Malware and local backups

Discussion in 'backup, imaging & disk mgmt' started by brians08, May 23, 2014.

Thread Status:
Not open for further replies.
  1. brians08

    brians08 Registered Member

    Joined:
    Apr 27, 2008
    Posts:
    40
    For various reasons (topic for a different thread) I am having trouble setting up and maintaining network backup storage so I am saving backup images on local disks for now. I know this makes the backup more vulnerable to malware but not sure how much more.
    For example, I have set up Acronis TI to back up the system partition on a second partition on the disk. I found that I can remove all users except for System on this second partition and still have TI able to save images there.
    What I am hoping is that malware would be blocked from accessing the image files. I am running Windows7 and typically operate in a restricted account so, in theory, any malware would not be able to read/write what is on the backup partition.
    I am particularly concerned about things like Cryptolocker that might try to prevent me from restoring an image file by encrypting or destroying it.
    Of course there is the Trojan Horse malware that could trick me into entering the admin password but I hope I am smart enough not to do that!
     
  2. Brian K

    Brian K Imaging Specialist

    Joined:
    Jan 28, 2005
    Posts:
    8,647
    Location:
    NSW, Australia
    brians08,

    You are a brave man with the backup on the same HD as the OS. What happens if the HD fails?

    I suggest creating your backups to two separate HDs. One internal and one external. Only connect the external HD during backup time.
     
  3. brians08

    brians08 Registered Member

    Joined:
    Apr 27, 2008
    Posts:
    40
    I really just want to know whether to expect malware to be sophisticated enough to gain system permissions and access the restricted image files. Maybe I could remove all permissions then have a task scheduled that would add system permission during the backup window then remove it again when complete?

    That is not the only backup of the OS. I have 2 thumb drives in a drawer. One has a copy of the factory restore image and the other has a the initial TI image after initial installs and configuration.
    What is on the second partition are the weekly rolling incremental backups. These exist for the purpose of recovery of software issues such as malware infection, new driver conflicts, etc...

    Yes, I would like to have a NAS to send these incrementals to but I have tried that and it didn't work. The NAS units that will work are out of my price range (cost more than the laptop I am protecting). Even then, these higher end NAS servers don't do everything. For example, I would like the server to sync with the backup schedule. I want a NAS that is locked down unless there is a backup occurring. It wold unlock the storage disk 5 minuts before the scheduled backup and, when the backup was finished, would lock down again. Something like a time lock safe. I'm sure this could be done but would require a dedicated LINUX server and many hours of configuration. Prohibitively expensive for me.
     
  4. Brian K

    Brian K Imaging Specialist

    Joined:
    Jan 28, 2005
    Posts:
    8,647
    Location:
    NSW, Australia
  5. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    With your current scheme, you could use a sync program like FreeFileSync to periodically sync the incrementals on the 2nd partition to a thumb drive, which you could alternate round-robin.
     
  6. MisterB

    MisterB Registered Member

    Joined:
    May 31, 2013
    Posts:
    1,103
    Location:
    Southern Rocky Mountains USA
    It is not impossible for malware to infect an image file but it is unlikely. There are many different formats and the malware would have to know at least several of the most common. The article Brian posted pretty much sums it up.

    I keep a copy of the system image on the the data partition of the same computer it was made from for convenience, always the most recent image, but I always have a copy of it plus several previous images on an external hard drive.
     
  7. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    True, but encryption, deletion, or other corruption of image files is another matter.
     
  8. Keatah

    Keatah Registered Member

    Joined:
    Jan 13, 2011
    Posts:
    853
    Malware would more likely mess up the file headers or first and last few sectors of a large image file, *if* that's what it's targeting. More insidious would be flipping random bits in random files. Quietly. Or it could zero-out a few sectors and call it a day.

    In the current climate, malware doesn't usually target backups.

    Personally, I prefer occasional offline imaging via boot disc in round robin style. And then filesync for small and frequently changed data - like my personal journal, photos and other stuff. I've made it a point to do backups when time permits so as to avoid falling victim to an annoyingly strict schedule, getting pissed, and doing nothing.
     
    Last edited: May 25, 2014
Loading...
Thread Status:
Not open for further replies.