Protecting my Backup

Discussion in 'privacy technology' started by HoLmEc, Aug 1, 2014.

Thread Status:
Not open for further replies.
  1. HoLmEc

    HoLmEc Registered Member

    Joined:
    Sep 30, 2004
    Posts:
    17
    Hello everyone,

    I usually back up my Microsoft Office documents, .pdfs and images to an External HD. I am afraid that, if my computer gets infected by a malware/ransomware, and it has a payload of deleting files or locking down files by encription, it could not only harm my computer, but also my files on the External HD (I keep it connected to my PC regularly, because I have many things to back up).
    For this reason, I'd like to make the files on my External HD undeletable, read-only and protected against any attempt to hijack/encryption by a ransomware.
    I wonder if there is any kind of software that could let me achieve this aim.

    I greatly appreciate if someone could help me out. Thanks!
     
  2. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,054
    I may be missing something, but if you do that you won't be able to back, so why not just turn the drive off, and periodically turn it on and backup. I do this once a day and it works fine.

    Pete
     
  3. Robin A.

    Robin A. Registered Member

    Joined:
    Feb 25, 2006
    Posts:
    2,283
    Yes. Don´t keep the external disk connected permanently. Also, consider alternating your backups between two external disks, or complementing them with cloud backups.
     
  4. blainefry

    blainefry Registered Member

    Joined:
    Jan 25, 2014
    Posts:
    165
    I was thinking that myself. It's not much of a "backup" if it's constantly connected both to a power source and the source machine, and physically sits right next to it.

    You're not really protecting against much in that setup, aside from maybe accidental deletion. But even then, what's to say you won't accidentally delete it from both places? Not to mention, deleted stuff can be recovered anyway. So the only thing you're really insuring against in this scenario is complete and utter failure of one drive, rendering it totally unrecoverable...but it has to reach this state in such a way that a drive connected to the same computer and (I'm assuming the same power source), and sitting right next to it won't be affected. Kind of a stretch.

    1) As others have suggested, keep a schedule to backup periodically (maybe once per day) and only plug external drive in for the duration of that backup. If it's not backing up, disconnect the external drive and at least keep it in a different room.

    2) Consider an online backup service. Backblaze and Crashplan both offer unlimited backup for about $5/month, and their client software constantly backs up new files in real time.

    http://Backblaze.com
    http://Crashplan.com

    P.S.
    My thread on backup:

    Backing up data, keeping it private
     
  5. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,054
    I use crashplan, and with it you can backup to both cloud and other drives.

    Pete
     
  6. HoLmEc

    HoLmEc Registered Member

    Joined:
    Sep 30, 2004
    Posts:
    17
    Thanks for the quick reply, guys. I apologise for not being clear. I actually turn the drive off, and periodically turn it on for a backup. So, it's not permanent. The problem is that I am a bit paranoid :confused: and am worried that, at the exact moment I am making my backup, my External HD gets infected. What bad luck for me if that happens, maybe the probability is very low. But what makes me think this is: I know that some viruses attempt to spread all over the local networks, pen-drives, in order to maximize their infection. So, maybe the virus is programmed to infect any new drive that is connected to the computer; in this case, my external HD would get infected as soon as I turn it on, no matter if I keep it turned on for only some minutes.
    As for cloud storage, I get scared when I remember what happened to Megaupload.com. Although I'm not uploading anything illegal or copyrighted, I fear that the site could be hosting copyrighted material, so it may get shut down. Also, the site's owner may feel like shutting it down in the future and I'd lose everything I have accumulated for years. You know, cloud storage makes you depend on a third party and they may fail in the future... I own a small business, so privacy is important for me, and despite those sites having encryption, you never know.. But, I am being paranoid again... Anyway, I am really considering having cloud storage as a second layer of protection.

    Thank you all again for helping.
     
  7. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,089
    I think there are some techniques that could be used to reduce the chances that [files on] an external drive will be harmed, but I haven't given them much thought. When the hypothetical involves opening such a device and its files to a system that has been compromised in some way, it is tough to rule things out.

    One potentially beneficial approach would be to eliminate the normal system from the equation by booting/using an alternate environment and backup tool. Similar idea to performing antimalware scans using bootable rescue CDs, using bootable firmware update tools, etc.

    A proper backup solution would involve multiple, potentially numerous, physically/electrically separated and isolated storage devices for holding copies of your files. It would also involve verification that the backups you make are actually OK. Thus, I think there should/would be some inherent protection against the scenario you are concerned about. If, for example, there was a malware or other problem while you backed up to BackupStorage1 which took out both your system and BackupStorage1, you should still have BackupStorage2 through BackupStorageN to fall back on. Some of which should be offsite and at a great enough distance to offer protection against the complete destruction of one facility, a localized disaster, etc. Which doesn't by definition mean you need or should use someone else's server/cloud for backups. You'll have to consider your options for yourself. Generally speaking, all files including backups... especially those that will sometimes leave the areas under our physical control... should be protected by some reputable encryption so as to offer some protection against theft or loss.
     
  8. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    1,957
    Location:
    DC Metro Area
    Well I'll tell you about my story.

    First I don't back-up in the traditional sense. Whenever I download a new program, get a new license key, receive or create an important document and am not using an internet browser, I connect an external hard drive and copy the new stuff to it, and then the external hard drive gets disconnected and goes back into a drawer.

    But be forewarned. External hard drives do fail. A year ago I had a ~snip~ IOMEGA that failed after 5 months. It was before cryptolocker and I always had it connected and on, but it was recent model. The IOMEGA forums were loaded with posts by peeps that had the same problem. Moderator's stock response: "If still under warranty we will replace - But if you need your valuable backed up data (that is usually the main point of having an external hard drive) you need to try to have it retreived by a highly skilled technician (who will likey charge you a small fortune to attempt to retrieve your data.) Thank You very much. IOMGA always stands by it's replacement warranty". Turkey.

    The skinny on it was that IOMEGA, for a time. was using a bad hard drive made by a major-well known drive manufacturer

    I was so ~snip~ angry! I lost a ton of irreplaceable stuff. As soon as I am able intend to copy the contents of my current external hard drive to a new one and keep that one disconnected also. They are cheap enuf unless you need to back-up a lot of stuff.

    They are of course an invaluable, time saving tool, should you ever need to restore your PC.
     
    Last edited by a moderator: Aug 3, 2014
  9. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    If you use at least two Windows user accounts, you could deny your everyday account the permissions to write to the external drive, and switch to the other user account to make backups.
     
  10. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
  11. blainefry

    blainefry Registered Member

    Joined:
    Jan 25, 2014
    Posts:
    165
    @HoLmEc
    Yes I hear you. Understandable. As with all security, it's really going to come down to the tradeoff between your risk tolerance vs. inconvenience/cost tolerance.

    Everyone can instantly be more secure than they are, at a cost.

    So here's a few thoughts:

    1) You could update and do a full virus scan or two before every backup.

    2) Or alternatively, you could create a Live CD, and boot from that before every backup. This could be a version of Windows or OSX, or if you're super paranoid it could be something geared toward privacy like Tails. (Granted, these are more geared toward online privacy, and you should have no reason to connect to the Internet during your backup, but still.)

    http://www.privacylover.com/anonymous-live-cd-list/
    https://en.wikipedia.org/wiki/List_of_live_CDs
    https://en.wikipedia.org/wiki/Comparison_of_Linux_distributions#Live_media

    3) While the Megaupload saga is sad and ridiculous, it's not really something you have to worry about in this case. That was a site specifically geared toward file sharing...not backup. There's a difference. Sites like Megaupload, RapidShare, and MediaFire may sometimes get used as redundant storage, but their real purpose is in providing a way to distribute files. If Megaupload was a backup service like Backblaze or Crashplan, I bet it would still be around.

    https://en.wikipedia.org/wiki/Comparison_of_file_hosting_services
    https://en.wikipedia.org/wiki/Comparison_of_online_backup_services

    For a further point on that, because the data is stated to be encrypted client side with Backblaze and CrashPlan, the only way someone would know about any file stored there is if the user creates a downloadable link to it and distributes it. This is not really going to happen much with a backup service. People who are trying to widely share content are going to use a service more suited to that. So you really don't have to worry about either of those companies getting shut down in that way.

    And one final point, again, we're talking about backup...as in redundant data. Who cares if the company gets shut down (even overnight)? You should still have at least one copy of everything yourself. (Crashplan actually recommends and enables 3...a local backup, an offsight backup, and cloud backup.)

    The odds that your computer would crash and be unrecoverable at the same moment your backup becomes unrecoverable are so low, it's just not worth fussing over (unless of course your backup is a drive that is constantly connected to the source and/or physically sits right next to it.)

    4) Yes, when it comes to 3rd party tools, at some point you almost always end up trusting someone. That is a risk, but I'd say pretty small when it comes to those two companies. However, that is what encryption you do yourself is for. You can use a program like TrueCrypt and create encrypted containers to put sensitive files in, and upload the containers. Or alternatively, use a program like AxCrypt or Password Safe to encrypt files individually.

    But for most people, the encryption claims of Backblaze and CrashPlan seem pretty reliable. They both host files for HIPPA-affected clients, meaning privacy is required by law, so they have incentive to actually not have access to the files they store.

    5) If you're really absolutely paranoid, there's a crazy backup routine described by MrBrian in this thread:
    https://www.wilderssecurity.com/threads/making-a-security-plan-to-protect-my-computers.357500/

    That is some pretty good protection, but just way too cumbersome for me.

    6) Don't forget my personal backup scheme here:
    https://www.wilderssecurity.com/threads/backing-up-data-keeping-it-private.365539/

    EDIT:
    Ha he beat me to it. Figured it was only a matter of time before smileyface showed up.
     
    Last edited: Aug 3, 2014
  12. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    The danger of CryptoLocker-like malware goes beyond what HoLmEc described in the first post; if your data is in the process of being compromised by CryptoLocker and you didn't realize it when backing up, your backup program could be replacing some non-corrupted files with corrupt files in your backup, depending on the backup method used.
     
  13. crawfish

    crawfish Registered Member

    Joined:
    Jul 2, 2014
    Posts:
    24
    What's the length of time between CryptoLocker infection and ransom demand?

    I store my two backup drive sets at home and safe deposit box and rotate them monthly. They are all bare drives that I use with a dock and are connected only when making backups.
     
  14. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    From http://krebsonsecurity.com/2013/11/how-to-avoid-cryptolocker-ransomware/:
     
  15. crawfish

    crawfish Registered Member

    Joined:
    Jul 2, 2014
    Posts:
    24
    Skimming that long article doesn't answer my question. The longer the process takes, the greater the risk of detection, so trying to be comprehensive for someone with a ton of data or leaving a multi-month timebomb wouldn't seem advisable, though the latter would foil backup routines like the one I described depending on the length of time between infection and demand and the backup rotation frequency.
     
  16. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    I use FileVerifier++ around once a month to verify the integrity of the data files on my hard disk. FileVerifier++ can also be used to see what's been added and deleted.
     
  17. jnthn

    jnthn Registered Member

    Joined:
    Sep 22, 2010
    Posts:
    185
    If Crashplan is used to backup to an external drive, does it scramble file names?
     
  18. blainefry

    blainefry Registered Member

    Joined:
    Jan 25, 2014
    Posts:
    165
    According to CrashPlan Support, there is a cache created on your machine during backup that contains the information that is used to create the file list and folder structure. That's how a restore is completed...stored along with your backed up data is file path information which tells the program where to put everything, rebuilding your folder structure.

    According to Support, your cache is all encrypted, which is why you need to enter your encryption key to build your file list for restore. They claim they do not have access to the restore list. (I would assume that only applies to the "Archive Key Password" and "Custom Key" options.)

    http://support.code42.com/CrashPlan/Latest/Configuring/Archive_Encryption_Key_Security

    Backblaze sounds similar. They say that there is a checksum kept on your machine, as well as at their servers.

    (Comparison of these caches/checksums is also how deduplication is done.)
     
Loading...
Thread Status:
Not open for further replies.