Jump to content

[Guide] Choosing The Right Backup Method(s)

First off, I highly suggest you go read the guide linked below, as it covers a lot of important information that this will not.  However, I hope to cover a lot of things that it doesn't, so read this too when you're done.

As a TL;DR of the most important section though, just know that you should have at least two (but ideally three or more) copies of your data, on physically different devices, and in physically different locations.  This means the copy on your computer, plus an external drive, plus a cloud backup, for example.  If anything goes wrong you have at least one other copy of that data in a safe place from which you can recover.

 

Why So Many Ways?

There are a lot of ways to protect your data and each of them check a few boxes, but none of them check them all.  This is why you need to combine multiple methods to ensure you are fully protected.  You can visualize the available options as sitting somewhere on a 2D grid where one dimension corresponds with proximity and the other perpendicular dimension corresponds with update frequency:

 

image.png.3fb369bf9f983802de652882fa09dcb7.png

 

There are more variables than this in truth, but these are the two most significant factors in my opinion.  In the following section I will be examining the pros and cons of some common strategies.  I've listed a few examples for each category above, but this isn't a comprehensive list and there may be strategies that I've not thought to mention.  By and large anything from one of these cells will have roughly similar characteristics to anything else that fits into the same cell, but there are certain key differences to consider.

 

RAID should only ever be used to supplement a proper backup strategy and is not a backup in and of itself, but I've included it here for the sake of comparing its characteristics against other actual backup methodologies.  I discuss its use in more detail at the end of this guide.

 

The Ideal Scenario

Here I will be comparing the various ways you can protect your data under the assumption that you run backups as regularly as you need to.

 

image.png.8ce838cb3f572dfc050e3d1b13345b73.png

 

Properties

Below is a list of the properties of each strategy.  These have an impact on the protections each strategy can offer (discussed later).

 

Recency

This refers to how recent your backup is likely to be when you eventually need it.

  • The traditional HDD method is iffy in this regard because even daily backups pale in comparison to the recency of something like RAID or even OneDrive where files are backed up instantly or at worst within a few minutes.
  • An external HDD that is constantly syncing files (for example, Time Machine, or other related services) should keep your files backed up down to the minute, or even second.
  • RAID keeps everything synced between drives at all times
  • No matter how diligent you are about updating your backup regularly, a drive stored at an offsite location that you manage directly is never going to compare with some of the other offerings mentioned here.
  • Much like the traditional HDD, a manually run, "on-demand" cloud service will be as up to date as you keep it.  Due to the simplicity, it may slightly outrank the HDD, but they are broadly similar in my opinion.
  • Services like OneDrive, Google Drive, Dropbox, etc. that keep your files synced at all times should at most be out of date by a few minutes, unless your file is particularly large and is taking a long time to upload.

Separation

This refers to how the files on your backup are separated from your live data.

  • The traditional HDD is physically disconnected from your system when not in use and thus is physically separated.  This makes it impossible for any software issue on the computer to negatively impact your backup.  This applies to all strategies with a "Physical" rating.
  • RAID means by definition that all drives are connected to your system at once, and thus anything happening on the system has the opportunity to impact your backup.  This applies to all strategies with a "None" rating.
  • OneDrive and other cloud services are separated from your system through a software barrier.  Anything that happens on your computer has the ability to influence your files, and these files will then be synced to your backup, but you computer cannot access the backup directly, and thus any file history the service may offer should be protected.

Security

This refers to how safe your backup will be from prying eyes, as well as economic factors beyond your control.

  • Strategies like the traditional HDD that are fully within your control will remain as safe as you choose to make them.  No bankruptcy can take your data away, and no unauthorized person can access it, if you choose to encrypt it properly.  This applies to all strategies with the "+" rating.
  • Strategies that rely on another company like Microsoft, Backblaze, Amazon, Google, etc. are dependent on their success and their policies.  If the company ceases to exist, your backup may do the same.  Depending on how they handle your data, your files may also be open to hackers, people at the company, or other companies they cooperate with.  This applies to all strategies with the "~" rating.  I've elected not to mark anything as a "-" because I cannot know for certain that any particular service is with certainty bad in these regards.  I can only say that it is an unknown worth consideration.

Convenience

This refers to how easy the strategy is to use.  The less time and effort required, the better.

  • The traditional HDD requires it to be plugged in, the backup manually run, and then the drive put away again.  This is a minor inconvenience, so it receives the intermediate "~" rating.
  • All automatic strategies like Time Machine, OneDrive, etc. need virtually no thought or effort expenditure whatsoever, and so they get the highest rating, "+".
  • The only thing worse than manually running a backup on your external HDD is then having to drive that backup to a friend or relative's house for storage (and likewise, picking it up from them when it's time to update it or recover your files).  For this reason, it gets a very negative rating.

Speed

This refers to how quickly you can take a backup, and/or recover your files from it.

  • Local storage is ideal for this and thus external HDD strategies, be them on-demand on always-on, get a high rating of "+".
  • RAID is so "fast" that it almost exceeds the "+" rating and enters into the realm of "N/A".  It's not so much a copy stored on another drive as it is a means by which you are using two (or more) drives simultaneously.  There is no delay because you are always working on both your live data and the backup together - they are one and the same.
  • All off-site strategies get a middling "~" rating, because they may be quite fast, or quite slow, depending on your particular situation.  If your external off-site backup is 700 km away, or your internet speed is particularly poor, this will pose an obvious problem for the speed of your backup operations.  If however you have a fast and reliable internet connection, or your off-site backup is relatively nearby, speed may not be an issue for you.

Price

I've not included this in the chart since it greatly depends on the amount of data you have, as well as a whole host of other factors.  For most people though, cloud offerings will be more expensive than anything you can do by hand, because they are priced as a subscription rather than a "one time" payment (though of course remember that drives do fail and need to be replaced from time to time, so there is perhaps not as much difference there as some may think).  Every company is different, but you can generally get around 1 TB of perpetual cloud storage for the cost of a 2 TB drive per year.  If you only need a few GB though, it's worth noting that cloud services will generally provide a small amount of space for free.

 

Protections

I will now discuss some of the specific protections offered by each strategy.  These are a result of the strategy's properties, as well as the nature of the service (if applicable).

 

Ransomware

Ransomware is a malware threat that for all intents and purposes deletes all of your files.  The "ransom" name comes from the fact it encrypts your files, making them inaccessible, and demands the payment of a ransom in order to learn the key necessary for decryption.  It is strongly recommended that these ransoms never be paid, as there is no promise your files will actually be released, nor any promise that if they are, they won't be soon encrypted again, and any payment directly funds the ability of criminals to continue these attacks on other victims.  With the right backup strategy, you can avoid ever having to pay or lose data to such an attack.

 

Depending on how sophisticated the attack is, you may lose nearly everything, or almost nothing.  Some attacks target only certain types of files and only in certain key folders (for example, Documents).  Other attacks may go after files more broadly.  In the worst case scenario, the malware may lay dormant, waiting for you to connect a backup drive, at which time it will take your entire system as well as the backup.  This is one of several reasons why you should ideally have at least three copies of your data, and never connect more than one backup at a time.  With a proper backup strategy, even this nightmare scenario becomes nothing more than a minor inconvenience.  In the event you lack such a backup and need an option to recover, try searching for the type of ransomware you have fallen victim to.  Certain less sophisticated versions use encryption methods which can be broken with little skill, such as finding the key stored in a hidden file on your PC.

 

The key factor in protection from ransomware is Separation.  As such, the rankings of which strategies protect you from it and which do not directly mirror the Separation rankings of each strategy.  However, this is necessary but not sufficient.  Once Separation is present, there is an additional hurdle for any "Continuous" services.  If they provide a robust file history option, you should be well protected, but if they provide an inconvenient history (for example, allowing the rollback of only individual files one at a time), or no history whatsoever, they will not protect you against ransomware.

 

Accidental Deletion

Everyone makes mistakes from time to time, and you may have saved over or deleted an important file.  The right backup strategy will allow you to recover this file with ease.  Luckily this is a very simple danger and as such, every backup strategy listed should be sufficient to address this problem.  The only strategy that fails this test is RAID, because RAID is not a backup.  More on this at the end of the guide.

 

The important caveat here is that your protection exists either as a result of the strategy being occasional, or having history.  For example, if you delete a file, you can easily plug in your external HDD and recover it.  Likewise, if you have a service that's constantly syncing such as Time Machine or OneDrive, you can also recover your file from the file history or trash, if these features are present.  I've given everything a positive rating rather than a "~" in the table above because I believe these features have become rather standard practice recently, but you should still keep this in mind.

 

Data Corruption

No storage medium is perfect and bits occasionally get flipped, or read/written incorrectly, resulting in corrupted data.  With vigilance, you can spot this and recover a uncorrupted version from your backup, but I don't believe this is common practice, and as such, there is risk with every strategy mentioned for data to become corrupted and this new version to be saved over your backup.  In the case of RAID, if you have a sufficiently advanced system that can notice when one drive has corrupted a file while two or more others agree on the original data, it is theoretically possible it could correct the copy on the bad drive and protect you in this way, but I'm not sure how common that is.

 

Drive Failure

Every backup strategy listed protects you from this risk.  The only question is how quickly you can get back on your feet.  With a RAID setup, you can hot swap the drive out and continue running as if nothing even happened.  Conversely, if you have to drive across the city to a friend's house to retrieve a backup from which to recover, it could be an all day process, but this consideration was already addressed as part of Speed.  In terms of protection, they will all do the job.

 

Total loss of physical location

This refers to a catastrophic event such as a theft, flood, fire, or other disaster that eliminates not only your live data but any on-site backups as well.  By this definition, the strategies which do or do not protect you are obvious - anything on-site will not work, while anything off-site will work.  Because of this threat, it is recommended that everyone have an off-site backup.

 

RAID

Every now and then you see it recommended, but I believe it is often not properly thought through.

  • If you need absolutely unmatched up-time and can't afford to worry about a drive failing - if you need to be able to swap them out live without even realizing something happened - then RAID is for you.  There is nothing better at protecting you from drive failure up to the second.
  • If, however, you can afford to recover your data from a backup in the event of a failure, you really don't need it.  And this is a key point: every other strategy also protects you from drive failure, so if you already have a robust backup strategy in place - which you should regardless - supplementing with RAID (because it's not a replacement for anything) is only going to improve your Recency and increase the cost.  Is that worth it?  Personally I say no, but you be the judge for your own setup.

I should add that in some situations running RAID can even put your data at greater risk than it would without it.  Aside from the obvious RAID 0 example, where losing any of the drives means you lose it all, there is the risk of corruption to the RAID system itself due to power failure, failing hardware/controllers, etc.  There is a time and a place for it but I believe that it's not in the home.

 

The Less-Than-Ideal Scenario

The unfortunate reality is that most people do not take backups as often as they should.  Therefore, I've provided this additional grid showing the same properties and protections under the assumption that you don't backup as often as you should.

 

image.png.0821c6def34fe074af768755a39ccf7c.png

 

In this situation, the usefulness of all manual strategies is seriously undermined by the lack of Recency, and as a result the value and importance of automatic services becomes even greater.

 

Generally Good Practices

Regardless of the strategies you choose to employ, there are certain practices which will ensure you get the most out of your investment:

  • One at a time
    • Only ever connect one backup at a time, ensuring that there is at least one or more backups which meet the "Physical" Separation rating at any given moment.
  • Verify
    • Verify that you could restore from this backup as expected if you needed to.  There is no use taking backups if they are corrupted, missing data, or otherwise inaccessible.  Consider the operating system you will be using, and the compatibility of certain key features like file system, choice of encryption method, compression, etc.
    • When doing manual backups, before committing the actual data to disk, perform a dry run to see what it is planning to change, and sanity check that this is correct.  In short, make sure you're not backing up bad data over good data, and ensure that the backup completed successfully once you've finished.
  • Listen to the voice in your head
    • If you're about to do something dangerous that could cause data loss, don't slough it off as "it probably won't happen", or "I know what I'm doing".  Just take a moment to protect yourself.  One of these days, you'll be glad you did.
  • Do it regularly
    • A backup is only as good as it is recent.  Make sure you are keeping yours up to date!

 

Conclusion

As always, I hope this was useful, and I'd welcome any corrections since I want this to be a good guide :)

Edited by Ryan_Vickers
Complete overhaul

Solve your own audio issues  |  First Steps with RPi 3  |  Humidity & Condensation  |  Sleep & Hibernation  |  Overclocking RAM  |  Making Backups  |  Displays  |  4K / 8K / 16K / etc.  |  Do I need 80+ Platinum?

If you can read this you're using the wrong theme.  You can change it at the bottom.

Link to comment
Share on other sites

Link to post
Share on other sites

I made a movie once and spent forever on it, then my pc crashed and I lost it all.

Since then I backup my games.

Link to comment
Share on other sites

Link to post
Share on other sites

Just now, Lurick said:

So what you're saying is buy old used drives, put them in RAID 0 and that's the perfect backup solution?

No, that's literally the worst thing you could possible do :P  What I would recommend though is thinking to yourself "is my backup plan so good I could afford to store my precious data like that?" and if the answer isn't "yes", it could be improved xD 

Solve your own audio issues  |  First Steps with RPi 3  |  Humidity & Condensation  |  Sleep & Hibernation  |  Overclocking RAM  |  Making Backups  |  Displays  |  4K / 8K / 16K / etc.  |  Do I need 80+ Platinum?

If you can read this you're using the wrong theme.  You can change it at the bottom.

Link to comment
Share on other sites

Link to post
Share on other sites

Just now, Ryan_Vickers said:

No, that's literally the worst thing you could possible do :P  What I would recommend though is thinking to yourself "is my backup plan so good I could afford to store my precious data like that?" and if the answer isn't "yes", it could be improved xD 

Guidance unclear. Ended up with 11 drives of various size and age stuck in JBOD and all files lost :P 

 

Always good advice though, if you aren't comfortable storing data on it and risking it going down, rethink or improve the solution :)

I like to combine a nice NAS as a central backup point and have everything on there mirrored to CrashPlan.

Current Network Layout:

Current Build Log/PC:

Prior Build Log/PC:

Link to comment
Share on other sites

Link to post
Share on other sites

Just now, M.Yurizaki said:

When you say RAID, you mean local RAID? Not like a NAS RAID.

 

Maybe I should've seen that coming but I kept thinking something like that.

I mean RAID as a strategy on its own.  My mindset was locally in your PC, but it applies anywhere if looking at it in isolation.

Solve your own audio issues  |  First Steps with RPi 3  |  Humidity & Condensation  |  Sleep & Hibernation  |  Overclocking RAM  |  Making Backups  |  Displays  |  4K / 8K / 16K / etc.  |  Do I need 80+ Platinum?

If you can read this you're using the wrong theme.  You can change it at the bottom.

Link to comment
Share on other sites

Link to post
Share on other sites

13 hours ago, Ryan_Vickers said:

I mean RAID as a strategy on its own.  My mindset was locally in your PC, but it applies anywhere if looking at it in isolation.

 

13 hours ago, M.Yurizaki said:

When you say RAID, you mean local RAID? Not like a NAS RAID.

 

Maybe I should've seen that coming but I kept thinking something like that.

Yep RAID in a NAS you are backing up to is still one copy no matter the configuration, even if you have two mirrors using independent disk sets in the NAS chassis and copy data between them on a schedule. It's still in the same physical unit using the same power supply, CPU, motherboard etc so it is one fault domain.

 

When you are evaluating copies of data for backups it's best to use fault domains to verify that it truly is it's own sole independent copy of the data.

Link to comment
Share on other sites

Link to post
Share on other sites

  • 2 weeks later...

I recently set up an experiment with doing backups since one of the attributes listed was prevention against ransomware. Since I've never actually gotten ransomware, I don't know how effective this'll be. However I do know one of the things it tries to do is ask for elevated privileges and I'm riding on the hope that the payload will continue to try to execute if you don't elevate it. So maybe this is overkill, but we'll see.

 

In my case I have what's considered for all intents and purposes two external hard drives. One of them is the USB kind. The other is a NAS. I use the USB external as both a backup solution and a staging area to clone to the NAS. Once that's done, I log in using another account whose sole purpose is to sync files from the USB external to the NAS. The account I normally use only has read privileges to the NAS while the data backup account has read/write access.

 

So how would this work against ransomware or malware? Because I don't run either of these accounts as administrators for one, so elevation requires a password (even though theoretically malware shouldn't be able to do anything to a UAC prompt). For another, if one account is compromised because it launches ransomware, it can only do damage to one of the local copies that I have. Sure, while I won't be having the USB external on all the time, I do want to plan for the worst case scenario.

 

For the sake of convenience when I do subscribe to a cloud storage service, the data backup account's also going to be the only one who runs the operations.

 

To summarize:

  • Normal user account I use everyday:
    • Has read/write privileges to the local drives and the USB external drive
    • Has read only privileges to the NAS
  • Data backup account
    • Has read-only privileges to the local drives and USB external drive
    • Has read/write privileges to the NAS

You might ask "wouldn't it be annoying to log in to the account whenever you want to do a backup?" You can add a registry entry to create a new option to run as a different account from Start Menu items. While this still requires entering the username and password, you don't have to sign off or switch the account you're running on,

Link to comment
Share on other sites

Link to post
Share on other sites

13 minutes ago, M.Yurizaki said:

I recently set up an experiment with doing backups since one of the attributes listed was prevention against ransomware. Since I've never actually gotten ransomware, I don't know how effective this'll be. However I do know one of the things it tries to do is ask for elevated privileges and I'm riding on the hope that the payload will continue to try to execute if you don't elevate it. So maybe this is overkill, but we'll see.

I find the best way to model it is to assume the worst reasonable case scenario and plan for that.

13 minutes ago, M.Yurizaki said:

In my case I have what's considered for all intents and purposes two external hard drives. One of them is the USB kind. The other is a NAS.

:D I was thinking this same thing and hoped other people would get that these are general categories and not literally only a USB kind, etc.

13 minutes ago, M.Yurizaki said:

I use the USB external as both a backup solution and a staging area to clone to the NAS. Once that's done, I log in using another account whose sole purpose is to sync files from the USB external to the NAS. The account I normally use only has read privileges to the NAS while the data backup account has read/write access.

 

So how would this work against ransomware or malware? Because I don't run either of these accounts as administrators for one, so elevation requires a password (even though theoretically malware shouldn't be able to do anything to a UAC prompt). For another, if one account is compromised because it launches ransomware, it can only do damage to one of the local copies that I have. Sure, while I won't be having the USB external on all the time, I do want to plan for the worst case scenario.

I wouldn't assume ransomware needs elevated permissions to work, that's setting yourself up for problems imo.  Since it's only interested in "your files", I would expect it to try (and succeed) running at any permission level and taking everything it can get.

13 minutes ago, M.Yurizaki said:

To summarize:

  • Normal user account I use everyday:
    • Has read/write privileges to the local drives and the USB external drive
    • Has read only privileges to the NAS
  • Data backup account
    • Has read-only privileges to the local drives and USB external drive
    • Has read/write privileges to the NAS

That should be totally safe then, assuming you pay attention.  The most important thing (and I didn't go over this in the guide since imo it's another topic but) having a tiered strategy.

 

If:

  • you have multiple separate backups,
  • you never plug all of them in at the same time, and
  • you check what you are backing up before overwriting your backup

It should be impossible to lose your data.  Worst case scenario, ransomware hits right as your'e backing up, so you lose your whole system and that backup.  Well no worries, just format the system and restore from a different backup.

Solve your own audio issues  |  First Steps with RPi 3  |  Humidity & Condensation  |  Sleep & Hibernation  |  Overclocking RAM  |  Making Backups  |  Displays  |  4K / 8K / 16K / etc.  |  Do I need 80+ Platinum?

If you can read this you're using the wrong theme.  You can change it at the bottom.

Link to comment
Share on other sites

Link to post
Share on other sites

1 minute ago, Ryan_Vickers said:

I wouldn't assume ransomware needs elevated permissions to work, that's setting yourself up for problems imo.  Since it's only interested in "your files", I would expect it to try (and succeed) running at any permission level and taking everything it can get.

I read that WannaCry (or maybe it was talking about ransomware in general) tries to get elevated privileges. It may not work, but hey, at least it tried. And then it runs its payload anyway, but if you blindly accept UAC prompts, well, you just gave it access to the whole thing.

Link to comment
Share on other sites

Link to post
Share on other sites

4 minutes ago, M.Yurizaki said:

I read that WannaCry (or maybe it was talking about ransomware in general) tries to get elevated privileges. It may not work, but hey, at least it tried. And then it runs its payload anyway, but if you blindly accept UAC prompts, well, you just gave it access to the whole thing.

And on that subject, I should actually elaborate on my assessment of this part: 

 

27 minutes ago, M.Yurizaki said:
  • Normal user account I use everyday:
    • Has read/write privileges to the local drives and the USB external drive
    • Has read only privileges to the NAS
  • Data backup account
    • Has read-only privileges to the local drives and USB external drive
    • Has read/write privileges to the NAS

 

If these are two different accounts on the same system/install, I take back what I said about this being sufficient protection.  As you said, there are many ways it could get elevated permissions, either through an exploit, you accepting them, you always running a high level account, etc.

 

In this situation, I would use one PC to copy from the PC to the USB drive, and a separate one, or at least a separate install (bootable live Linux USB stick without persistence so that it's a fresh copy every time for example) to then copy from the USB to the NAS.

Solve your own audio issues  |  First Steps with RPi 3  |  Humidity & Condensation  |  Sleep & Hibernation  |  Overclocking RAM  |  Making Backups  |  Displays  |  4K / 8K / 16K / etc.  |  Do I need 80+ Platinum?

If you can read this you're using the wrong theme.  You can change it at the bottom.

Link to comment
Share on other sites

Link to post
Share on other sites

1 minute ago, Ryan_Vickers said:

In this situation, I would use one PC to copy from the PC to the USB drive, and a separate one, or at least a separate install (bootable live Linus USB stick without persistence so that it's a fresh copy every time for example) to then copy from the USB to the NAS.

If you want maximum security, that'd be best.

 

But I'm willing to trade some of that for convenience. :B

Link to comment
Share on other sites

Link to post
Share on other sites

2 minutes ago, M.Yurizaki said:

If you want maximum security, that'd be best.

 

But I'm willing to trade some of that for convenience. :B

The alternative would be to use one system, one install, and one account, but separately backup to the USB, and then the NAS, but never have both plugged in at once, as opposed to backing up to the USB, and then from the USB to the NAS.

Solve your own audio issues  |  First Steps with RPi 3  |  Humidity & Condensation  |  Sleep & Hibernation  |  Overclocking RAM  |  Making Backups  |  Displays  |  4K / 8K / 16K / etc.  |  Do I need 80+ Platinum?

If you can read this you're using the wrong theme.  You can change it at the bottom.

Link to comment
Share on other sites

Link to post
Share on other sites

Or how about this strategy:

  • Have the USB drive hooked up to another computer. In my case I have an Intel NUC sitting around. It has a Linux install on it.
  • Have the NUC share the USB drive over the network
  • Perform one backup over that.
  • Switch over to the NUC or remote into it
  • Have the NUC push the USB drive data onto the NAS/cloud
Link to comment
Share on other sites

Link to post
Share on other sites

1 minute ago, M.Yurizaki said:

Or how about this strategy:

  • Have the USB drive hooked up to another computer. In my case I have an Intel NUC sitting around. It has a Linux install on it.
  • Have the NUC share the USB drive over the network
  • Perform one backup over that.
  • Switch over to the NUC or remote into it
  • remove the connection that allows the PC to write to the USB drive
  • Have the NUC push the USB drive data onto the NAS/cloud

^ I added a step above that I think should make that just fine :) 

 

Also, as said previously, all these plans assume you're checking your data before writing it to the next device to make sure you're not backing up files that are already encrypted

Solve your own audio issues  |  First Steps with RPi 3  |  Humidity & Condensation  |  Sleep & Hibernation  |  Overclocking RAM  |  Making Backups  |  Displays  |  4K / 8K / 16K / etc.  |  Do I need 80+ Platinum?

If you can read this you're using the wrong theme.  You can change it at the bottom.

Link to comment
Share on other sites

Link to post
Share on other sites

  • 2 months later...
On 2017-07-21 at 5:16 AM, Ryan_Vickers said:

Occasional Cloud

It suffers from the same problems as the external HDD - don't run it enough and it won't do you any good.

Is a WD MyCloud considered an occasional cloud?

There is more that meets the eye
I see the soul that is inside

 

 

Link to comment
Share on other sites

Link to post
Share on other sites

16 minutes ago, hey_yo_ said:

Is a WD MyCloud considered an occasional cloud?

If it's stored offsite, then yes

Quote

This can be an entirely different service that simply does not offer live syncing, or it could be an always-on service like OneDrive that you just don't open very often.  It could even be an External HDD that you manually store off-site, with a friend, etc.

 

I realized after writing this how I could have generalized even better, but I feel the examples I gave are applicable to most people so I didn't bother changing it.  That said, really, there's 4 kinds of backups, in 2 axis: On-site vs off-site, and always on vs occasionally run.

  • The External HDD in my guide is modeled after an occasionally run, on-site backup.  A NAS that you back up to now and then would be another example of this, assuming you only connect to it when doing a backup.  If it's always plugged in but not always syncing, you get the disadvantages of an always on system with none of the advantages (ie, ransomware could take it from you but you're not backing up things as often)
  • The Always on cloud and occasional cloud correspond, obviously, to always on and occasional off-site backups, respectively.
  • The only one I didn't address is the possibility of an always on, on-site backup.  This would be something like an external HDD that you never unplug and have syncing constantly.  I didn't mention this because I don't think it's a common thing to do, and it's not that different than RAID really.  That said, it would differ in the following ways:
    • Accidental deletion, and Drive Corruption would both be upgraded to a "~" depending on your software, but then, you can protect against these with file history on the same drive and error checking filesystems so ¯\_(ツ)_/¯
Edited by Ryan_Vickers

Solve your own audio issues  |  First Steps with RPi 3  |  Humidity & Condensation  |  Sleep & Hibernation  |  Overclocking RAM  |  Making Backups  |  Displays  |  4K / 8K / 16K / etc.  |  Do I need 80+ Platinum?

If you can read this you're using the wrong theme.  You can change it at the bottom.

Link to comment
Share on other sites

Link to post
Share on other sites

  • 1 month later...

For ransomware, if I just read my email and USB drives on a virtual machine, should I be safe? I assume the ransomware would only get my virtual disk, not the host disk.

Link to comment
Share on other sites

Link to post
Share on other sites

7 hours ago, ATTWIFI said:

For ransomware, if I just read my email and USB drives on a virtual machine, should I be safe? I assume the ransomware would only get my virtual disk, not the host disk.

It would get anything "you" can access, you in that case being your user in the VM (if I understand correctly and the VM is what you are concerned about having infected).  So, if you have shared folders (files on the host that you make available to the VM through a "network" share), etc., it could potentially get those, but unless it incorporates one of those viruses that lets it escape the VM there shouldn't be a way for it to attack other parts of the host disk.

 

That said, what do you mean by "read USB drives"?  I'm not an expert in how that works but if you're passing them through to work on the VM, I would be concerned that they might still be able to affect the host in some way.

Solve your own audio issues  |  First Steps with RPi 3  |  Humidity & Condensation  |  Sleep & Hibernation  |  Overclocking RAM  |  Making Backups  |  Displays  |  4K / 8K / 16K / etc.  |  Do I need 80+ Platinum?

If you can read this you're using the wrong theme.  You can change it at the bottom.

Link to comment
Share on other sites

Link to post
Share on other sites

  • 4 months later...

I have found that robocopy, a rsync like program built into Windows, is a simple way to automate backups for critical files. Using a USB stick allows one to make multiple cheap backups and as the USB sticks are physically more robust than HDDs one can carry a backup around, fulfilling the off-site requirement.

 

Setup:

  1. Compile a list of folders you want to back up.
  2. Obtain a USB stick and give it a unique drive letter i.e. "m" so that the drive will always be attached under this drive letter.
  3. Create a batch script on the computer which should be backed up.
  4. Optionally download an install 7zip or use the portable version.
    1. 7zip can be used to compress and encrypt the files being backed up so that in the event of theft of the USB drive your documents will unreadable to the thief.
    2. Put 7zip portable on the USB stick for use later on a computer without 7zip if needed.
    3. Add a line to the batch script to compress the desired files and encrypt them. Note: The password to decrypt the files will be stored in the batch script - give it to no one.
  5. Use robocopy commands in the batch file to copy the files to the external drive.
  6. Optionally add a scheduled task using Task Scheduler to run the batch script every 10 minutes. Alternatively add an event to run the script when the drive is connected.
    1. If using 7zip to compress the files add a test if the drive is connected i.e. IF EXIST "M:\test.txt" (*rest of program*) to prevent needless compression if the drive is not connected.

Use:

  1. Plug in drive.
  2. Wait a number of minutes - if the command prompt is shown then wait for the window to disappear.
  3. Disconnect drive.
  4. Profit.

 

 

Example robocopy script:

robocopy "C:\Users\username\My Documents\stuff" P:\stuffbackup /dcopy:T /zb /copy:DAT /e  /fp /eta  /tee

 

Link to comment
Share on other sites

Link to post
Share on other sites

  • 2 months later...
On 7/21/2017 at 5:16 AM, Ryan_Vickers said:

Cloud services are the only way to protect yourself from physical threats, short of manual off-site backups but that's just not a viable option for many.  They vary in price but Microsoft offers 1 TB for $70/year or 5 TB for $90/year, split over 5 accounts if you get the family plan.  Both of these also include the always up-to-date Office 365, and more.  Personally, for the peace of mind this offers, the price is reasonable.

Good thing we picked Office 365 Business Essentials for my friend's small business that I've invested. It's kinda like Google Docs but uses Office Online and for the most part it serves our needs especially Excel online. It may not have the more complex features of the fully pledged desktop Office apps but the web versions gets the job done. As long as we have an internet connection, it will back up to OneDrive. It's cheap too at just $2.50 per person.

 

Now all I need to do is figure out Group Policy.

There is more that meets the eye
I see the soul that is inside

 

 

Link to comment
Share on other sites

Link to post
Share on other sites

  • 1 year later...

Hmm, the thing with external HDs as backup is that in the event of a successful ransomware infection, it can get encrypted unintentionally as long as it is plugged in. Since most always on cloud services have redundant servers, one can actually restore files even if it got encrypted by ransomware. I think OneDrive does this as long as you pay for Office 365. 

There is more that meets the eye
I see the soul that is inside

 

 

Link to comment
Share on other sites

Link to post
Share on other sites

10 hours ago, captain_to_fire said:

Hmm, the thing with external HDs as backup is that in the event of a successful ransomware infection, it can get encrypted unintentionally as long as it is plugged in. Since most always on cloud services have redundant servers, one can actually restore files even if it got encrypted by ransomware. I think OneDrive does this as long as you pay for Office 365. 

Yes I think OneDrive has since added versioning in the time between when I wrote this and now, but I've yet to test it for myself so I can't recommend relying on it until I've done so successfully myself.  Regardless the guide and ratings for it stand since it was written as a "maybe", depending on if your service offers this or not.

 

As for the external drive, certainly if you plug it into an infected system there's a good chance you could lose it too, but I wrote this under the assumption that people have common sense and would purge the internal drives and reinstall before attempting to recover.  This is mentioned in the first bullet point of the external HDD section.

Solve your own audio issues  |  First Steps with RPi 3  |  Humidity & Condensation  |  Sleep & Hibernation  |  Overclocking RAM  |  Making Backups  |  Displays  |  4K / 8K / 16K / etc.  |  Do I need 80+ Platinum?

If you can read this you're using the wrong theme.  You can change it at the bottom.

Link to comment
Share on other sites

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×