Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

Does leaving my external hard drive connected put its contents at risk from malware?

Question:

I have an external drive that I use to backup my data, and it is permanently
connected to a USB port. Is there a significant risk that a virus could enter
my system destroying all my data including the data on the
external drive? (I use Norton protection package that comes with Comcast).

I won’t call it significant, but yes, there is a risk.

And what you describe isn’t even the biggest risk.

That being said, I’ll put it this way: when coupled with good behaviour and
good tools, I leave my external hard drives plugged in all the time as
well.

I’ll tell you why.

]]>

First, yes, it’s quite possible that there are viruses out there that will simply seek out and destroy data on every device connected to your computer, including external hard drives and perhaps even remote network connections.

“So in my opinion you’re actually more at risk that your external hard drive becomes infected as a carrier than you are for any data loss.”

But those types of incredibly destructive viruses are pretty rare these days. I actually wouldn’t expect to come across one that simply destroys everything.

Viruses are more … purposeful … these days.

They typically want to do two things:

  • send spam, or steal data and information

  • copy themselves to more systems

Destroying everything doesn’t accomplish the first goal – in fact it’s somewhat counterproductive.

It’s the second goal we want to be wary of.

In recent years, several fairly major viral infections were the result of viruses that figured out how to copy themselves to USB thumbdrives. That way, when people inserted a thumbdrive into an infected system that drive became infected itself – a “carrier” of the infection. Then when placed into another uninfected machine the virus copied itself from the thumbdrive to the formerly clean system, infecting it.

Now, while I said “USB Thumbdrive”, in fact many of the viruses would copy themselves to any removable media on your system.

Including – you guessed it – your external USB hard drive.

It is, after all, removable media.

So in my opinion you’re actually more at risk that your external hard drive becomes infected as a carrier than you are for any data loss. If that drives become infected, and you then take it to another machine, you run the risk of carrying the infection with you.

For what it’s worth, I also don’t think leaving it plugged in all the time really has much of an impact one way or another. The act of plugging it in – perhaps to perform your backups – is enough for a virus to spread to the drive if your machine is infected.

I’m not meaning to be trite here, but the real solution is not to get infected in the first place.

Do all the things you already know how to do to keep your system clean. The net result is that as part of your system your external hard drive would be protected as well.

And I’m quite OK leaving it plugged in all the time. If nothing else it means that your backups are more likely to happen – be they manual or automatic. As you also know, backups are pretty darned important. Balanced against the practical risks we’ve just been discussing I’d much rather leave it plugged in all the time so that those backups actually happen.

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

6 comments on “Does leaving my external hard drive connected put its contents at risk from malware?”

  1. I disagree here Leo. Assuming that this is the writer’s only backup it should be disconnected when it is not in use. If something fries the computer’s harddrive it will be likely to take out the USB drive too. Backups should be kept physically away from what they are backing up.

    And I disagree. Smile

    If this really is his only backup, clearly he’s not taking all the steps he should I agree, but I want him to remain as likely as possible to continue backing up. That means removing all the barriers possible, which means leaving it plugged in so that backups happen.

    In addition to this backup he should be doing the offsite/firesafe/whatever thing, but in practice I believe he’s more likely to a) not do backups regularly if it’s not plugged in, and b) encounter a problem where a daily backup would be the solution. The firesafe/offsite solution, while important is less likely to be needed.

    Leo
    22-Apr-2010

    Reply
  2. Leo, I question the wisdom of leaving external devices with the unit one is backing up. If there is a fire or theft, I’d say you’re pretty much screwed. My removables used for backups are put in a firesafe and/or moved off site. It can be a hassle to always do manual backups, but I rest easier knowing I’ve increased the odds I won’t lose all my data.
    Thanks for all your advice and tips!!

    Reply
  3. Disconnecting the external drive makes automatic backups impossible. Also, 99% of the people who do simple backups won’t go through the trouble of putting them in a firesafe or moving them offsite. Yes, it does give you an extra level of protection, but so does locking yourself in the house during flu season to keep from getting sick. It’s just not practical.
    I’m with Leo here.

    Reply
  4. Very good analysis of todays modern Virus. While in the old days virus’s would just destroy everything in their path, today they are more oriented towards identity theft and financial theft. Keystroke logging is also a big thing too.

    Most people would probably never know they had one.

    There is a new wave of Virus that poses itself as an *anti* Virus, which request that the user install the thing onto their system. which most folks do (from my experience at least).

    Thanks for keeping us Edumucated!

    Reply
  5. I don’t like the idea of leaving them connected either… I think it’s safer disconnected. But to each his own here – as long as the “user” has thought it through…

    Also, wouldn’t the drive last longer if it’s not “used” except for writing to it for backup? If the rest of the time it’s put away.

    Reply
  6. While the ultimate security is overkill for the average user [ Stored backups off site ] for us paranoid joe paypackets like me – I have a complete copy of everything on large USB drives so I can mirror in real time without spending additional time each week doing it. One thing I do, do is have the power packs all plugged into one distributor so that when I log off or shut down the PC, the power pack array switches off a few seconds later; so while they are still physically connected to the PC [ all 6 of them ]they appear to not exist as they have no power. When I log on or restart the PC, the power packs start also. Being on a home network, I can additionally mirror critical data to another USB drive attached to another machine essentially ‘off site’ as it’s in the business office up the back yard. I recon I just about covered worst case scenario.

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.