I know that this is similar to this questionthis question, but I don't believe it's a duplicate.
You have a program that automatically makes regular backups of all your files to a folder or mounted drive.
Let's say you configured your system so that the only process that has write access to that folder/drive is the process that performs the backups.
Would this significantly decrease the likeliness that various ransomware programs would be able to touch the contents of that drive/folder?
Would it at least protect against ransomware programs that run without root/administrator privileges?
Is there any chance at all it could even protect from those that have acquired root/administrator privileges? (Do most ransomware even have that?)
I guess in a really bad scenario, where the ransomware is very cleverly written and equipped, there is nearly always a chance that it could use various ways to get around most things. While that is interesting, I'm mostly interested in a practical situation, and what may actually happen if real life ransomware was confronted with such a situation. (Write access to backup directory is limited to only the process that does backup.)
If this would indeed help protect us, is it relatively easy to set it up on various desktop operating systems?
I'm not only interested in Windows, as there has also been confirmed cases of ransomware on Unix/Unix-like operating systems.
