Like many questions that I deal with, this is one of those scenarios where the answer is rarely a clear yes or no. I have a preference, but ultimately, the answer is… it depends.
Let’s look at the issue.
Become a Patron of Ask Leo! and go ad-free!
Malware and your external drive
One of the things that many people worry about in this scenario is malware. Keeping your external drive connected 24 hours a day to a running machine causes it to be vulnerable to malware.
Let’s say your machine contracts a virus. Most malware focuses on infecting the system – Windows, the registry, your C: drive, or whatever. Some malware may even infect every drive on your machine. If you keep your external backup drive connected, there’s a good chance that malware could also infect it.
What I do
In my case, I leave the external drive connected all the time for two reasons:
- I really, really, really want to emphasize the importance of avoiding malware in the first place. Malware is out there, but your focus should be on avoiding it and then lessening its impact once it arrives.
- I don’t like “the inconvenience” of having that external drive disconnected. It may sound silly, but there’s a real issue here. If you’re backing up and you disconnect the drive, you have to remember to plug it in again. Personally, I’ll forget to do that, which means I’m not backing up my computer. To me, backing up is much too important to rely on my falible memory.
My preference is that if you’re backing up to an external drive, leave it plugged in always. Make sure that everything is configured to happen automatically so that backups happen whether you remember them or not.
And then take all of the appropriate steps to protect your machine from malware. Because when you’re protecting your machine, you’re also protecting your external drive.
I’ve noticed a problem with leaving the backup drive connected all of the time. Windows thinks it’s additional storage space and begins to fill it up with file history and who knows what else. My backup drive has only 35 GB left on it out of 500 GB and the backup program (Acronis) shows the drive in red. I don’t really know what that means, but I’am assuming there’s not enough space for the next backup. This has happened over a year’s time roughly. I’ve told the backup program to limit itself to two complete backups but I haven’t found how to tell Windows 8 to leave the drive alone. The other day I plugged in two thumb drives to move some files and in that short time Windows began using one of them. Weird
What about “ransomware?” It seems to me that even a backup image may be vulnerable to some ransomware encryption. Of course, that is just one of many factors to be considered, as Leo said.
My main worry about leaving the external drive on all the time is that in my experience a major cause of damage to hard drives is a power cut or surge; if both internal and external drives are switched on, both might be destroyed.
@Duane: I’ve never heard of Windows just unilaterally choosing to use an external drive for its purposes. Is Acronis configured to keep incremental backups as well as full? Also, depending on the size of the partition you are backing up, two full backups could easily occupy most of a 500GB HDD. Try installing the WinDirStat utility (http://windirstat.info/) and let it scan your external drive. An excellent, free and safe utility that allows you to visually see what’s occupying your partitions.
It depends what type of device you’re using. I have a laptop and obviously don’t keep the external drive dangling from it as I move it from home to work and back home.
Hasn’t there been advice that the backup should be kept separate from the computer? If the External drive stays plugged in and the building was burnt, you lose both the computer and the backed up info. In case of theft, the criminal might consider the hard drive as a bonus when he’s taking the computer.
I too have had Windows add the external hard drive as just another drive on the computer and to start using it for temp files and other things. This happened after rebooting with the external hard drive connected and turned on.
After unplugging the drive, Windows would not use Auto Run when the drive was connected. Resetting Auto Run didn’t work neither did using a registry restore point. Even other external hard drives are not recognized by Auto Run.
Other types of external storage are recognized properly.
Reid’s recommendation on WinDirStat utility
After about 4 hours of searching for 24GB that I couldn’t account for, I gave up in hopes for the patience to try it again, again, and again. That week on Leo’s site I saw this utility, and put to work. Bingo! I immediately discovered the 24GB in only about 5 minutes.
[ a small purple chunk of flv files where no others flv files were. ]
I heard just the other day (3/June/14) of a women who had all her files encrypted by malware, including the backup, because the backup disk was left connected to her computer. I am not leaving mine connected.
I can confirm by personal experience (July 2016) that Cryptolocker ransomware does indeed encrypt backup drive files. The hidden factory recovery partition files were also encrypted :(
How did this happen?
The Laptop owner clicked a link in what appeared to be a postal email advising of a parcel delivery.
The ransomware link had been renamed and disguised as a pdf file.
One setting which can help in avoiding something like that in the future is to have Windows show extensions on all files so the you can see if the file is executable.
https://askleo.com/one_change_you_should_make_to_windows_explorer_right_now_to_stay_safer/
I ended up here, linking from a post regarding Cryptolocker/Cryptowall. I personally recommend that people always disconnect their backup external USB/SATA/whatever drive when not in use. The reason: a backup that is a month old is much more valuable than a backup that is 1 hour old, but encrypted with ransomware. This approach, while reducing the malware threat to the backup media, does require the user exchange the convenience of 100% automatic backup. I recommend people think about making backups when they do other recurring tasks — (e.g. when I charge my phone, do a backup. Less frequent: when I pay the cell bill, backup… etc.)
Good luck
With external hard drives so cheap, it is practicable to have one always connected and another one disconnected and physically separated, to have both a maximally current backup and a maximally safe one. Now and then one can interchange them, after checking integrity, and repeat the last backup. I keep one in a rented box in the vault of my neighborhood bank; I don’t know of a safer place. The bank’s staff is used to me doing a quick exchange in the vault about weekly. At every moment, at least one instance of my data is in the vault and another is on my C: drive. At no time do my data go over the Internet.
One of our computer club members got caught by CryptoWall v2. Yes, it also encrypted his flash drives’ and yes, will encrypt all files of given extensions where-ever they are found. But … most backup software doesn’t do a direct copy of user files, they compress and compact backup files into something like a archive. At least so far, CryptoWall doesn’t encrypt backup sets.
Bleeping Computer has a complete list of the file extensions CryptoWall attacks.
-bb
In the old days, before Windows, real Operating Systems could “mount” and “dismount” disks, i.e. make them either visible or invisible. Nowadays, USB can “eject” a drive, which I suppose makes it invisible, but to get the drive back, you have to unplug it physically and plug it in again, with the attendant risk of damaging the fragile USB connector. Does the USB protocol preclude hunting through the computer’s USB connectors to find ejected devices that are plugged in but not known to the OS? Does the protocol preclude telling the OS to “mount” an ejected device plugged in to a particular connector?
Would leaving external backup drive on forever overheat the external drive? External drive usually do not have fans and I am wondering if lets say I on my PC for 24 hours a day and the external drive is on for 24 hours a day, would the external drive overheat or shorten its lifespan? Thanks.
There shouldn’t be a problem. The drive goes into a low power state when it is not being accessed.
Nope. I’ve had many connected and powered on for years.
I suppose you are using 2.5 external hard disk without the need of external power supply? (gets power from USB cable)
Are you using 2.5 or 3.5 external hard disk?
Is a 2.5 or 3.5 external hard disk better?
What brand/model is good?
Thanks
What is the difference of 3.5 external hard disk (e.g. WD My Book) vs a 3.5 internal hard disk (e.g. WD Green) fixed into an enclosure to work like an external hard disk?
Are both good to be use as an external drive to store backup?
Is a 2.5 or 3.5 external hard disk better to be used as an external backup drive?
Thanks
The internal one would be faster because it’s connected directly to the motherboard. The disks themselves are often identical. 2.5/3.5 makes little difference in general, though 3.5’s tend to be a tad faster depending on the specific drive.
I actually mean what are the differences of 2 different types of external hard disks connecting via USB3.0 cable to PC.
External Disk 1: 3.5 external hard disk (e.g. WD My Book). A real external disk that is sold in stores.
External Disk 2: Made up by a 3.5 internal hard disk (e.g. WD Green) that I manually fix inside a 3.5 hard disk enclosure. 3.5 internal hard disk and 3.5 hard disk enclosure are bought separately.
3.5 external hard disk would require external power. Although the 3.5 external hard disk is unlikely to be damaged if the PC internal/PSU have power problems, but since 3.5 external hard disk is connected to power socket, if there is surge or power problems at the socket would there be a risk that the 3.5 external disk would be damaged? Or unlikely to happen?
Would a 2.5 external disk be better since it does not need external power?
Is it ok to use a 3.5 hard disk enclosure that does not have a fan?
Thanks Leo! I have a USB hard drive that is solely for making daily image backups (whole and incremental). I leave it plugged in all the time for exactly the reason that I don’t want to forget. I decided the backup was more important than a slight risk of infection, but was not sure I was making the right decision. I am glad to know that a virus will not corrupt an image that predates the virus.
David,
I hope this reply reaches you, as you are leaving yourself and your data very vulnerable. You are correct in that a virus will not typically infect the backup files themselves. However, a somewhat recent type of malware called ransomware can actually encrypt your entire drive, including the one that contains your backups, effectively making them useless to you. The file-napper leaves you with instructions on how to send him funds (in my case it was 1 BTC, or a few hundred dollars at the time), however you are at their mercy as to whether they actually give you what you need to get your files back. They could just take the money and run, demand more, or even give you back your files and then re-ransom you later (if you were ignorant enough not to nuke your entire system!).
In my case, I was lucky enough to have had a ‘hacker with a heart’, as he actually gave me the code I needed when I emailed him telling him that I was below poverty-level and the drives contained my daughter’s entire 5 years of life- irreplaceable memories, and I had no way to come up with that money. He told me he was poor too, and gave me the code. Like you, I thought that as long as I had good anti-virus and a good backup system in place, that I was golden. I couldn’t have been more wrong, and I don’t think I or anyone else would ever be that lucky again!
It’s only recently that we’ve heard of ransomware encrypting backup files on connected drives.
The hacker doesn’t have a heart. He just has good business sense. By sending you the decryption key, he’s assuring others that it’s worthwhile to pay the ransom.
Just to be clear, all ransomware does not encrypt backup drives. Some does. More and more perhaps, but not all.
–“Some does. More and more, perhaps…..”
That alone is reason enough to disconnect one’s external drive after doing a backup. As Mike said a couple years ago, “a backup that is a month old is much more valuable than a backup that is 1 hour old but encrypted with ransomware”.
With Windows it is simple to have a message appear on your screen as a reminder to do something like reconnect a b/u drive. Just open Task Scheduler and add a task whose action is “Display a Message”.
I use an always connected NAS for b/u which includes weekly incremental images. To protect against ransomware I bought a USB3 card ($40) and an external 1TB HDD ($75). This external drive is kept in a secure fire and water resistant location except when I run a batch file to RoboCopy the current NAS image files to it. The batch leaves a screen display of the directories of the NAS image folder and the HDD folder for comparison purposes as a visual check for copy errors.
A screen reminder is displayed daily to remind me to run the batch file.
The external drive is kept in a secure fire and water resistant place.
Having had no fewer than TWO internal hard drives blow up on me in more than 25 years, I can testify that it is a royal PITA when it happens. The first time I lost everything. Then I got an external hard drive and backed important data from my C: drive up to it. I left it running whenever the computer was turned on. When it happened again, it was painful but having my most important files (banking, photos, writings, etc) backed up to the EHD ) backed up spared the loss of them.
Then….even the EHD failed. So I went to the cloud (Microsoft One Drive) but my connection is slow and it was also bothering me that people like Microsoft had access to it (regardless of whether or not they ever looked at it.). So I bought another 3 Terrabyte EHD and I use it only when I need to back up certain files. When done, I unplug it. I figure fewer spins that drive makes, the longer it will last me.
There are just no guarantees than your files are eternally safe from loss or from prying eyes, regardless of the method of saving and backing up.
It’s about risk management. It’s one of the reasons multiple backups are useful, as is having those backups in different places (external hard disk AND cloud, for example).
Depending on how you count them, I have at least 8 Windows systems in use here.
These days I mostly rely on the “Windows 7” file backup running on my Windows 10 systems daily to an external USB connected drive. For me, “File History” is the wrong use model for backup.
I also always do at least one manual image backup.
For my most critical systems, I have a scheduled task that runs an image backup once a week (or whatever interval I want). It renames the previous backup first so I have two weeks of image backup.
However, before I set that up I had a system (my wife’s) whose HDD failed. Fortunately, the nightly file backup had run the previous evening. The newest image backup I could find was about 14 months old but it was good enough. I restored to a new disk and only had to reinstall one program that was put on within the last year. With the accumulated Windows updates and then the latest file backup restored she was up and running exactly were it was the day before.
This made a believer out of me!
I could easily add additional scheduled task backups and am considering an additional image backup to another system on my network. You can actually do this to a disk that is NOT mounted and shared normally.
I have also used scheduled XCOPY runs to copy changes in a folder tree to another system but it’s pretty stupid and doesn’t do the “right” thing with files that are deleted, moved, or renamed.
I should mention that for software development work, our “backup” is to commit and push to Github. One of my colleagues then has a scheduled crontab job that clones each repository every night into a rolling series of names – one for each day of the week.
Of course, my individual systems get their copies of the Git repositories backed up by my Windows backup scheme.
We are members of the “belt, suspenders, safety pin, staples, and clothespin” club when it comes to backup.
Knock on wood but in 37 years of PC use, we have only lost files once. Back in the MS-DOS days in the ’80s I foolishly relied on a tape backup system. Sure enough, when we lost files (timesheet data) due to a water leak right onto that computer (!), it turned out that the tape backup wasn’t usable. A week’s worth of timesheets had to be re-entered from the ultimate backup – printouts! Oddly enough, we had insurance (Inland Marine?) that paid for the work to reconstruct that data.