Advice Request How is backup software beneficial to computer security and not detrimental?

Please provide comments and solutions that are helpful to the author of this topic.

Is backup software improving computer security? :X3:


  • Total voters
    29

Yellowing

Level 5
Thread author
Verified
Jun 7, 2018
221
Hi :)

I read over and over again that you advise everyone to use an Imaging tool or another kind of system backup solution to improve security. :unsure:
But was thinking. How is it improving SECURITY? Isn't it actually detrimental? :X3:

Because it backs up everything on your disc and sometimes automatically, every adware, malware and less visible stuff like rootkits are also backed up. I can not see a real improvement in security even if we set the malware aside. :geek:
I guess it comes down to semantics. But it's weird to me that you always tell everyone Backup software improves security even thought it has nothing to do with it and, at the bottom, is yet another software running background services, automatic updates and backups, and it may even collect user data. :emoji_grimacing: (By following the rule that every program running on your computer is potentially a security hole if it doesn't actively harden the OS.) :unsure:

Ah... Uh, I hope you don't mind me asking this. :emoji_innocent::):notworthy:
 

SumTingWong

Level 28
Verified
Top Poster
Well-known
Apr 2, 2018
1,706
Hi :)

I read over and over again that you advise everyone to use an Imaging tool or another kind of system backup solution to improve security. :unsure:
But was thinking. How is it improving SECURITY? Isn't it actually detrimental? :X3:

Because it backs up everything on your disc and sometimes automatically, every adware, malware and less visible stuff like rootkits are also backed up. I can not see a real improvement in security even if we set the malware aside. :geek:
I guess it comes down to semantics. But it's weird to me that you always tell everyone Backup software improves security even thought it has nothing to do with it and, at the bottom, is yet another software running background services, automatic updates and backups, and it may even collect user data. :emoji_grimacing: (By following the rule that every program running on your computer is potentially a security hole if it doesn't actively harden the OS.) :unsure:

Ah... Uh, I hope you don't mind me asking this. :emoji_innocent::):notworthy:

It's only for disaster like BSOD, virus infection, or hard drive dead.
 

slash/

Level 6
Verified
Jun 24, 2018
277
This is a somewhat controversial topic depending on the technological experience of the user. For myself, I agree with your points and I've made that abundantly clear through my configuration. Backing up through copy and pasting trusted files is far safer than having a software automatically back up every piece of garbage accumulated in your folders. For some less experienced users that may forget to backup their files as often as they should, software could be more beneficial to them, but at a high risk of contaminating existing files.

It's a double-edged sword.
 

LDogg

Level 33
Verified
Top Poster
Well-known
May 4, 2018
2,261
It's essential because if you get infected, you accidently delete something, an install goes wrong, your OS image is damaged, virus infection, BSOD, user error, malfunction & a whole lot more is the reason why it's good for anyone to use.

It's a security fundamental if done in the correct way, even manual backup is essential if you do not wish to use any backup software.

~LDogg
 

Yellowing

Level 5
Thread author
Verified
Jun 7, 2018
221
It's essential because if you get infected, you accidently delete something, an install goes wrong, your OS image is damaged, virus infection, BSOD, user error, malfunction & a whole lot more is the reason why it's good for anyone to use.

It's a security fundamental if done in the correct way, even manual backup is essential if you do not wish to use any backup software.

~LDogg
But you still didn't vote yes. Why? :p
 

cruelsister

Level 42
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,133
Isn't it actually detrimental?

Although your point about that imaging an infected system will result in an infected system on restore, the imaging process will be in no way detrimental (in that it will not add to previous infective processes). But your argument that your system MAY be infected so imaging is without any value is specious. Unless a person only has the OS with some applications installed, fine. But if one has important Documents or photos of your Dear Departed ChowChow the need for backing up these thins should be rather apparent.

For me a more proper attitude would be prior to making an image:
1). Make sure the system is pristine (without any malicious processes being active). This takes work and the use of a number of scanners.
2). Mke sure the base System Protection is actually adequate (if you THINK that your system MAY be infected, you obviously are questioning the efficacy of your current setup).
3). Ditch previous primary security protections and use something that actually works (Cruel Comodo comes to mind, but I obviously can't state that being Kind, Gentle, and Humble).

And to the Poll Question- there should be a 4th option- that it neither adds nor subtracts to security.
 

Yellowing

Level 5
Thread author
Verified
Jun 7, 2018
221
Although your point about that imaging an infected system will result in an infected system on restore, the imaging process will be in no way detrimental (in that it will not add to previous infective processes). But your argument that your system MAY be infected so imaging is without any value is specious. Unless a person only has the OS with some applications installed, fine. But if one has important Documents or photos of your Dear Departed ChowChow the need for backing up these thins should be rather apparent.

For me a more proper attitude would be prior to making an image:
1). Make sure the system is pristine (without any malicious processes being active). This takes work and the use of a number of scanners.
2). Mke sure the base System Protection is actually adequate (if you THINK that your system MAY be infected, you obviously are questioning the efficacy of your current setup).
3). Ditch previous primary security protections and use something that actually works (Cruel Comodo comes to mind, but I obviously can't state that being Kind, Gentle, and Humble).

And to the Poll Question- there should be a 4th option- that it neither adds nor subtracts to security.
Of course the process won't be an issue. That wasn't my point.
Any system may be infected without administrator knowledge. That's the whole point of most malware. (Zero-Day protection is not perfect) :emoji_sob:
You can backup important documents without any special software.
About the 3 proper attitudes: You're saying that here where it has no impact. Everyone is simply saying: "Get imaging software." without any mention of the hazards that this software implies.
How is the fourth option you want different from the third option: "Grey-space"? (Or a grey-zone, if space is the wrong term) :unsure:

---------------------

I just thought of something even more concerning: In these image files you don't need to be administrator or the actual-OS to change files. Every program has write rights to everything inside the image. Also none of these files in the image are write protected from being opened or in use, nor is any sector of that virtual disc safe - including MBR. :eek:
Therefore any malware that is sophisticated enough can simply write the most horrible rootkit into your images. :mad:
I don't think these files are usually encrypted. :unsure: (They are only encrypted when you use BitLocker or similiar software, I think.:unsure:)

What about that? :eek:
If you say: "But these files are on an external disc". Yes, but you connect this disc to your Computer that could have Malware running without your knowledge. If you say: "But my computer does not run Malware." Yes, probably. But can you really know nowadays? :unsure::)

EDIT: I realized that the "Nope"-option is actually also a "grey-zone"-option. (Because it doesn't decide if the software has negative impact or not.) So I added an option for negative impact.
 
  • Like
Reactions: vtqhtr413

cruelsister

Level 42
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,133
Hi yellow! Personally I image my system because I have files that I personally consider too critical to be lost. I image not because of that I fear malware issues, but instead because I learned (a very hard lesson) that there are two types of storage- those that HAVE failed and those that WILL fail.

But to your points: One can make an image and store it either Locally (on an external drive or on a secondary earmarked for that purpose), or Externally in the Cloud.

1). For images stored locally, I am aware of certain ransomware that will seek out and encrypt images. However, among the majors (Like Macrium, Acronis). only Macrium Free will allow such modification. Note that this modification inability would also extend to other theoretical malware. As to your example of something opening and adding malware to an image, I have never ever heard of such things either in the Wild nor as a POC. If you know of something, please let me know! Also I would fail to see the point as something that could potentially deeply infect an Image could much easier infect the actual running system. The Game just would not be worth the Candle.

2). External Storage- I would never upload ANY files I deemed important to the Cloud. In my previous employment I would have been shot (or at least sternly spoken to) for doing so. But as the majors will let one Password protect an image, I strongly suspect that anyone reading this message is not important enough for a Blackhat to attempt to decrypt that image, especially as it may take a few weeks more than the End of Time to do so.

But to sum up, if you don't want to image your system I don't think that anyone here will really care...
 

HarborFront

Level 71
Verified
Top Poster
Content Creator
Oct 9, 2016
6,014
Backup software is not a security software. It can't protect you proactively. It's a recovery software.

It has its own caveats

1) The backup can be corrupted. You won't know until you do a restore.
2) You can't tell if your backup is infected not just from malware but from info stealers as well
3) You won't know at what point in time the infection occurs and thus can restore an infected image
4) Updating to a new version of the software can sometimes prevent the earlier image from being restored
 
Last edited:

Yellowing

Level 5
Thread author
Verified
Jun 7, 2018
221
@cruelsister Nah. I do image mine too. (With macrium free) After updating antivirus signatures, deactivating network (So that next time I use that image it doesn't go online immediately), pulling the cord and extensive AV scanning. :D
But no, I have also never heard of malware targeting images. I can only assume I am not the first one coming up with something like that. And I don't think it would be particularly hard. :unsure:

@frogboy Ok. But "safe computing" and "computer security" are different things. (To me) So "Yes for sure" doesn't make sense in this context. :X3:

@HarborFront Exactly. :)
 

cruelsister

Level 42
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,133
And I don't think it would be particularly hard.

Actually it would be extremely hard to do so, at least without being detected in its actions. Plus, attempting to code something that would be able to decompress an image created by various software, inset malware into that image, then re-image it AND making it small enough to actually send out almost makes me faint thinking about it.

Trust me in this- I know a bit about coding malware (you are new- so ask around); I can't conceive of a thing that will infect within an image. It is SOOOOOO much easier to infect an actual system (Ophelia purrs contentedly).
 

cruelsister

Level 42
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,133
Yellow- By that I meant making the malware small in size to disseminate. Obviously something about 100MB in size would not go unnoticed (and would be a PAIN to send as an email attachment!). For the things the malware would have to do would preclude any usefulness.

That being said, I really appreciate this topic you started! It was a very good thought project for us!
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Is Ransomware a threat?
Yes.
But it can't threaten someone who makes regular system image backups, because he can always go back to a clean point, and retrieve any or all files, no matter how scattered they are on his system.
That's security!
 

HarborFront

Level 71
Verified
Top Poster
Content Creator
Oct 9, 2016
6,014
Is Ransomware a threat?
Yes.
But it can't threaten someone who makes regular system image backups, because he can always go back to a clean point, and retrieve any or all files, no matter how scattered they are on his system.
That's security!
You have backed up many images but do you know which is your clean backup image.
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top