In these days of ransomware, isn’t it dangerous to leave backup drives connected all the time?

Backup Drive on a LaptopVery slowly, data backups are becoming easier to keep up to date. If you buy a Seagate external drive, for instance, it will probably include backup software that you can “set and forget”. Once you’ve made your initial decsions about what you want to back up, how many copies to keep and so on, the software just keeps doing it as long as the backup drive is connected to your computer (usually by USB cable). Yes, it can be a bit inconvenient having an external drive permanently hanging off the side of your machine – especially if it is a laptop that spends a lot of time on a desktop but some time on your lap. It’s just not good practice to forget the drive is attached and yank it around by the cable when moving the laptop! If it goes crashing to the floor then it could easily be “goodnight Vienna” and back to PC World for another one.

That aside, I think a lot of people have actually started to get used to the idea of having backups automatically taken and updated. This is especially true, of course, for Mac owners who just have to set the inbuilt “Time Machine” software to use an external drive and then forget all about it.

And then along comes ransomware. This is malware that encrypts data on your computer and demands a ransom to decrypt it for you. See this previous blog post on CryptoLocker, for instance. There is obviously a very strong argument that says you should never ever give in to blackmail, but if the only alternative is to lose invaluable data then it’s not difficult to see why people pay up. Now, the problem with ransomware is that it can encrypt data that’s on your external drive as well as your internal drive if the external drive is connected at the time that the malware attacks.

On the face of it, then, you are between a rock and a hard place. If you don’t keep your external drive connected you risk losing data that’s not backed up, and if you do keep it connected then the data is backed up but is vulnerable to being snatched away from you by ransomware.

Time Machine Settings

As you can see, I back up my MacBook Pro to a 750gb drive and also to a 1 terabyte drive. This dialog box shows me when I used the drives, so I know which one to use next.

If you’ve got a Mac then it’s actually quite easy to resolve this dilemma. Not only is the inbuilt Time Machine software easy to “set and forget” but it’s also flexible enough to let you use more than one backup drive. So, you simply alternate the drives as often as you wish. If one should fail or be compromised then the other – although probably not completely up to date – will take almost all of the pain out of the situation. This is actually a very good and simple practice. An external drive only costs £40-£60 these days. Just buy another one and alternate them. It’s a no-brainer. For the sake of completeness, I’m just going to mention one more practice that you can adopt if you really want to be responsible about your data backups. And that is to take a second backup onto an external drive and then remove it from the premises. Ask a friend or relative to keep it for you and periodically swap it for a later backup. This may sound like overkill, but it does provide a layer of protection against something disastrous happening not just to your computer, but to the entire location – eg fire, theft, or flood.

To be honest, I don’t know if swapping drives would work when taking continuous, incremental, backups using software such as Acronis or Seagate’s on a Windows PC. It’s just possible that files are marked to say that they’ve been backed up, so wouldn’t get backed up if a different backup drive were substituted. This is almost certainly one of those IT situations where the quickest way to find out is probably to “suck it and see”. In the meantime, you can ensure that a second backup will definitely work by doing a full backup instead of an ongoing incremental one.

Backup Strategy JokeWhether it’s worth bothering about the possibility of falling victim to ransomware is, of course, your own decision. And I should add that, as far as I know, Cryptolocker still only attacks Windows PCs. It’s very difficult to assess the chances of such disasters happening. I recommend that you imagine the situation you’d find yourself in if such a disaster did happen. Go on – really think about what you might lose and how inconvenient it would be. That should then give you some idea of how much effort you are prepared to put into creating and following contingency plans.

The next time that an IT horror story breaks through into mainstream consciousness, it could well be caused by CryptoLocker

What is CryptoLocker?

It’s a horrible piece of malware that encrypts the most common types of data files on your computer (especially Microsoft data files such as Word documents and Excel spreadsheets). Once attacked, you can not get access to those files unless you pay the perpetrators to decrypt them. Strangely, it appears that paying the ransom does actually get you the “key” to unlock your files again. Maybe the “perps” are very clever and have realised that if they get a reputation for “honouring their promise” (huh?), then sufferers will be more likely to take a risk and pay.

At this point, Mac users are permitted a smirk – CryptoLocker only attackes Windows computers.

How do you get it?

It’s usually downloaded as an email attachment when the user is duped into accepting something that looks like a pdf file, but isn’t. I received a similar thing just a few days ago (although it displayed as a zip file in this instance). Take a look at Figure 1. It appears to be from Amazon and it would be very easy indeed to apply 20% of my attention to it and just open the attachment. I don’t know if this one contains CryptoLocker, but I do know that this message is fake. Look at the “sent” address. Since when did Amazon send emails out in the name of “crescenzireider@yahoo”?

Fake email message, purportedly from Amazon

Figure 1. Fake email message that may contain CryptoLocker or other malware


Also, this just isn’t how Amazon send despatch notices etc. and, anyway, I have a system (of sorts!) for tracking Amazon orders and know I’ve got nothing outstanding. So, I haven’t opened the attachment and this has kept me safe from any “payload” it may have (and don’t worry – you can’t catch anything from Figure 1: it’s just a harmless image file by the time you see it).

Other common ways of getting you to open an infected file include faking the attachment as a FedEx or UPS delivery note, or faking a document from your bank.

Once you’ve been infected, you will be presented with a demand for money (typically $100 or $300) and a short time (4 days) to pay up. If you don’t pay in that time then your files go to data heaven. The bad guys “forget” the key that will unlock them and that’s that. Moreover, if your regular backups are made on other hard drives on your own computer then those backups are also at risk. Apparently, the malware isn’t yet configured to look in networked drives, but that’s got to be just a matter of time.

CryptoLocker Window

Figure 2. If you see this window, you’ve got problems

How do you stop it?

If you are working in a large or medium organisation (with IT staff) then Windows can be configured to stop you opening all kinds of attachments that are “executables”. This is probably neither possible nor practical for the average home user. To begin with, you need to have Windows 7 Professional, Ultimate, or Enterprise (ie not Windows 7 Home). If you have Windows 8, it needs to be either the Pro or Enterprise version. If you are using Vista you are unlucky, and if you are still using Windows XP then here’s yet another reason to move on – Microsoft support for Windows XP is ending. There is, anyway, a danger of throwing the baby out with the bathwater. Putting restrictions in place to stop you opening a fake file would probably also stop you opening genuine ones – very annoying.

Another thing you can do is to change the view of your files in Windows Explorer so that file extensions are always displayed. This may alert you to the fact that a file that appears to be called “readme.pdf” is actually “readme.pdf.exe”

Why doesn’t antivirus software stop it?

I don’t know. I’ve been to a number of websites to help me prepare this blog and none of them are specific on this point. They just say things like “(antivirus programs) have a particularly difficult time stopping this infection” and “Security software might not detect CryptoLocker, or detect it only after encryption is underway or complete“.

Removal

I understand that removal of the software is just a case of uninstalling it in the usual Windows way – ie go to “Programs and Features” in the Control Panel. That doesn’t decrypt your data, of course.

So, where does that leave us?

  1. We have to be even more vigilant than ever in opening email attachments. Don’t open any email attachment until you’ve looked at the email and made a definite decision that you trust the sender. For goodness sake, don’t think, “I’ll open it and just delete it if it’s crap” (which is how, I suspect, a lot of people filter their email). If it’s got CryptoLocker in it then it will be too late by the time you realise what’s happening.
  2. We have to review our data backup situation. Are you one of the millions who “haven’t got round to” creating backups? If so, do you really want to find out the hard way why they are so important? And if you do take backups, but these are just file copies on your hard drive or permanently attached drives, then my advice is to take an “offline” backup asap (eg to a USB drive or DVDs).

Cartoon robber stealing away from laptopSorry for delivering yet another warning of the dangers of the internet. I really don’t want to put anyone off using it, but we need to pay close attention to what we are doing. Think in terms of being “streetwise” about the internet (“cyberwise”?) You wouldn’t park your bicycle, unlocked, on Oxford Street and expect it to be there when you got back, would you? If you apply the same common sense online then I think the chances of being caught out will be greatly reduced.

“Should I buy an external backup drive” is one of the most common questions I am asked by my computer support clients

My answer is usually “yes”, because the question implies that the client is not backing up anything at the moment. The next question is, of course, “what should I buy?”

The main considerations are these:

Form Factor

Western Digital 3.5 inch external drive

Western Digital 3.5 inch external drive

External drives are either 2.5 inch or 3.5 inch. This is a measure of the width of the drive itself (not the housing in which it is contained). Functionally, the two sizes are the same. The physical size of the entire unit in its housing is, however, quite different. If you think you might want to carry the drive about with you then the smaller size would be more suitable. Apart from physical size, the other main difference is that 2.5 inch drives are usually powered via the USB connection, whereas 3.5 inch drives have their own power supply. This might make them slightly more reliable, but it does, of course, mean that you need to find yet another power socket within reach.
 
Capacity

At the moment, capacity ranges from about 340gb to 3tb. A “tb” is a “terabyte” – ie 1000gb (gigabytes). So, the 340gb is approximately 1/9 the size of the 3tb. You might like to look at the comments I made on hard drives in this post on buying laptops as they also apply to buying an external drive for backup purposes.

Connection

USB3 port

A USB3 port, distinguishable by being blue inside

Connection to the computer is via either a USB2 or USB3 port. Drives with USB3 connections transfer data much faster then USB2 connections provided that the computer at the other end also has USB3. If it doesn’t have USB3 then transfer happens at the lower USB2 speed. I would definitely recommend buying a drive with USB3 even if your current computer does not have USB3 – your next computer will have. You can, by the way, always tell a USB3 connection as it is blue inside (as opposed to the black of a USB2 connection).

Rotation Speed

Different discs rotate at different speeds. 5400 rpm is a typical speed. Faster spin speeds result in faster data transfer rates but there are other factors that affect how fast a drive performs, so the “rpm” figure is not necessarily all that significant.

Backup Software

These notes about backup software are for Windows PCs only. Although the drives themselves are compatible with both Macs and PCs, backup strategy is different. If you own a Mac then you would undoubtedly use the external drive with the Mac’s inbuilt “Time Machine” software. This is much better and simpler than any backup software ether built into Windows or provided on an external drive.

However, if your are a PC owner it may be important for you to make sure that the drive you buy has its own inbuilt backup/restore software. This is usually fairly easy to set up to perform automatic incremental backups of data files in standard locations. This may need a bit of explanation:

  • “automatic” – the backups are automatically created according to a user-defined schedule.
  • “incremental backups” – files are backed up (according to the schedule) after they are first created (or, more precisely, when they are first saved), and also every time they are updated (ie when they are saved again).
  • “standard locations” – some software will only back up data files that are located in the “Documents” or “My Documents” folders (and their sub-folders). In other words, the software may or may not be configurable to back up files saved in other locations.

When it comes to backups, the devil tends to be in the detail. The principle is fairly easy – backups are copies of files that you create as potential replacements for lost, deleted, or damaged files. However, there are many types of backups, many different scheduling possibilities, many sorts of backup media, many different storage strategies and so on. My experience of many years with my computer support clients is that it is better to have a simple backup strategy that you actually carry out, than a complicated one that you don’t. The simple solutions provided with external drives are usually fairly quick to set up and are undoubtedly better than no backup at all provided that you normally save your data files in the default areas within “My Documents”.

Please note that this blog post is a general guide only. I am not promising that any specific software performs any specific backup task. You are urged to check the results of taking backups so that you can be fairly confident that the procedure works.

Price

Seagate 2.5 inch external drive

Seagate 2.5 inch external drive

Larger drives tend to offer better value in terms of price per gigabyte, but it could be false economy to buy a 3tb drive if you will never use it. 500gb drives start at about £50.

As a very rough guide, if you rarely or never store movie/video files, music files, or very large numbers of photos in specialised formats (such as RAW or TIFF) then a 500gb is probably going to be plenty large enough. If you take a lot of photos, or have an increasing music and/or video collection, then maybe a larger drive will be better.

So, in conclusion, if you are thinking of getting an external drive for backups purposes, then do it! I have seen for myself just how upsetting and disruptive it can be to lose data completely. Any backup is better than no backup.

Dropbox stores previous versions of data files (for 30 days) that you thought had long since gone to data heaven

I’ve mentioned this in a previous blog on Dropbox, but I’ve recently had a couple of queries from users who know it’s possible, but who can’t work out the mechanics. So, here’s how to do it.

The secret is to remember that your Dropbox files are available in two distinct ways – via the Dropbox folder on your computer and via a website interface. I think what happens is that we get used to using the Dropbox folder just like any other folder and assume that old versions of our files are stored in the local Dropbox folder – if only we could find them. This is not how it works. Only the most recent version (ie the “current” version) is in our local Dropbox folder. All the previous versions are “in the cloud” on Dropbox’s servers. However, providing that we have an internet connection, it’s easy to access them.

If you still have a “current” version of the file in your Dropbox folder, then click on the file to highlight it and then right-click on it. A menu then pops up as in Figure 1

menu for "previous versions"

Figure 1 – Menu for Previous Versions

The options on this menu will depend on what programs you have installed on your own computer, but somewhere on the menu you will see “Dropbox” with a right-pointing arrow. This arrow indicates that there is a sub-menu that pops up when you hover over the option. So, if you hover over “Dropbox” the submenu pops up that includes the option to “View previous versions”. If you click on this option, your web browser will open, take you to your Dropbox account online, and show you the list of previous versions of the file you initially clicked on (see Figure 2):

The List of Previous Versions

Figure 2 – The List of Previous Versions

Select the version that you wish to restore (ie the version that you wish to become the new “current” version). This is done by clicking in the round “radio button” next to the relevant version. Then just click on the blue “restore” button below. Be aware, though, that you don’t get any warnings or confirmations about what is about to happen. As soon as you click on the “restore” button it does just that: replaces the old current version with whichever version you selected to restore. You can, of course, repeat the process to restore a different version if the one you’ve restored is not the correct one.

What happens, though, if you’ve deleted the file?
Obviously, you can’t restore it by right-clicking on it if it’s not there!

  • In this case, launch the Dropbox website by right-clicking on the blue Dropbox icon in your taskbar (bottom righthand corner of screen) and left-click on the option that says (natch) “Launch Dropbox Website”.
  • Navigate to the folder where the deleted file used to reside
  • Click on the rightmost icon in the strip near the top of the screen that looks like Figure 3
Strip of Commands including "Show Deleted"

Figure 3 – Strip of Commands including “Show Deleted”

This is a dustbin, but clicking on it doesn’t throw things out. Rather, it displays the files that have previously been thrown out. In the example in Figure 4, the second file (diltest.txt) has been deleted.

Showing the Deleted Files

Figure 4 – Deleted Files Now Accessible

Click on the filename to reveal a list of versions that Dropbox is holding:

Showing the Previous Versions of Deleted Files

Figure 5 – Showing the Previous Versions of Deleted Files

Note that Dropbox can’t offer you the option of restoring the version that was deleted. It can only offer you the most recently saved versions. This may or may not be the same thing, depending upon whether you had made any changes between the last save and the deletion of the file. So, select a previous version by clicking in the round “radio button” and then click the “restore” button.

After all that, you might be saying “why not just look in the Windows recycle bin and restore the file from there?“. Fine, If it’s there, then go ahead and do that, but you may have emptied the recycle bin, or want a different version. The main advantage of having the Dropbox option is that it does keep all these different versions going back 30 days.

I don’t use Dropbox as my main method of backing up files. I’d feel a bit queasy about trusting any outside organisation to be in sole charge of the backups of my important data. However, knowing that Dropbox is adding an extra layer to my backup routines definitely makes me feel more secure about my data – and it doesn’t need me to do anything to maintain it.

Dropbox logoYou can get Dropbox for free. The free version starts you off with 2gb storage space. However, clicking this link to the Dropbox website will get you (and me!) an extra free 250mb of space.

Is your Contacts List at the mercy of your webmail service?

Email "@" signs falling from the Cloud into a laptop

It’s well worth saving your Contacts information locally if it only exists in The Cloud.

“Webmail” is the method of accessing email that works via a browser (eg Internet Explorer, Firefox, Chrome, Safari, Opera). There is no “program” on your computer that is dedicated to dealing with your email. All of the necessary programming is provided via the web browser.

If you use webmail to send and receive emails then it’s possible that the only “contacts list” you have is intimately bound up with that email account. This contacts list (also known as an “address book”) may be just the email addresses of your correspondents, but it may also include postal addresses and many other items of contact information.

When you use webmail, the information that you are looking at (email content, contact information etc) is normally only stored on the servers of whoever is providing your service. Now, I know that there is an argument that says “So what? Microsoft/Gmail/AOL/Yahoo all know what they are doing and they will take better care of my data than I ever would. I never take backups“. Call me a control freak, but I would not be at all happy to think that 200-1000 email addresses might be at the mercy of an organisation over which I have absolutely no influence. And although you might be right that these large companies have better data backup procedures than you do, that does not mean that they are entirely reliable.

Here are two ways in which computer clients of mine have lost their contact information:

  • Last summer a client of mine lost control of his Gmail account when it was hacked by someone correctly guessing his password – see this blog on Gmail Passwords for the full story.
  • Very recently a (different) client had problems with his Hotmail account. Microsoft told him that there appeared to have been attempts to hack into his account and they made him jump through all kinds of hoops to get it back. He was luckier than the Gmail client in that he did get back into his account, but all his contact information has disappeared.

Despite these occasional problems, there are definitely arguments in favour of using webmail, so can you do something to reduce this vulnerability? Yes, you can. If you use any of the main webmail services (eg AOL, Gmail, Hotmail, Yahoo) then you have the ability to “export” your contacts list. It would be too tedious to describe the process for each webmail client (ie each webmail service), but the general advice is to click wherever necessary to get your contacts list in front of you and then look for an option that includes the magic word “export”. This may be a sub-option of an option called “manage contacts” or something like that. See the illustration for an example from a Yahoo webmail account.

Webmail Data Export Options

These are the options for exporting Contacts information from Yahoo webmail. The circled option is the one to go for.

You will probably be offered a selection of different formats in which the exported data can be saved, but we needn’t get too distracted by that. If it’s offered, take the “csv” option (which means “comma separated values”). If there’s no “csv” option apparent then take another option such as “Outlook” or “Thunderbird”. The main thing here is that we are saving a copy of your data onto your own computer so that it could be made available in the case of an emergency. Even if it’s in the wrong format a bit of “data massage” will probably put it to rights and you’ll certainly be better off than if you had no local copy at all.

When you’ve completed the process you will have a file on your computer that might be called something like “contacts.csv”. This is a local backup of your contacts data. It can be useful in several ways:

  • To restore contact data back into an existing account.
  • To transfer the data into a new account from the same webmail service.
  • To transfer the data to a completely different account with a different webmail service.

If you do use webmail and decide to spend a little time doing something “techie” and well worthwhile, then have a go at this.

Notice the rather ominous “1” in the title. This is a subject that will take more than one blog post. So, today let’s just think about what “backups” mean and what they don’t mean.

When I asked Google to define “backup” the first offering was

an accumulation caused by clogging or a stoppage; “a traffic backup on the main street”; “he discovered a backup in the toilet”

You’ll be pleased to learn that that’s not what we mean here. A better definition (offered by Wikipaedia) …

In information technology, a backup or the process of backing up refers to making copies of data so that these additional copies may be used to restore the original after a data loss event. These additional copies are typically called “backups. …”

3.5 inch External Drive

3.5 inch External Drive

So at its simplest, a backup is a copy that can be used to replace an original if it is lost, deleted, damaged. This backup can be a copy of a single file (eg an important spreadsheet) or many files. At its simplest, a backup can reside on the same drive as the original. The problem is that if the entire drive fails then the backup is also lost. Having a backup on an external drive is a much better idea but that still wouldn’t avail you if all your computer stuff was stolen or in the event of flood or fire. The only way to be really sure that the backup will be there if you need it is to keep a backup in a location physically separated from the original. In practice, I’ve only ever very rarely managed to train my clients to such a degree!
 
What a Backup Isn’t

A backup is not usually a copy of any of the myriad files that make up the Windows (or Mac) operating system, nor a copy of the files that make up the programs on your computer (eg Microsoft Office, Photoshop). If we suspect that something has gone wrong with Windows or with a program file then the best thing to do usually is to un-install the program and re-install it. In other words, we don’t just copy back files that are in a backup, but set in motion the process of removing the program completely in the proper way and then putting it back from scratch from the original master CD/DVD or downloaded file. The reason for this is that program files have to be copied and set up so that they work in the specific situation and in concert with the other programs and operating system. Copying files is not enough to achieve this so we don’t back up program files.

What Data should be backed up?

Your own stuff. The documents and spreadsheets and pictures and videos and all the other stuff that is YOURS and that you would not want to lose.

There are also other types of file that are not quite so easily imaginable as data but which you wouldn’t want to lose – eg that huge list of bookmarks (also known as favorites (sic)) that you build up in your web browser (Internet Explorer, Firefox, Chrome, Safari, Opera or whichever browser you use). That list of websites is nothing more than that – a list – but I’ve seen a lot of clients looking very deflated when they realise they’ve lost it.

2.5 inch External Drive

2.5 inch External Drive

A hugely important part of backup data can be your email data. This is the email messages themselves, but can also be your contact information. If you only send, view, and receive your data through a web browser then your email data is not being stored on your own computer but on the computers of the service providers. This covers services such as Hotmail, Gmail, AOL mail, Yahoo, and others. This is known as webmail.

 

If, however, you access your email through a program on your computer (such as Windows Live Mail, Outlook, Outlook Express) then your email data is stored on your own computer. Your email provider may have a copy of your recent email history on their own computers (also known as mail servers) but it could be as little as the last seven days worth of data. Don’t rely on your mail servers as email data backups.

It’s also true that webmail can usually be accessed and downloaded with programs such as Outlook (as in the paragraph above), but we don’t need to split hairs about that now.

Having established an idea of what it is that we want to back up, let’s just finish this definition of what a backup is by considering some similar ideas:

An archive – in computer terms, an archive is just a backup but with one important difference. It is never over-written. Suppose you back up your data to an external hard drive. That drive is going to get full and you may wish to delete older backups to make room for newer ones. That means that you can’t always rely on your backups to tell you exactly what your accounts data (for instance) looked like on 23rd April 2009 (for instance). So, we often create archives in the knowledge that whatever happens we can see the data as it looked at a particular time in the past. Archives can be created in exactly the same way as a backup or by a different method. Often, for instance, archives are created on CDs or DVDs, whereas backups are made on external hard drives or USB pen drives (also known as thumb drives or memory sticks. A Memory Stick is actually a proprietary Sony device, so it is a misnomer to describe a generic USB pen drive as such).

 

An image – when we’re talking about backups an image is not a photograph. It’s a different meaning of the word and what it means is a complete, thorough, 100%, copy of EVERYTHING that is on your hard drive (or a sub-division of a hard drive such as a partition). An image can only be created using special software but it does seem to contradict what I said earlier about not being able to back up programs because a complete total image of your drive can actually be used to restore your computer to exactly what it looked like at the time the image was made – operating system, programs, data, the whole lot. But it’s not the panacea it sounds like because restoring an image could result in losing all the changes to the data that happened after the image was created.

Pen Drive

Pen Drive

A clone – similar to an image, a clone is the entire copying of one drive (or partition) to another similar drive so that it can be swapped with the original in case of disaster. The problem with images and clones is that they can take a while to create, you can only be completely certain they’ve worked by installing them, and they don’t change as data is added or changed.

 

That’s an introduction to backups. The next blog on this subject will look at the actual creating of backups in more detail.

One final word: I implore you to keep your master program discs all in one place and know where that place is. I would include in that any data backups and archives on “loose” media such as CDs or DVDs. So many times in the past I have been summoned by a distraught client with an apparent disaster on their hands who needs programs (and maybe data) to be re-installed but they can’t find their discs. This is already a fraught situation. It just makes it more stressful and more expensive if the client can’t find the discs. This doesn’t need to get complicated: just put everything in the same box and know where that box is.

© 2011-2017 David Leonard
Computer Support in London
Privacy Policy Suffusion theme by Sayontan Sinha