by Mike | March 8, 2016

Recently Palo Alto Networks reported a "ransomware" threat to Mac users named "KeRanger". After reading their analysis I found myself deeply concerned. Ransomware threats are nothing new, but I realized that this is probably the closest I've felt to the seedy world of cyber terrorism. Up until now all of that seemed to be aimed at governments, defense departments, big corporations... Windows users! Here we are, though, it's at our doorstep, and our neighbors are already victims. I received an email from a CCC customer yesterday that started with:

I happen to be one of the people who got hit with the ransomware hacks.

Yikes! I was not expecting a good outcome here. Thankfully, the rest of the email was:

Luckily I had a CCC of my drive and booted off that, deleted the ransomware files and was fine.

While this threat appears to be mostly contained at the moment, I think everybody should take some time to examine their defenses against this sort of attack. Having a backup is an obvious first step, but there are some additional steps that you can take to protect your backup too.

Protect yourself from ransomware

This particular ransomware attack is fairly clever. It lies dormant for a few days, then starts to encrypt your documents. It targets documents on externally-attached hard drives as well, and (in future developments) may even target Time Machine backups. CCC backups on external disks are vulnerable, as well. We have some suggestions that can help protect your backups from this sort of threat.

Keep your backup disk unmounted as much as possible

KeRanger targets volumes that are currently attached to your Mac and mounted. Physically detaching your backup disk from your Mac is the most effective way to protect that disk from attack, but it makes your backups more laborious, and you're less likely to keep them up to date. You can configure your CCC backup tasks to run a postflight shell script to eject the destination after the task runs:

  1. Download our "Eject Destination" shell script
  2. Move the shell script to /Library/Application Support/com.bombich.ccc/Scripts on your startup disk
  3. Open CCC and select your backup task
  4. Click the "Use Advanced Settings" button at the bottom of the window
  5. Click the button to choose a shell script in the "After Task Runs" section and select the script
  6. Save your task

You can then eject your destination volume and leave it unmounted. CCC will automatically mount the destination when the backup task is... Read More


by Mike | February 10, 2016

A security vulnerability was recently reported on the Sparkle framework that many applications, including CCC, use to manage application updates. The report indicates that applications using non-secure (e.g. http rather than https) URLs to retrieve application update information could be vulnerable to a "man in the middle" attack.

We don't use any non-secure URLs within CCC, and that has been the case for a while. To be very specific in regards to the reported Sparkle vulnerability, CCC uses an HTTPS URL when checking for and downloading updates and release notes. In fact, as of CCC 4.1.5, it's not even possible for CCC to use an insecure (HTTP) URL, OS X El Capitan would forbid access to that resource.

Download CCC 4 today and make a bootable backup of your Mac!

by Sarah | December 22, 2015

We will be closing December 24 at noon EST and remain closed December 25. We will also close December 31 at noon EST and remain closed January 1 to spend the holidays with our families.

Limited staff are available to respond to customer requests until January 4. We appreciate your patience if it takes a bit longer for us to respond than is typical.

by Sarah | December 15, 2015

When we released Carbon Copy Cloner 4, we were thrilled to finally deliver so many of the features our customers have requested over the years. Customers have definitely noticed and we need to expand our team to match our customer growth. If you know any great OS X developers, please share this job opening!

There are six of us on the team and we're a tight group. Even though we live all over the country, we collaborate a lot using Slack, Evernote, Google Docs, and Zendesk. We genuinely care about what we're doing and customer service matters to us - a lot. We take great pride in our work; that said, we care about non-work stuff, too, and want everyone on the team to have plenty of time away from work to actually have a life. Sure, sometimes we have a product release or there is an OS X release and we all work extra for a few weeks, but that is the exception and not the rule.

I am admittedly biased, but I think we offer a pretty great place to work. We all work remotely (think no commute, live anywhere, flexible hours, no boring meetings, easy to schedule appointments during the day, no worries if a kid has to stay home sick from school) and use the best and newest technology and tools. We're always hanging out on Slack, discussing important things like our website, online store, CCC, reaction gifs, the numbering of interstate exits in New England, lobster traps, Old Yeller and sharks. We get together for a family-friendly team meeting once a year and move it around each time (past meetings have been in Austin, Western Massachusetts, Cape Cod and Long Island).

Here are some fun facts about Bombich Software

  • Founded over 10 years ago
  • We've grown entirely by word of mouth, with a tiny bit of advertising in the past few month
  • CCC is offered in seven different languages
  • Our customers span more than 170 different countries
  • Many of our support requests are in foreign languages that we don't speak; Google Translate results rarely let us down insofar as they are bizarre and fun to decode
  • Everyone on the team helps with customer support

One quick thing, we are interested in candidates that can work at least part of their day between 9am and 5pm EST and can legally work in the United States. We already deal with the regulations of four different US States (plus the federal government) and while we'd love to hire a non-US employee, we're concerned about following all the rules correctly.


If you're sold, here's some more info about the actual job: 

What you'll be doing:

  • Perform day-to-day bugfixes and improvements
  • Be a part of the entire app life cycle - concept, design, build, deploy, test, release and support
  • Assist with new feature development

What you need for this position:

  • At least 5 years of commercial software... Read More
by Mike | December 2, 2015

We hear this concern frequently:

"I'm considering buying CCC, but I am concerned that a new OS will come out and I will be asked to purchase a new license to continue using CCC."

Generally when a new OS is released, we offer a free update to CCC that allows users to continue using it with the same license on the new OS. That has been the case with 8 out of the last 9 major OS releases over the last 13 years, with the notable exception being Yosemite, which broke CCC 3. That being a recent experience, many users share this concern. I would like to succinctly alleviate these concerns with the following statements:

CCC 4 will be qualified and supported on OS X 10.12. We will issue a free update for that OS, just as we did for 10.11 El Capitan.

CCC 4 license holders will not be prohibited from using CCC 4.1.5 (or later) on OS X 10.13 and later

In the past, CCC refused to open on newer OSes* because we were concerned that a future OS version would break CCC in a manner that could lead to data loss. CCC 4.1.5 introduces a mechanism that can proactively warn users if this situation arises, so we no longer restrict that version of CCC from running on a future version of OS X. If you're interested in the longer version of this explanation, see this article: Coping with Apple's pace of innovation in an application that can delete files.

* Again, though, understand that CCC 3.5.7 was broken on Yosemite. While the aforementioned restriction would prevent that version of CCC from opening on Yosemite, it was the underlying architectural limitations of CCC 3.x that made it not work on Yosemite.