[theamk]

Once you add backup in the picture, the local users are great. My main account can have all the ransomware it wants, all the backups are gong to stay intact, so I can restore the files.

* in the real life, there is “sudo hole”, but this can be fixed within the current user concept.

[AnIdiotOnTheNet]

I'd rather prevent ransomware from working in the first place. Local backups are hardly sufficient anyway.

[theamk]

Why won’t local backups be sufficient against ransomware? Is it because of privilege escalation attacks?

I was under impression that even with zero days, using modern distribution and auto updates will minimize the amount of time the system is vulnerable, so for most of time, it will be sufficient.