Why would that tip the scales versus Time Machine? Time Machine should provide the same protection as Arq, i.e. versioned backups from before the ransomware attack should be safe.
I know there was some hue and cry a little while ago about Mac ransomware that can encrypt network drives and external hard drives, but there's a reason why the _encrypt_timemachine routine was an unused stub. From what I understand, Time Machine has protections built into the kernel that prevents existing backups from being modified. New backups after the ransomware attack would obviously end up backing up encrypted data, but the existing backups should remain untouched.
Time Capsule's drive is just another network drive. The data could be easily erased. There's also a button in the Airport Utility that nukes all data on the drive. There is no reason for me to believe that this button could not be triggered by rouge software.
It would be nice if you could provide citations to the opposite.
It's not "just another network drive". It's mounted specially by the OS. Sure, if you mount the drive like a normal network drive then the protections might be lost (but maybe not; it's plausible that the protection takes the form of an xattr that prevents modification, so mounting it using any mechanism that respects xattrs might preserve the same protection. I'm not at home right now or I'd check up on that). But you don't normally mount your Time Machine backup volume as a normal network volume, and the malware shouldn't be able to do it either (since it doesn't know the password).
I'm not familiar with the button in AirPort Utility that you mentioned. I assume you're talking about a Time Capsule? I don't have one of those, I use a Synology NAS as my Time Machine destination, so I'm not familiar with the button in question. That said, presumably triggering that functionality requires having the base station password, and if you want to speculate about the software actually causing AirPort Utility to launch and manipulating its UI in order to try and literally press the button, that kind of functionality would require the user to grant Universal Access permission to the rogue software (the Accessibility permission in the Privacy tab of the Security & Privacy preference pane).
In any case, if you're talking about theoretical attacks where the software figures out how to actively mount a network drive that isn't already mounted in order to wreck it, then you may as well speculate about it figuring out how to delete data from your Amazon S3 bucket (or whatever other cloud provider you use as an Arq destination).
>if you're talking about theoretical attacks where the software figures out how to actively mount a network drive that isn't already mounted in order to wreck it, then you may as well speculate about it figuring out how to delete data from your Amazon S3 bucket
Yeah, and that is precisely where I started my question. To quote (from the post you have replied to):
[...] I see that the AWS S3 IAM user has both read and write access, so if the ransomware authors ever bother with it, they can kill the backups. [...]
I know there was some hue and cry a little while ago about Mac ransomware that can encrypt network drives and external hard drives, but there's a reason why the _encrypt_timemachine routine was an unused stub. From what I understand, Time Machine has protections built into the kernel that prevents existing backups from being modified. New backups after the ransomware attack would obviously end up backing up encrypted data, but the existing backups should remain untouched.