I do harp on backing up a lot, I know. But it’s on purpose.
As I’ve said elsewhere, nothing protects you and your data like a complete, recent backup.
Why? Because so much can go wrong. And sadly, some of the folks trying to protect themselves from Spectre and Meltdown are probably wishing they’d backed up before doing so.
The backup I’m talking about
I want to be clear that the kind of backup I advocate is a complete system image backup. That’s a backup of your entire hard disk, including your operating system and all your installed programs, as well as your data.
Other types of backups are certainly better than nothing, and it’s incredibly important to back up at least your data, but for the kinds of issues we’re about to consider, it’s a system image backup that’ll save your bacon.
Vulnerabilities make you vulnerable
The single biggest reason I immediately go to backing up as a mitigation step when vulnerabilities are discovered is that your system is now vulnerable to malware. If malware gets on your machine, it now has a known way to exploit that vulnerability and wreak havoc.
Depending on the specifics, you may or may not be able to remove the malware through traditional means — for example, by using an anti-malware tool. Even then, once your security software says that the malicious software has been removed, there’s still no way to know with 100% accuracy that it’s correct. Malware’s #1 job is to hide, and there’s really no way to know that your security software saw through all possible deceptions.
Short of reinstalling your system from scratch, restoring from an image backup taken prior to malware’s arrival is the only way to know for sure the malware has been removed.
So whenever I hear the phrase “new vulnerability discovered”, I immediately think “back up”, and use that as an opportunity to remind everyone of what I’ve just described.
Read-only vulnerabilities are gateways to more
One of the objections I heard to my concerns about Spectre and Meltdown was that since they’re read-only vulnerabilities (in that they only enable reading of protected memory areas), they can’t actually damage anything, and you won’t lose any data.
Consider the following scenario:
- Malware makes it on to your machine.
- That malware uses the Spectre and/or Meltdown vulnerabilities to read otherwise protected operating system internal memory.
- What that malware finds is information that somehow allows it to request and be granted administrative privileges on your computer.1
- With administrative privileges, the malware can read, write, encrypt, delete, or destroy whatever it has a mind to.
The vulnerabilities don’t directly harm you, they just enable the malware’s ability to harm you.
Again, a backup would protect you from the majority of that harm.
Updates (sigh) can cause problems
What’s frustrating to everyone involved is that Microsoft’s track record on providing stable updates is questionable. Some users are finding themselves in this unenviable scenario:
- It’s important you take all updates to protect yourself from malware that might exploit the vulnerabilities.
- Oh, and that update might “brick” your machine.
Point #2 should never happen, but as I said, reports are that some folks are experiencing it.
A complete system image backup taken prior to the update will protect you from the update if the update goes bad. If you find your machine unresponsive after the update, you can restore the backup image and wait for the update to be … updated … before repeating the process.
Yes, absolutely, it’s extremely frustrating. But it’s also important not to let the fear of updates prevent you from updating. A complete system image backup is your fear-reducing safety net.
It can’t get any worse than this
An image backup represents a snapshot of your entire computer at a point in time — a snapshot you can revert to should anything untoward happen.
By knowing you can always revert to that snapshot of your machine, you know that no matter what happens from that point forward, it can’t get any worse. If it does, you revert.
That’s why any time I’m faced with risk, I back up. Be it installing major updates, performing clean-up and/or repair operations, replacing or upgrading hardware, or just making changes to the work you keep on your machine, a backup is your safety net.
In case I wasn’t clear
Back up first. Back up often.
Sooner or later, you’ll be very, very glad you did.
And it’ll always be part of my response. 🙂