospect early Thursday and Saturday mornings IIRC, because IT expressed annoyance with having to back it up—in addition to Teaneck’s central Windows server drives—as a supplement to my weekly two-way e-mail exchanges of code with Melbourne.

    What I did during 2001–2004 is what should be routinely duplicated in millions of WFH households—many of them previously Mac-only. (As an alternative Retrospect Inc. introduced in 2018 a Remote Backup feature, evidently designed for far-flung organization employees who can’t be trusted to backup laptops containing data valuable to the organization—when they move laptops between IP addresses.) So TidBITS shouldn’t cavalierly ignore Retrospect’s capability of backing up Windows “client” machines using a Mac “backup server”. Some of the Windows “client” machines will inevitably catch ransomware.

  7. Retrospect 18.1.0, on 17 June 2021, fixed the “backup server” Engine bug—for both the Mac and Windows variants—I reported in my 11 March 2022 post. “FIXED Concurrent Executions: Fixed issue where the number of execution units could not be reduced (#9435)” However a corresponding kludge in the Retrospect Mac Console has not been fixed as of the latest Retrospect Mac release on 24 March 2024. Definitely—when on 22 December 2022 Retrospect Mac and Windows 19.1 enhanced the Engine with “IMPROVED Increase maximum [my emphasis] execution units from 16 to 64”—Preferences->General->Allow _ Activity Threads in the Retrospect Mac Console had already been changed from a dropdown to a simple numeric entry field. This almost certainly was changed several major releases earlier, when maximum [my emphasis] execution units was enhanced in the Engine from 8 to 16, because there was no dropdown in 18.1.0 when I tested it. The kludge in the Mac Console Preferences is that to make that numeric entry effective you must—weirdly—hit either Enter or TAB. This tripped up an Italian user of Retrospect Mac, and tripped me up later when I did a test.

    The problem is that almost all Retrospect administrators run “backup servers” on old Mac or Windows machines that don’t have the RAM—or the processor speed—to run 64 Activity Threads (Execution Units in Retrospect Windows) at once. Although licensees of the comparatively-cheap Desktop Edition are Engine-limited to 4 Activity Threads, most installations backing up multiple clients via Proactive or Remote Backup scripts are licensees of more-expensive Retrospect Mac Editions that default to the maximum 64 Activity Threads. It now appears this kludge has tripped up close to 100 administrators.

Join the discussion in the TidBITS Discourse forum


Avatar for ace Avatar for agen Avatar for DavidH Avatar for DavidH1