Backing Up Your Files

I read an article a few weeks ago about a class of malware called ransomware. The author’s mom had clicked on some sort of attachment which installed the malware on her computer which in turn locked all of her files and delivered a ransom note to her requiring $500 for the decryption keys. The ransom had to be paid in bitcoin, of course, and the price escalated the longer she waited to pay the ransom.

I immediately thought of my situation. I like to think I would not have clicked on the attachment. But even if I had, my files are backed up into the cloud. As long as my cloud backup service doesn’t back up the encrypted files and overwrite the earlier versions, I’ve got unlocked versions of everything. I think I am good. But I made a note to ask around about this.

I’ve been backing up my hard drive for as long as I can remember. There was a time when I backed up to local storage. But starting in the late 90s, I used a variety of online backup services, what we would now call “the cloud”, to backup my files.

My rationale for backing up my files was always fear of a hard disk crash. I’ve lost important files over the years and I’ve spent a small fortune to get them back, usually by hiring someone who knows how to work miracles on a corrupted hard drive. But I have not worried about this issue for at least a decade, maybe more.

But when I read the article about the woman whose files were being held hostage, I realized that many people still don’t backup their files every night. Just like many people don’t use strong passwords. Just like many people click on attachments they should not click on.

My number 10 prediction on the What’s Going To Happen post was:

10/ cybersecurity budgets will explode in 2015 as every company, institution, and government attempts to avoid being Sonyโ€™d. VCs will pour money into this sector in the same way they poured money into the rental economy. and, yet, the hacks will continue because on the open internet there is no such thing as an impenetrable system.

It is not just big companies and institutions and governments that need to be diligent about information security. It is all of us. The consumerization of technology works both ways. We are all targets and we all need to protect ourselves. Backing up your files is one of those things we should all do. Another thing to add to the new year’s resolution list.

#Web/Tech

Comments (Archived):

  1. LIAD

    was very impressed with the ingenuity of ransomware when first heard about it.why go to the effort of installing malware on peoples computers just to display ads, sell them anti-malware software, or leverage their CPU for a botnet, much more valuable to simply encrypt their hard drive, effectively bricking all their filesThe victim has nowhere else to turn other than the hacker for the decryption key, plus hard drives clearly contain a lot of financially/sentimentally valuable stuff.Charging an ever increasing decryption fee and taking payment by an anonymous, untraceable, irrefundable payment mechanism makes it the perfect (albeit repulsive) crime.

    1. fredwilson

      yeah, i had a similar reaction after i decided i was reasonably protected

    2. Rick

      Yep. You just can’t get people to stop walking down dark alleys!

  2. obarthelemy

    A backup is1- offline. If you can access your files, a virus, disgruntled ex, or clueless toddler can too. A backup is not a backup until it is unplugged and out of arm’s way.2- offsite. That’s for physical issues (fire, water, burglary…). The really important stuff (irreplaceable photos, archives…) should be on a hard disk at your parents’ or kids’. Rotate 2.3- multiple.Because Murphy’s law. And you might take some time to realize Junior erased stuff while looking for his cartoons (or hackers got into your files), multiple backups are cheap journaling. You actually want a slow-ish rotation: better lose 1 week of work, than a lifetime of pics or a year of financials.4- tested. I’ve actually had several clients who were doing backups. Except they weren’t: misread the backup failure reports, added new directories w/o updating backup lists, had the data but not the config, apps and/or OS image…It’s not only about hackers, it’s about hardware, software, and human failure. Everyone *will* lose all their data, the question is when, not if.

    1. fredwilson

      that’s a more rigorous approach than i takei agree about multiple backups with different servicesi’m not sure everyone needs cold storage of their filesmaybe the really important ones

      1. obarthelemy

        Well, that used to be part of my job ^^ The worst is people and even corps who think RAID = backup.

        1. Dale Allyn

          Of course some RAID configurations can provide a level of backup (as you know if you work in the space), but RAID 0 (and 2, 3, 4, 5, 6) as often used for performance offers no protection. In fact, due to hardware failure, it actually increases exposure (some configs more tolerant than others). RAID 1 and 1+0 can provide some protection via mirroring, but you’re absolutely right that too often people feel they have protection with a performance RAID config.A comprehensive backup strategy is often neglected until a hard-learned lesson befalls the user/owner/management.

          1. obarthelemy

            I’d say RAID provides no backup at all. RAID can provide high availability in its redundant variants (you can keep going even with 1 or 2 dead disks, depending), but it does not protect vs viruses, catastrophic loss of the whole room or box, bugs, data corruption, user error… which in the end are a lot more frequent than simple single-disk failure.high availability != backups.

          2. Dale Allyn

            We agree. Even a mirror is not a backup, but it’s better than if one has no mirror and a drive fails on the primary volume(s). Hence my remark of “a level of”. I should have simply clarified the point of possible protection against hardware failure, i.e. availability as you say. And of course, mirrors copy over bugs, viruses, catastrophes so can be very problematic as well, as you clearly state.So no argument from me, as one who favors a “belt and suspenders” approach to one’s backup strategy. I’m a fan of onsite and offsite redundancy, including versioning โ€“ even for personal and small office stuff.Cheers.

      2. LE

        i’m not sure everyone needs cold storage of their filesI actually agree with that and was going to make a comment that evaluation of what you need to do starts with an assessment of what would happen if you lose something.

      3. SubstrateUndertow

        A “Super Duper” on-site cool-storage-clone guarantees you can get back up immediately even after a system disk crash.

  3. William Mougayar

    Hmm. That’s a scary story. There should be better malware protection software built-in the operating systems. Imagine buying a home where the doors never lock permanently. It’s unacceptable that Windows & Android devices carry that risk, whereas Macs are less vulnerable.

    1. awaldstein

      The operating systems will not I bet be the providers any more than real estate companies will provide the locks.I belief in niche expertise and special teams for the most cherished and important valuables.

      1. William Mougayar

        But why are macOS & iOS more secure than Android & Windows? I never understood the logic of that.

        1. awaldstein

          good question. i dunno.someone in the community i bet does and will i hope chime in.

          1. Rick

            It’s simple. People need to stop hoping for digital security and start using their brain.

        2. JimHirshfield

          Simple. There have traditionally been more Windows users to target than Mac users. Fish where the fish are.As to being more secure, I’m not sure Macs are. Just less targeted. But I think that’s changing.

          1. Rick

            That’s probably the biggest difference.

          2. LE

            They are more secure out of the box and in standard day to day use no question about that. It is definitely more than “just less targeted”.

          3. JimHirshfield

            OK, but a major factor was/is smaller target…you agree?

          4. LE

            Well originally that was probably somewhat the case. But OSX has been on the radar and “enough” widely used for some time now. The other factor could simply be the perceived difficulty of doing something on OSX vs. Windows that is how much effort that it takes to actually make something happen. Or the skills needed to do so. So people will tend to go after an easier target.I don’t have data to back this up this is just personal opinion. However if you google it this is what comes up first, an article from 2012:http://bits.blogs.nytimes.c

        3. falicon

          MacOS was traditionally more secure because it was a more locked down system…not just anyone could develop anything they wanted; more specifically there are/were parts of the OS that you couldn’t get at without special permission/knowledge that is controlled by Apple.Windows being open was part of the issue; The bigger issue is/was that windows allowed for any software to hook into systems files/resources (and share them)…so it was easy to corrupt a file that other software relied on.iOS is locked down in the sense that apple reviews all code before it’s allowed in…so getting a virus through that process is pretty difficult (unless you go through a jailbroke system; but that’s mostly not a US thing).Android is harder to get a virus through than Windows…but it’s easier than iOS because the code is ‘validated’ by software (not humans and not vigorously) and you also have the option of skipping the apps stores all together (and hence no validation)…and, like windows, you have a bit more freedom to access things/files/features directly within the OS…

          1. Kirsten Lambertsen

            I always had the same impression as Jim – this was really interesting to learn.

          2. William Mougayar

            Thanks Jim.

          3. scottythebody

            Both are pretty much right on. I don’t buy that Macs are inherently more securely designed, but the fact is that, for most users, who don’t install very many applications and use the Mac App Store, they are. The four most effective basic malware defenses that are most valuable are:1. White listing applications2. Limiting administrative privileges3. Patching applications4. Patching OSOut of the box OS X and iOS pretty much have this in place as long as you don’t tweak it too much. That, combined with the much smaller market share (and, therefore, target) goes a long way towards being “secure”.That being said, almost everybody installs and clicks on stuff they shouldn’t. In that case, it just doesn’t matter which OS you’re running – especially in the case of desktop/laptop OS-es.On mobile, aside from some hardened Android implementations, I think iOS is the most secure. This is, of course, debatable, but for most people with standard usage scenarios, running iOS is going to protect them more than anything else will.

          4. Elia Freedman

            With all due respect, you are completely wrong about OS X. It is not locked down at all, which is why many developers prefer to use it. In fact, since it is based off UNIX, it is well known how the guts of the system work and could easily be hacked.Most believe Jim’s answer is the reason why OS X has less viruses. I think you are absolutely right regarding iOS and Android, although a lot of the mobile “viruses” are more about data theft so far.

          5. falicon

            I was speaking of the traditional/historical MacOS (ie. back when it actually *was* Windows vs. Mac)…agree that OS X is more widely understood by the developer community.

          6. LE

            Separate issue another thing someone can do to make OSX more secure is to make sure that the login that they use has only standard privileges and not admin privileges. Requires approval therefor for certain things to happen and the ordinary unix security kicks in to protect (file permissions and what not). As anyone who has tried to get anything to work under Unix knows 1/2 of the battle is getting the file permissions straight. When someone doesn’t work often it’s chown or chmod.

          7. Vasudev Ram

            That’s right about permissions. And permissions apply not only to (regular) files, but also to other kinds of files, such as directories (what Windows calls folders), and other kinds, like device files (which are pseudo-files used to communicate with devices attached to the system). (In UNIX, (almost) everything is a file.) A thing that probably not many casual Unix (and hence Mac OS X) users may know, is the meaning of read and execute permissions on a directory.

          8. Rick

            “iOS is locked down in the sense that apple reviews all code before it’s allowed in…”.Yep! Outside the digital world.

        4. Rick

          Windows is technically inferior when it comes to security. But I don’t think mac and linux are more or less secure than the other from a technical standpoint. However convention does play a part.

        5. Vasudev Ram

          For Mac OS vs. Windows, one guess is: tech docs for Windows are probably quite more widely available on the Net than for Mac. I don’t mean just official ones by the vendors of those two OS’s, but third-party docs and guides as well.

        6. FAKE GRIMLOCK

          YOU CAN TINKER WITH SYSTEM?SO CAN EVERYONE ELSE.WANT EVERYONE ELSE TO NOT TINKER?HAVE TO GIVE UP OWN TINKERING FIRST.

      2. William Mougayar

        How about a car analogy?I bet a Tesla is probably the most secure car because of the amount of software needed to start it. A physical thief would probably have a really hard time hacking into it.A friend recently had his iPhone stolen in Las Vegas during CES, then it emailed him the home location of the thief an hour later.

        1. awaldstein

          interesting.dunno if the analogy helps us understand it as cars are completely locked down and closed systems. and I bet security comes from a bunch of ip that they bought somewhere else as the expertise is unique.often wrong lately it seems though.

          1. Rick

            “often wrong lately it seems though.”.Happens to everyone. I see more and more people losing their common sense. I’m no brainiac but people do appear to be getting dumber.

          2. Rick

            Exactly what I’m saying. People keep getting dumber.

        2. Rick

          “A physical thief would probably have a really hard time hacking into it.”.But a chop shop could easily load the car it onto a flat-bed truck and haul it away.

          1. Matt Zagaja

            Doubt that there is a large market for Tesla parts though. Most are warrantied or owned by people who will tend to service through the dealer.

          2. Rick

            I agree. The point is there’s no reason to THINK about software security when you can load the whole of something up and chop it into pieces for selling.

          3. MartinEdic

            Chop shops want Honda Accords, not obscure expensive cars. They go where the market is. An Accord chopped up is worth twice as much as an assembled new one (yes, some legit places buy new ones and parts them out).

        3. LE

          A physical thief would probably have a really hard time hacking into it.There are backdoors and have to be. Dealers have to be able to service these things and get by all security. What happens if someone loses their key and all of that? There are almost certainly reprogramming devices the only thing that can brick in that car (as I have read) is the battery over time.Now I don’t know exactly how the dealers secure their tools but if I had to guess I’d say there is a weakness in that system that could be exploited.

          1. William Mougayar

            Not sure…I don’t own a Tesla ๐Ÿ™‚

        4. Matt Zagaja

          The power of technology and immobilizers graphed:

      3. JamesHRH

        Apple is very assertive in some aspects of this – I am constantly asked to load passwords into the Keychain & to ‘autofill w this CC”.If they decide security is part of he ‘owning a computer’ UX, they may go for it.If I was Tim, I would just buy Dropbox & task Drew w this problem ( while asking him to fix all the other non-iTunes Apple Cloud headaches.

      4. Rick

        Yes. Keep things PHYSICALLY backed up on disk or flash memory locally.

    2. scottythebody

      Until the market demands secure systems we will not have secure systems. The model we have now will eventually collapse under the weight of a billion patches.

      1. Rick

        There is no such thing as “secure systems” in the digital world.

        1. scottythebody

          There aren’t any now. That’s for sure. But there is no reason things can’t be “secure by design”. Nobody funds this work, though. Companies will hire computer science/security grads, but they won’t fund graduate-level work in fundamental, science-based security.

          1. scottythebody

            Although every system will always have vulnerabilities ๐Ÿ˜‰

  4. Dale Patterson

    This post just reminded me I need to back up my files every night.

  5. B12N

    @fredwilson what service do you use to backup to the cloud? I’ve actually had ransomware hit two computers at work – and it is not fun…

    1. fredwilson

      Let’s see what everyone here at AVC uses

      1. B12N

        Agreed.

  6. Rohan

    I’ve been using Dropbox for all the basics (all files used for work and everyday use) and Crashplan for the basics + all else (photos, etc.).So, the basics get a double back up. Not sure if that would be enough to save them from something super sophisticated but, given versioning, it should work… or at least that’s the hope.

  7. Twain Twain

    Backing up also frees up disk-space and makes us more disciplined about our files.I back-up some to Dropbox, some to iCloud and some to Google Drive.

    1. Maciej Gaล‚kowski

      How does it free up disk space ? When I do backups I need more hard drives and free space, not more …

      1. Twain Twain

        Some of the files that are backed-up on the Cloud are then deleted from my hard disk.

        1. Maciej Gaล‚kowski

          That is not a backup ๐Ÿ™‚ Sorry for nit picking.

          1. Twain Twain

            It’s a form of backup, although archiving is probably more precise.Backup is simply that there’s a version of the file sitting somewhere else.

  8. JimHirshfield

    I love Time Machine because it’s automatic. I just don’t need to think about it. That, combined with cloud services (specific to back-up, like dropbox as well as gmail, gdrive, etc) has me pretty well covered. But there’s always a little paranoia, given that it’s all software on the net.

    1. LE

      I just don’t need to think about it.You do need to think about it though.Time machine can and does fuck up. Suggest that you either use two different drives or the same drive partitioned into two halfs. On one use time machine on the other use super duper to clone the disk. You can then test by booting up from the cloned disk.Given that you have an iosafe already and you aren’t going to use that for cloning it here is what you should do:Buy a cheap 1tb hard drive from amazon. Since this is redundant it can be just a regular cheap consumer grade drive. Then buy a hard drive dock. Then download super duper. Make a clone of the machine on the hard drive. Then put that either in a safe or ideally offsite somewhere. Maybe at your office if you can trust that it will be safe. Get two disks so you can rotate them. Then you should be 98% covered.http://www.shirt-pocket.com…Example only, not saying to buy this one I’ve got a bunch of others:http://www.amazon.com/Therm…Also good to have, clear carrying case for hard drives:http://www.amazon.com/eForC…1tb Hard drive (bare):http://www.amazon.com/WD-Bl

      1. JimHirshfield

        Thanks for the plan!

      2. Rick

        How about this: Stop relying on so much digital stuff. When you find you spend 10 hours a day playing with your devices instead of getting work done haven’t the devices become the thing that stands in your way?.I recently moved to objective based web usage that I’m also beginning to apply to other areas and it’s working great. First you define your objective. Then you use things that support reaching the objective. Things that get in the way are eliminated..Think of it like this. Many of the most successful people have stated that being successful is about eliminating all the unnecessary noise that gets in your way. People should spend some time thinking carefully about that.

        1. LE

          I don’t play I do things that make me money by doing what I describe. I’ve never played a single computer game iim. If I do “play” it’s to learn a skill that I need for some reason. For example in order to better understand a server that we have in co-location I bought one for the office and went through the process of installing software on it in order to solve a problem that we have. And in that process (which I am still doing) I am both having fun, learning and solving a potential (hopefully) problem. And it really is fun for me to do this. Like my office is literally one big man cave.That said it’s all fun to me.

          1. Rick

            What you’re describing is research. Keep in mind if your objective is entertainment then there is no reason to not play a computer game..What I’m saying is make sure your tools are increasing your ability to reach your objectives. Make sure you are not changing your objectives to fit the tools. Make sure that each tool you use is the best one for the task..For example you pull the usb cable. You could spend a week figuring out and setting up some complex security method that will not be much more than a fasade. Or you could pull the cable which will ensure the device cannot be accessed until the cable is plugged in again. You’ve chosen the right tool for the job. Very little time investment and actual working security.

    2. bsoist

      I love time machine too, but 1) it does not always work ( @domainregistry:disqus ) and 2) be sure to keep it separated from your computers and secure. We had two burglaries in April and one of the first things I did was look to see if the time capsule was gone. It was not taken, which was great news given that we did lose two laptops. Now we keep it in a different location – just in case.

      1. JimHirshfield

        Good thoughts. Thanks.

  9. JimHirshfield

    Related…I tweeted out this weekend that my son had lost all his tools and resources on Minecraft, and did anyone know how he could get them all back.Well, no one replied :-/ But I eventually realized I just needed to take his laptop back in time a few days via Time Machine. Et voila! Best Dad Award of the Year (granted, it’s only Jan 12th).

  10. William Mougayar

    This story made me want to re-assess my backup practices. Although I’ve totally switched to Google Docs and Sheets and have a lot in the cloud already, I do use Google Drive, MIUI Cloud and a separate drive for back-up, but I don’t do it as often as I should.

    1. Maciej Gaล‚kowski

      @wmoug:disqus : Once ArsTechnica featured a story about an journalist who lost few years of Gmail data because of some google servers failure. Normal users are not Google customers, so there was no customer service to turn to and ask for restore.Guy was hopeless, and I can imagine why. If I lost all of my emails on Gmail i would be in real trouble.The journalist was lucky enough to be friends with one of Google’s engineers. He had to use personal connections to restore his data ( sans maybe a month or two ) from tape backups.I personally love google Docs and other cloud apps, but this is not backup either.

  11. Andrew Kennedy

    AmenI am using Dropbox mostly. I could be doing a better job.

  12. William Mougayar

    I wished someone developed a counter ransomware software that automatically sends a message back to the originating scammers telling them to F#%*(!!! themselves and putting explosiveware and locationware on their computers which blows them up and reveals their location. C’mon I’m sure the NSA has already developed that kind of technology.

  13. William Mougayar

    Wait til your kids come to you with this….

  14. pointsnfigures

    back up to a stand alone hard drive. Have photos on there etc. Oh, and there is iCloud. But I don’t feel to secure with iCloud. Get a lot of phishing email around it. Have some stuff in Dropbox. Have some stuff in Basecamp.

  15. Tom Labus

    OneDrive. Works fine for me

  16. Maciej Gaล‚kowski

    I am using Crashplan for regular backup. Need to buy an external drive for additional weekly incremental backup. And switch my primary photo storage to SSD. Those unrecoverable read errors of HDDs brings me nightmares. If it happens while I do an initial crashplan backup, the photo is lost forever…

  17. JimHirshfield

    Yo, 1TB Fireproof & Waterproof External HDhttp://www.amazon.com/Firep…Put that in your bunker and smoke it!

    1. Matt Zagaja

      I met the CEO/founder of ioSafe last week. It’s a cool concept and the engineering seems top notch, but boy the price point is a bit high.

    2. LE

      I have a bunch of those iosafe’s.I go a step further and completely disconnect the iosafe from the computer (usb) when it’s not being used. However the drive always runs. Provides a bit more protection from hd failure if the drive is not spinning up and down all the time.

      1. JimHirshfield

        Not surprised to hear. You strike me as the kind of business person to have this and a bunker and food rations, yes? #tinfoilhat

        1. LE

          See the difference between me and you Jim is that I can’t point fingers at someone else when something goes wrong. And it’s always been that way.By the way I will add that doing the above (which you seem to mock) [1] takes literally zero effort. And even if it did take effort I’m not lazy so I do the extra work.[1] Either mock or a joke or perhaps a backhanded mockjoke.

          1. JimHirshfield

            Let’s not call it mocking or joking, but complimenting.

          2. LE

            Nice apology and I accept! However you forgot the “tin foil” in the original comment.

          3. JimHirshfield

            Edited orig comment. (also corrected ‘kid’ to intended ‘kind’)

          4. LE

            Better to call me a “kid of a business person” (which I was) than a “son of a bitch”.

          5. JimHirshfield

            How about “bitch of a business person”?

          6. LE

            By the way, on your point, I’m the type of person who wonders what happens if you are at the dentist in the middle of a procedure and the power goes out. I actually asked that question. The answer I got sounded like “we just stop working until the power goes on”. Or send the patients home. You’d be surprised at how many chances people take with things as long as something bad hasn’t happened yet.

          7. Rick

            You jest about tin foil. But you might need that tin foil if you want to block your device from sending/receiving signals as soon as mfg’s stop providing ways to turn off wireless connections.

          8. LE

            Interesting aside the landline phone that I have on my desk makes a high frequency noise often right before my iphone gets a text and/or possibly syncs. Has been happening since the 1st or 2nd iphone iteration.

          9. Rick

            I’m sure you’ve torn apart many things that use tin foil for signal shielding.

      2. Rick

        If drive heads still land on the platters at power down then you’re right it’s best to just keep them spinning. Disconnecting, pulling the usb cord, is the right thing to do.

  18. falicon

    My most important files are raw source code…which is automatically backed up by github (When I check stuff in) and of course replicated across my various development machines and servers (S.O.P. for me is to start every/any session at a computer with a git pull).Beyond that – pictures are my next most important files…for this I mostly just use the ‘replication’ approach…and so most of our pict. library is simply copied across all of our computers (my household is non-standard as we have about 13 computers in our house of 4).Music would by my third set of important data (also replicated across most of our systems — but also replicated out to google music and a number of our mobile devices [and music players]).Outside of all of that – I’ve basically taught/trained all of our household (including our 8 and 11 year olds) how to avoid virus…we don’t run any anit-virus stuff and (knock on wood) we have not had any real troubles with virus.So – no ‘formal’ backup service for us (too complex and too costly for the variety/number of systems we run)…instead we rely on ‘good education and habits’.It’s worked for us so far (btw – it was hard to type this with my fingers crossed!)

    1. LE

      Beyond that – pictures are my next most important files…for this I mostly just use the ‘replication’ approach…and so most of our pict. library is simply copied across all of our computers (my household is non-standard as we have about 13 computers in our house of 4).How does the above protect against fire or theft of the device in the event of a burglary?

      1. falicon

        It doesn’t (though some of my computers are laptops that often are not at the house when I/we are not)…and occasionally I do backup the photos folders to one of my servers (but fairly rare).We are *absolutely* vulnerable to theft (in fact, I rarely even lock my doors at my house).

        1. LE

          The entry point appears to be that window sitting in back of you in your avatar.Speaking of windows I remember seeing a security expert being interviewed on TV (might have been Krebs don’t recall) and he was at his system and you could see that there was a window right there that someone could use to gain access to all his equipment. What a juicy target that would be. Wouldn’t be to difficult to figure out where he lives. Oh sure he probably has an alarm. But perhaps the phone line is exposed in the back and can be cut. And so on.

          1. falicon

            The better entry point would be the unlocked door…

          2. Rick

            What’s important is that the hacker can’t get to that door from 8,000 miles away using his/her computer. They have to physically be on location for that.

    2. Rick

      “good education and habits”.Excellent. We have one thinker – anymore?

    3. Vasudev Ram

      I’m not too sure that not using any anti-virus is a good idea.What steps do use to avoid virus?

      1. falicon

        1. Never download/open attachments from non-trusted people/sources.2. Avoid downloading stuff in general (apps and content comes from trusted parties/distribution channels only)….honestly it hasn’t been that hard for me/us…I haven’t used an anti-virus program since at least ’99 and have only had to reformat one hard drive because of virus in that time (and that was because my youngest would click on stuff without knowing/reading as he tried to install minecraft mods — he’s since learned how to find/install the ‘real’ ones).

        1. LE

          (including our 8 and 11 year olds)Never download/open attachments from non-trusted people/sources.Hard to believe that an 8 or 11 year old (or your wife) couldn’t be fooled into opening something that they thought was from a familiar name, or relative and so on. I mean I get emails (as I’m sure you do) that are “from me” pretty frequently.I don’t use any antivirus either under OSX.

          1. falicon

            They probably *could* be…but the modus operandi tends to be “Dad…” whenever they hit something they are unsure about…which I then try to use as a teaching point (and we then argue for a bit about why I can’t just ‘do it’ for them vs. explaining what they should think about/do and why…and them making *them* do it).

          2. LE

            Exactly what I do. Figure it out. My stepson asked if I could setup windows on his Mb air 13 so he could play “call of duty”. So after explaining to him that this would require buying a copy of windows and it was over $100 (I’ve bought copies to run on 3 machines and if you move the virtual box image to another machine Msft actually knows that you are doing that and makes you go through the auth process with their phone system very annoying). Anyway I was kind of excited about getting him a cheap PC to run call of duty so I could use it to force him to learn something additional of value in exchange for the approval of what he needed to play. “if this then that else pound sand”. In addition to making him pay something also.Anyway, by the end of the day when I came home he had lost interest and I had lost my opportunity to extract my pound of flesh. (Because you know what I think of computer games..)

  19. Kirsten Lambertsen

    1PasswordDropboxGithubiCloudSo, could the block chain have the potential to improve security of email?

  20. DJL

    This story points to the great irony of information security. While at some level it is incredibly complex, MOST breaches happen because people (and companies) don’t do several simple things – like anti-virus, backup, etc. (Research shows that 90% of data breaches can be traced back to to just 4 basic security controls!) Shameless plug – this is exactly why we are developing the Information Shield certification. People (and companies) need ways to cut through all the noise and do the basics. Because of the “internet of things” we are all part of a massive chain of personal data. One weak link exposes our communities as well as ourselves. So the “network effect” of insecurity is truly massive.

    1. pointsnfigures

      http://blog.risk.io/2015/01… Risk.io is a Chicago company that helps enterprises secure their systems. They are doing a series of blogposts on network security. Talking about things like Heartbleed etc.

  21. scottythebody

    Whatever you use, it needs to have revision control. It’s entirely possible that, without it, your backup copy could be the corrupted one if you don’t notice in time.

  22. ErikSchwartz

    Not to toot my own employer’s horn but…BitTorrent sync http://www.getsync.com P2P serverless file synchronization.If you control all the machines your files are on you can control the level of security

    1. Maciej Gaล‚kowski

      BtSync is great, but this is not a backup solution. It lacks versioning.What kind of backup it is without versioning, and propagating file deletes to every other copy of the file ?Just confirmed that Dropbox for a change have versioning, and can recover deleted files for some time after you actually delete it.Useful but 1TB is still not enough for me

      1. Vasudev Ram

        >What kind of backup it is without versioning, and propagating file deletes to every other copy of the file ?Interesting point. Sort of apropos, I remember reading a while ago that some minicomputer OS (maybe VMS) had a text editor (or an OS facility related to modifying files) such that whenever you edited a file and made some changes, it would _automatically_ rename the old version with a numeric suffix. E.g. if your file was called somefile.txt, after the edit and save, it would rename the old version to somefile.txt.1 or some such, while your latest changed version would be in somefile.txt. (That can of course be done in UNIX, with a shell script of some sort, and vim does create a single backup file, but the point is that in VMS it happened automatically.) In that, and probably some other ways (some of which I’ve heard of, such as in the case of mainframes), pre-UNIX or non-UNIX minicomputer OS’s and mainframe OS’s had/have features that UNIX still doesn’t, or only has via 3rd party add-ons. And I’m saying this as a long time UNIX guy.http://en.wikipedia.org/wikhttp://en.wikipedia.org/wik

    2. LE

      Product appears fine but the marketing fails the puny brain test.Such as (only one example):http://www.getsync.com/how-…Using the BitTorrent protocol, this protocol allows devices to receive file pieces from any peer simultaneously.Suggest on that page adding to each description “for your aunt” in other words a simple summary (written in a comical way) that even someone’s aunt would understand.

  23. Rich Chetwynd

    Chances are that most people these days are operating heavily in the cloud or they’re at least heading in that direction. If you use Dropbox, Google Drive etc for files or use cloud based CRM, marketing tools & finance tools then a simple solution is to get started with a cloud to cloud backup provider. The backup provider will take daily encrypted snapshots of your data and make it easy to search, preview and recover data when one of these digital vigilantes has you in a corner.

  24. LE

    Let’s see what everyone here at AVC usesWe have to backup 12 and 18 systems located in 4 or 5 different places. (And some of those are actually backups of other things. )On ‘nix systems we use a combination of unix tools such as tar, rsync scp sftp and so on.On Mac systems we use disk cloning (super duper), time machine and rsync. Not just one but typically two of the three above depending on the situation. So in other words on mac’s time machine and cloning of the disk. [1] Additionally all backups are kept onsite and offsite. If onsite in either fireproof safes or on fireproof hard drives (iosafe). If offsite in fireproof safes. All tracked with labels on the disks nicely printed and easy to read.Most importantly I designed this whole scheme (down to the easy to read and attractive disk labels) and ride herd over making sure the right thing actually happens. To the best of my ability. [2] Key point, who’s ass is in the can if something goes wrong? For example some things are automatic (by cron on unix or mac systems) and some are done manually by typing in the command and seeing actually that something happens and monitoring the size of the file that is created. (And some things like that are emailed as well). That’s right as in a human seeing that the file is only 1mb and should be 56m. Things happen that only a human can catch.[1] With cloning you can actually boot from the disk to make sure that the backup worked. You can also do this with time machine now although you didn’t use to be able to.[2] I can find deficiencies in this system and keep adding to it as I find the holes. You can spend untold hours on this and security issues. I date back from doing tape backups on a Unix system that I had in the mid 80’s. Making sure not to place the tape on the heated car seat when I went home (anyone who knows what that refers to knows something about backups and computer history as well).

    1. Vasudev Ram

      Pretty good for a person whose main line is not software …Just one point:>That’s right as in a human seeing that the file is only 1mb and should be 56m. Things happen that only a human can catch.It’s possible (with shell/Perl/Python/etc. scripting) to automate monitoring of the size of a file as it grows (or shrinks, or stops changing in size) and send an alert to a human, or to take some other action on such events.

      1. LE

        It’s possible (with shell/Perl/Python/etc. scripting) to automate monitoring of the size of a file as it grows (or shrinks, or stops changing in size) and send an alert to a human, or to take some other action on such events.Oh yeah I just haven’t gotten around to doing that yet.One thing though even if I do that I will need a way to make surethat the routine actually catches something and not assume it is actually working and hasn’t stopped working for some reason. I don’t believe in no human oversight. Like you know the person with a clipboard checking gauges and all of that. Not everything fly by wire.One of my basic operating principles is to do something small first and then add to it. So whatever is done starts off as the most basic manual process and get’s automated and changed as I have the time and/or think of new things. That’s why I like being able to do this myself. I don’t have to have all of the specifications to tell someone else I just start with the command line and go from there.For example at one point in time the backup files were created just using $$ which as you know is the shell process number. Later when I had time I changed that to a date time stamp. Not a big deal of course but all of those things add time however small. (Now of course I use the same format for everything.)Another example is that backup files would build up and have to be manually deleted. So I took the time to write a routine which I call “slots”. It essentially takes the particular backup and stores it in file folders labeled slot1 through slot32. Also 1 per day and 1 per week and one per month. Point is if I had to do all that (and other things) to start I wouldn’t have enough time and would do nothing. For “last bu for a day” I just use cron to run at 23:58 and grab the last file in a series. That was my “poor man’s way” to figure out the last file for the day.Everything I do starts off very small and I build on it as I have time or come up with an idea and want to have fun. Because to me doing this is fun to do.

        1. Vasudev Ram

          >Oh yeah I just haven’t gotten around to doing that yet.Cool, I just thought you might not know it, so mentioned it.>I don’t believe in no human oversight. Like you know the person with a clipboard checking gauges and all of that.Got it, and I agree. I do that myself – ultimately even automation of automation (of …) must be checked.>One of my basic operating principles is to do something small first and then add to it. So whatever is done starts off as the most basic manual process and get’s automated and changed as I have the time and/or think of new things.Kernighan and Pike would approve :)(They were among the original inventors and/or users of UNIX, and wrote the book The UNIX Programming Environment – classic.)https://www.google.co.in/se…They recommend your incremental approach a lot in that book, and it is one of the key parts of the UNIX philosophy [1] – as is having fun, BTW, which you end your comment with :)[1] More on the UNIX philosophy (which you already seem to have discovered a lot of) – from Eric Raymond’s The Art of UNIX Programming (though his writing style is very different from theirs):Basics of the Unix Philosophy:http://www.catb.org/esr/wri

          1. LE

            Raymond was actually a teaching assistant and support at the Wharton Computer Center in Vance Hall when I was a student there.http://www.catb.org/esr/res

          2. Vasudev Ram

            Oh cool. Though he would not yet have written his book at that time, I guess.

    2. B12N

      Holy schnitzel! Now I feel like whatever I’m doing is inadequate…

  25. Matt Zagaja

    I have been using Backblaze for the past year. To be honest the reason I switched to it is that for some reason OS X freezes when you use Time Machine and it spins up an external disk to start the time machine backup. It is a set and forget solution but here is why I like it:1. You can tune what is backed up and what is not. Lots of configuration options to cover individual situations.2. It backs up external drives that are connected to the PC.3. All files are versioned over 30 days. If I screw something up or delete something I have the peace of mind of knowing I can recover it.4. The iOS app allows me to download “that” file that I forgot when I’m on the road.5. Since it uses the Internet I do not need to worry about connecting to an external disk or that things I create when I’m at an office or on the road are not backed up yet.I’ve had zero problems so far, but I assume that other solutions are comparable. I am considering getting a Synology for on site backups as through time machine as well.

    1. Maciej Gaล‚kowski

      I just checked their website. Funny quote : “So we built Backblaze using ‘C’ code, also known as the best programming language in the world.”I would laugh really hard if the Crashplan client ( written in Java ) wasn’t so slow and memory hungry. At one point their support told me to changing the config file and allow java to take up more memory for the app. It slows tremendously for large data sets otherwise.Edit : spelling.

      1. Matt Zagaja

        Haven’t used Crashplan but I think that the best programming language is the one you can get to work. ๐Ÿ™‚

        1. Rick

          There ya’ go! Objective based usage. If the tools supports you reaching your objective then use it. There’s no reason to use a programming language that you can’t get to work.

  26. Rick

    People could just step back and take their important information off digital and the internet. There’s no need to go cyber-crazy and try to keep up with this stuff. Digital security is a pipe dream..I know that vast crowds of people are enamoured with digital this and that. But they need to be smart instead of child-like and do things in a safe manner. Cutting costs through automation is a good thing UNLESS its harms people!!!

  27. leeschneider

    Local: Time Machine (although it’s tough to use with a laptop that’s not necessarily plugged in at the same spot each day)Cloud: Dropbox (for files and photo backup from phones), iCloud (for phone), Backblaze (for laptops)For me, backup is all about the photos. Keep those suckers safe.

  28. Emil Sotirov

    For all my old (and occasional new) local files:Dropbox for real-time syncing between my two laptops + Mozy for daily backup.For almost everything else – G Drive + occasional (monthly) download of all my Google stuff (including email) locally into the Dropbox/Mozy system.I think both Dropbox and Mozy keep older versions of files.And GitHub, of course, for projects.And an old SVN for company stuff (hosted on company server).So – 3 local data folders (Dropbox, GitHub, SVN) and a total of 5 clouds.

  29. LE

    I was talking to my mom about moving some of her money into an online mm that paid a higher rate than the local bank. I began to explain to her that instead of getting .4% at the local bank she could get close to 1% at the online bank.I told her I would come over and set this up for her showing her how to do transfers from her retail bank to the online bank which paid the higher interest rate. Then, wait, what did I just say I thought. This is a total “danger will robinson”.I realized that if I did this there would be a way for someone to either socially engineer her and/or get something nasty on her machine (and it’s a mac by the way) and then the wrong thing would happen. Bad idea, nope, to risky so I didn’t pursue this.So the threat assessment was that it made more sense to get the lower interest rate and keep her 100% “old school” rather than get a higher interest rate by having her do something online that she was in no position to manage properly at her age (actually most people of any age can’t do this well either).Another thing that I did was when my father died I absolutely insisted that his death notice not appear in the newspaper (like my Uncle’s had). The funeral home actually charges for this and it’s a big ad for them (which you pay for, that is, their logo to appear takes more lines in the ad). But that wasn’t the reason. The reason is I felt it leaked to much personal information that could be used for a security breach and didn’t see any upside, only downside. So I fought with my sisters and finally got them to agree. The upside was there were less people to eat the lox and bagels at the shiva.

  30. John Revay

    Several comments about drop box, I always thought of dropbox as a cloud place to store files vs. backing up.I use bitcasa now – even though I am constantly looking for a new service….but when I search for or read reviews – It seems like the lines have become somewhat blurred b/t cloud file storage ( think NFS) and online backup.

    1. leapy

      I tried Bitcasa – even to the point of buying unlimited storage – but the desktop client kept making my machine unusable. They then removed the unlimited storage offering and up the prices. Now given up completely. It was a shame, I thought their mobile client was terrific.

  31. John Revay

    As far as a cloud storage provider…I am essentially looking for a place I can load/move all of my files…and then have them be available on any pc/device with their app.I don’t what to have to “select” what files or directories I want synced..(something you seem to need to do w/ Google’s Drive app) but rather I want have them all available to be at least seen…and then loaded fairly quickly once I click to open.

  32. John Revay

    As far as online/off site backup – I currently use crash plan – & have been fairly happy w/ it.Seems like you have lots of flexibility where you target to save files, other machines you have, your friends – or on their boxes….

  33. harryh

    Earlier this year I went all in on Dropbox as my primary backup solution. Essentially my entirely home directory is synced via Dropbox between several different laptops. It works really well.

  34. ryanbed

    BackBlaze is amazing for personal back-ups.

    1. Brad Dickason

      I’ve been using Backblaze for a while, though I keep running into the problem that Backblaze sucks up all my bandwidth (regardless of settings) so I schedule it to run at night… when my computer is asleep ๐Ÿ˜› I got stuck in this loop for almost a year! Any suggestions?

      1. Vasudev Ram

        I haven’t used Backblaze, but from @ryanbed:disqus ‘s comment I see that is is a backup software. Any backup software, at least if it does file compression (to save space on the backup media), will be both CPU-intensive and IO-intensive. (That is because compression is CPU-intensive since it uses non-trivial algorithms, that exercise the CPU (processor) a lot, and backup (and restore) is IO-intensive by definition.) That’s why scheduled backups are often run at night. I’ve written backup scripts to be used for automated backup of UNIX servers that were used by large teams, and we noticed that the backup process hogged a lot of CPU and IO, so they had to be scheduled to run late at night when most people had left for the day, otherwise the systems would have been too slow to use. Of course it depends on the power of your hardware and amount of RAM too.Edit: IO is I/O is Input/Output (from the computer to backup or other attached devices, such as screen/printer etc.)

  35. bsoist

    I obsessed about this for years. A couple of years ago this post – like quite a few of AVC posts ๐Ÿ™‚ – would have triggered hours of reevaluating my approach, but fortunately I settled in to a nice routine with this not that long ago.I rely on Dropbox, Flickr, Github, and Time Machine. Those combined with my quarterly routine of backing up all my photos to two different hard drives does the trick for me.

  36. Dale Allyn

    Let’s see what everyone here at AVC usesI’m a Mac user, so part of my solution is Mac specific. For my primary workstation I keep my OS and applications on a dedicated SSD drive, and have my data files (documents, images, sites, etc.) on separate hard disks. I clone my OS drive to two other drives in rotation using Super Duper! (but Carbon Copy Cloner would do as well). Using two drives allows for some protection against cloning malware or corruption. I should back up every night, each time to an alternate volume, but I’m a little looser than that. However, after heavy work sessions I do back up.The data volumes are also cloned to a similar paired set. This way, I can generally expect that if the most recent backup is corrupted I lose just a day or two going back to the other volume.Finally, I recently added Apple’s TimeMachine to my workstation system. It copies everything several times a day (every hour). I resisted using it (for lack of concern or interest), but it has proven to be very convenient. I’m able to go back to any of many copies, back in time. TimeMachine recently saved me a lot of hassle when I mistakenly over-wrote a very large file. I had never use TimeMachine for recovery, but it took only a few seconds to retrieve the one hour old version and replace the one I screwed up. Very cool. Given a large enough hard disk, TimeMachine allows you to keep many versions back in time, not just overwriting a current saved copy.For my laptop, which is much less important to me in terms of content, I simply clone it to two separate externals (in rotation) a couple times per week. Sometimes I stretch that frequency out, especially if I’ve done little work important work on it.

  37. Andrew Ice

    I use Time Machine, Crashplan, and Dropbox

  38. Sumeet Gajri

    What do people use? I personally like ZipCloud.

  39. MartinEdic

    All my files start in Google Docs. They may get downloaded for other people’s purposes but the original version is always there. I do cloud-based backups but the things I really want are on Google.

  40. Vasudev Ram

    This post reminds me of a real life incident where I saved a customer’s data on a Linux machine that had crashed. I later wrote an article about it that was published in Linux For You (now called Open Source For You), an Indian print magazine about Linux and open source software. Here is the article on my site:http://www.dancingbison.com…LFY’s site changes now and then, and also they don’t or did not put all articles on their site, else I would have linked to that directly. Instead I linked to my backup ๐Ÿ™‚ of the article.http://en.wikipedia.org/wik

  41. sachmo

    Crashplan to the rescue!

  42. sachmo

    IMHO Dropbox, Google Drive, Sky Drive – these are really just syncing services and not backups. If someone deletes or overwrites a file within these services, it’s gone. I use Google Drive to SYNC, and as a file organizer, but not as a backup.I backup Google Drive to Crashplan. NOTE: On Windows you have to change user access to google drive folder for crashplan to be able to access the folder properly.But in addition to this – I have a lot of specialized engineering software installed on my primary machine, and it’d be a real pain to have to reinstall / reconfigure that. So I’ve purchased a couple extra hard-drives and have created clones (using Acronis).Beyond just writing the clones to a 2nd hard drive, I’ve actually *tested* that they work by booting on them – which is something I’d recommend everyone with a local backup do.So if the hard drive dies for some reason, I pop in the clone and allow google drive and crashplan to sync. In a couple hours I’m back up and running.Google Drive and Crashplan always run in the background, so no maintenance there. As far as local backups go, I only make a new copy when I make a major configuration change (i.e. install a lot of new SW) to the computer. This is happening less and less as web-apps are slowly taking everything over.I setup this whole system in December 2013…. In 2014 I had 2 major hard drive crashes – and prior to this never had an issue. Go figure. This was huge in allowing me to keep moving without losing a step.

  43. scottythebody

    Y’all don’t even want to know how paranoid and redundant my backup system is. That being said, I had a catastrophic system failure recently and I’m *still* recovering data from it. So obviously my system needs tweaking ๐Ÿ˜‰ At least I have copies *somewhere*By the way, I’m a huge fan of Synology Diskstation products. That’s a nice spot to put some local data and enrich it with some really nice local/hybrid cloud functionality.

  44. someone

    MS OneDrive. you don’t even have to set it up, really. we now have unlimited DropBox space at MIT, but I’ve stuck with 1drv b/c it is more integrated into the filesystem (e.g., with windows explorer). some stuff that needs to get shared with people who only use DB goes in there.have only had one virus in 16 years on windows. just formatted the drive and redownloaded files from a backup. also handy for upgrading machines (Surface Pro –> Surface Pro 2 –> Surface Pro 3) without doing any file transfer.only gripe is the 10G max file size. otherwise it’s marvelous. I think DB downloads faster, though I’m not sure about that

  45. ShanaC

    I’d like something better and cheaper. I find the idea of how to backup still a bit horrifying.Plus it indulges me in how to forget

  46. YevP

    Yev from Backblaze here -> Great write-up. It’s crazy that Cryptolocker and things like it are now wide-spread. We’ve run in to this at Backblaze (https://www.backblaze.com/b… ), and in addition to using “e-mail best practices” the only way to really protect against this type of thing like you said is having a backup, preferably one off-site so that ransomware cannot infect it on your system.That way, if you get infected, you wipe the computer, reinstall Windows, download your restore and then you’re back up and running.

  47. FAKE GRIMLOCK

    WHEN COMPUTERS FINALLY SECURE? WHEN HUMANS STOP USING THEM.

    1. fredwilson

      So true it hurts

      1. FAKE GRIMLOCK

        THAT ALSO ANSWER.INVENT SOMETHING BETTER THAN COMPUTERS FOR MOST PEOPLE TO USE.SMARTPHONES STEP 1.

        1. laurie kalmanson

          after people get the implants: hackable, too

  48. K_Berger

    I have the basic Carbonite plan on several computers. Inexpensive, simple, and unlimited space so I don’t have to worry about how many pictures, videos, etc. are on the computer.Have used it occasionally to restore file changes from a week or two back.

  49. GonzoI

    An external hard drive I copy everything to only after something scary happens to remind me to back things up. That’s good enough, right?Personally, I have started backing up things in sections so I can keep the backup disconnected when not backing up. My code and my writing I use SVN to archive, then back up the SVN repositories to removable disk. My costuming, references and other art related files go to (separate) removable disk. Email, documents, photos, and other private data go to another removable disk with encryption. My music and install files go to a fourth removable disk for things that don’t change. (You can probably guess from the number, these are thumb drives in a 4 port hub. Easy to plug in the set, back up what little has changed, then unplug.) Everything else gets wiped when I reformat, so I just encrypt where needed to keep others from getting it and wipe it myself as needed. In addition to that, a manual monthly backup to one of two large external hard drives.I had been stuck as a Dish customer for a while (never, ever go with them), so sending gigabytes of data to “the cloud” was not an option until this year. I have some data that I already keep online, and I plan to start automating some larger backups to the cloud now that I can, but I won’t be using it exclusively.Of course, I’m not generating a lot of data. My solution only works for someone generating megabytes a day, not someone generating gigabytes.

  50. PrometheeFeu

    Backup is hard. I just do everything in the cloud in the first place. (Except coding, though I use git for my VCS and github is my canonical repo for everything)

  51. andrewparker

    Ransomware is a core plot device to Reamde, a book by Neal Stephenson. I highly recommend it (though it’s not as good as Snow Crash or Diamond Age).

  52. Robert

    Does any one use mega.co.nz ? I understand it is safest to rely on end to end encryption, which they offer plus free 50GB. This combined with a backup on an external drive should be pretty safe.

  53. Sarah Lamb

    Great article and a helpful reminder that we do really need to remember to back up regularly. Whilst many of us do some form of backup for our own computers how many of us actually think about backing up our social media profiles and content so that we have that data forever within our control? If you’ve not considered backing up your social data it is worth giving http://socialsafe.net/download a try for free. Your data is then under your own control. Definitely a handy tool to help you with social backups. Enjoy!

  54. ZekeV

    Just read about Tarsnap — client-side encrypted backup, with prepaid accounts at $.25 / GB storage and bandwidth. Wondering if anyone here has used it?