If we know the exact moment a system was infected by a virus, would a simple rollback via Time Machine fix it?

What follows is an extreme scenario, simply to better understand the extension of Time Machine's utility.

Let's assume that up to this moment our system is fully backed up via TM and is not infected.

Now, if we intentionally infect it with a file we know is a virus and let it spread, can we simply just use TM to revert to the last backup before infection and guarantee there are no traces of the virus?

Yes, no, or it depends?

On a more realistic approach, what I wish to accomplish, is test several new apps I have never used before. Some of them might be closed source and/or sketchy. I was thinking, I could install them, test them and after I'm done, either keep them or just simply rollback via TM. Would that work, or would traces of those apps be left behind?

Solution 1:

If things are sketchy, what prevents them from infecting your TM history as well?

More secure options

• Test things within a VM (ideally without shared drives etc).
• Make a full-image backup of your Mac, make sure you can restore it and then unplug the backup drive from your Mac. Once done with the tests, wipe your Mac and restore the backup.
• Get a separate Mac for tests