Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

If an automated backup might automatically backup malware, shouldn’t I backup manually when I know things are clean?

Question:

In reference to Matt Honan’s problems, I wholeheartedly agree that one should do frequent backups. However, turning my backups over to an automated program seems to be a very easy way to back up a virus or a trojan or any other problem on your system. I would much rather set up a reminder to a do a backup regularly. At least when I do a backup, I have some sense that my system is behaving normally at that time.

In this excerpt from Answercast #49, I look at the idea that backing up manually will prevent malware from being backed up. It’s just not so.

Become a Patron of Ask Leo! and go ad-free!

Scheduling backups

I disagree with you actually, and I disagree fairly strongly.

  • It’s much too easy to skip doing backups when you have yourself in the loop.
  • In other words, when the backups rely on you remembering or reacting to a reminder or anything like that.

Backing up viruses

Now, the problem that you are mentioning about backing up Trojans and
viruses and so forth. Yes, it absolutely happens.

  • If you get a virus on Tuesday;
  • Then the backup you take Tuesday night will, in fact, include the virus in the backup.

But a proper backup system will let you do something very important and that is:

  • They will let you restore your machine to the state it was on Monday;
  • Or some time before the infection occurred;
  • Which means that everything that happened on Tuesday is lost.

Yes, if you were doing work on Tuesday, you might lose that. There are still ways to potentially recover specific pieces of work, but if you recover your entire system to the state it was on before the virus actually appeared, then you’ve recovered:

  • You’ve got your machine back without the virus;
  • And all that is quite possible just using an automated backup system that does backups every night;
  • Without your needing to think about it.

Automated is better

So, like I said:

  • I strongly disagree with making yourself a critical part of the backup process.
  • Backups are simply too important;

And the reason you are insisting in being part of the process, I think, is not an appropriate one. There are ways to recover to positions prior to the viruses and malware appearing on your system.

You might not notice malware

Again, don’t take this the wrong way, but:

  • Just because you believe a machine is acting appropriately;
  • Doesn’t mean that you aren’t backing up something on your machine that you didn’t want;
  • Like malware, or a virus, or a bot, or something else;

And you may not discover it for several days later. So you may, in fact, yourself have manually backed up your virus.

Again, the only way to recover from that kind of thing with a proper backup system is to restore to a backup that was taken prior to the malware appearing. An automated backup system makes that easy.

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

1 thought on “If an automated backup might automatically backup malware, shouldn’t I backup manually when I know things are clean?”

  1. OK, suppose I inadvertently back up with malware on my computer, then a month later after the malware has been removed, incrementally backup my computer. If I restore the entire computer from the latest incremental backup, will the malware still be gone?

    As always it depends on the backup software you’re using, but a backup image is supposed to represent a snapshot in time. So if on Monday you remove a virus and on Tuesday you backup then the snapshot as of Tuesday would not have the virus. It gets complicated only because with incremental backups you might still be able to restore to the snapshot as of Monday when the virus was present, but as long as you only restore to Tuesday you should restore to a virus-free state. (Or, rather, whatever state your machine was on on Tuesday.)

    Leo
    05-Sep-2012
    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.