Protecting your backup files from ransomware

Topic

New Reply

---

LangaList Plus

Protecting your backup files from ransomware

By Fred Langa Ransomware covertly encrypts user files and then demands payment for the key. Here’s how to ensure that backup files remain safe, if an infection takes over your main PC. Plus: A “Windows Hello” biometric/fingerprint sign-in system fails after a Win10 upgrade and updated suggestions for Win10 file management.

---

The full text of this column is posted at windowssecrets.com/langalist-plus/protecting-your-backup-files-from-ransomware (opens in a new window/tab).

Columnists typically cannot reply to comments here, but do incorporate the best tips into future columns.

Reply | Quote

Replies

Protecting your backup files from ransomware – Fred Langa
My wildest guess is to be eternally vigilant, often checking folders and files from time to time, making sure such are usable and untouched. Now, those using anti-ransomware simply have added an ally to their vigilance.

"Take care of thy backups and thy restores shall take care of thee." Ben Franklin, revisted

Reply | Quote

What about protection by the new Bitdefender program released on March 29? Bitdefender Anti-Ransomware is a new product by security company Bitdefender to protect Windows PCs against several ransomware families. Thank you. https://labs.bitdefender.com/2016/03/combination-crypto-ransomware-vaccine-released/

Reply | Quote

What about protection by the new Bitdefender program released on March 29? Bitdefender Anti-Ransomware is a new product by security company Bitdefender

Quote from Bitdefender’s blog post about just that new tool, comments section, Bitdefender replying to a comment question:
[INDENT] Razvan Stoica says:
March 31, 2016 at 3:28 pm

It’s a vaccine, but it can (and probably will) be updated against new strains, hence the need to run at startup. It does not monitor behavior, it just uses some tricks to prevent those specific families of ransomware from infecting your system.
The software is provided AS-IS, without any implied or explicit guarantees. Redistribution is permitted.[/INDENT]

That tells me that they will have to play the usual whack-a-mole game with new strains of or techniques in ransomware. YMMV but I prefer a permanently running behavioral watchdog like CryptoPrevent. I just believe that the combinationm of registry surveillance AND behavior checker/blocker has a better chance at catching zero-day behavior than a purely reactive kind of program and/or signature update alone.

Reply | Quote

Quote from Bitdefender’s blog post about just that new tool, comments section, Bitdefender replying to a comment question:
[INDENT] Razvan Stoica says:
March 31, 2016 at 3:28 pm

That tells me that they will have to play the usual whack-a-mole game with new strains of or techniques in ransomware. YMMV but I prefer a permanently running behavioral watchdog like CryptoPrevent. I just believe that the combinationm of registry surveillance AND behavior checker/blocker has a better chance at catching zero-day behavior than a purely reactive kind of program and/or signature update alone.

eikelein, I, too, am worried about ransomware. Do you have CryptoPrevent active at the same time as Windows Defender, BitDefender, or any other anti-virus program?
thanks.
radar

Reply | Quote

……..I prefer a permanently running behavioral watchdog like CryptoPrevent. I just believe that the combinationm of registry surveillance AND behavior checker/blocker has a better chance at catching zero-day behavior than a purely reactive kind of program and/or signature update alone.

I have been using CryptoPrevent for a long time and have several licensed copies. Cyptoprevent may NOT do everything you attribute to it.

My understanding of Cyptoprevent is that basically it uses Windows Group Restriction Policies to disable many of the infection methods used by current ransomware; things like running executable files from various data directories, allowing you to run things like “filename.pdf.exe”, etc. I do not believe it has any “active” behavioral monitoring or registry surveillance.

In answer to @radar’s question about using CryptoPrevent along side other products, I have seen no conflicts with MalwareBytes, Emsisoft, Kaspersky, ZoneAlarm, etc. (across several different machines). I believe this is due to the fact that it simply sets a bunch of “Group Policy” rules in the registry to disable much of the “bad behaviour” of current ransomware and then is done. It leaves nothing actively running.

Of course, the new version of CryptoPrevent may add additional prevention strategies.

-brino

Reply | Quote

Fred Langa, who by the way I highly respect, writes in his article “Protecting your backup files from ransomware / Win10 file-management best practice?”
I quote:
[INDENT]In short: Even though Windows still allows you to separate the OS and your user files, there’s really no longer any reason to do so.[/INDENT]

“… any reason …”? I beg to differ.

I know YMMV! Here is my personal reason to have data not only in a separate partition but even on a separate distinct disk drive:

Fairly early after SSDs had become available I decided to have my system and programs on a SSD drive and my now 230+GB of pure data on a conventional separate HDD. That decision was forced on me by the fact that back then I simply could not afford more than a SSD larger than 250GB capacity.

This setup has so far served me very well and I see absolutely no reason to change it, at least not as long as the current computer keeps chugging along as nicely as it does.

BTW should anybody be interested at all:
C: still holds C:Users and C:Program Data.
The internally mounted data drive E: holds all standard Windows data folders PLUS the data folders for backing up my utilities flash drive(s) and about 3GB(!) data folders of my Thunderbird email client. As of today I have a total of 226GB of data on E:.

Reply | Quote

Fred Langa, who by the way I highly respect, writes in his article “Protecting your backup files from ransomware / Win10 file-management best practice?”
I quote:
[INDENT]In short: Even though Windows still allows you to separate the OS and your user files, there’s really no longer any reason to do so.[/INDENT]

“… any reason …”? I beg to differ.

I know YMMV! Here is my personal reason to have data not only in a separate partition but even on a separate distinct disk drive:

Fairly early after SSDs had become available I decided to have my system and programs on a SSD drive and my now 230+GB of pure data on a conventional separate HDD. That decision was forced on me by the fact that back then I simply could not afford more than a SSD larger than 250GB capacity.

This setup has so far served me very well and I see absolutely no reason to change it, at least not as long as the current computer keeps chugging along as nicely as it does.

BTW should anybody be interested at all:
C: still holds C:Users and C:Program Data.
The internally mounted data drive E: holds all standard Windows data folders PLUS the data folders for backing up my utilities flash drive(s) and about 3GB(!) data folders of my Thunderbird email client. As of today I have a total of 226GB of data on E:.

And yet your separate data partition in your setup won’t protect you from ransomware…

Reply | Quote

And yet your separate data partition in your setup won’t protect you from ransomware…

Rui,
YES, that goes without saying.
And thank you for your never ending attention to details and so very valued contributions.

I may not have made it sufficiently clear that in my little diatribe in post #4 I was specifically responding to Fred’s subtitle “Win10 file-management best practice” and therein especially about the formulation

[INDENT]… there’s really no longer any reason to do so …[/INDENT]

That then has lead further astray like what IMHO correctly is said in posts #16 and #17.

Talk about off topic… 😉

Reply | Quote

Rui,
YES, that goes without saying.
And thank you for your never ending attention to details and so very valued contributions.

I may not have made it sufficiently clear that in my little diatribe in post #4 I was specifically responding to Fred’s subtitle “Win10 file-management best practice” and therein especially about the formulation

[INDENT]… there’s really no longer any reason to do so …[/INDENT]

That then has lead further astray like what IMHO correctly is said in posts #16 and #17.

Talk about off topic… 😉

:).

Reply | Quote

Fred Langa, who by the way I highly respect, writes in his article “Protecting your backup files from ransomware / Win10 file-management best practice?”
I quote:[INDENT]In short: Even though Windows still allows you to separate the OS and your user files, there’s really no longer any reason to do so.[/INDENT]

“… any reason …”? I beg to differ.

I know YMMV! Here is my personal reason to have data not only in a separate partition but even on a separate distinct disk drive…

I’m with eikelein here! I have ~1 TB of images in my Pictures folder. With a system that contains 500GB of SSD and 4TB of SSHD storage, Fred’s advice doesn’t work well for me. On the other hand, moving the Users folder to SSHD drives works quite well. I recognize that the danger of ransom-ware is still there, and wonder how to manage protection in a continuous backup scenario? Fred, what’s your advice for this configuration?

Reply | Quote

If necessary, can we depend on being able to recover any/all affected files from our Carbonite backups?

Reply | Quote

regarding “Win10 file-management best practice”, what are you thoughts about moving user files to another internal hard drive when using a small (256GB or less) SSD for the Windows 10 system files? thanks

Reply | Quote

regarding “Win10 file-management best practice”, what are you thoughts about moving user files to another internal hard drive when using a small (256GB or less) SSD for the Windows 10 system files? thanks

Keep your normal data on the SSD and move things like music and video – files that don’t change but are large – to another disk, is what I do.

cheers, Paul

Reply | Quote

Myself, I also still keep data and the OS/Programs on distinct drives.
Firstly, for reasons like eikelein outlined – an SSD for what needs to be fast and a data drive for the volume.

Secondly, for backup reasons. Having your files inside an imaging container does you 0 good if your system is down. While such events have indeed become rare, they are not 0. If my system is down, I don’t want to wait until its semi-functional to get work done.

I’m a little surprised at Fred’s change on this front as he used to recommend software that would allow accessing files even from DOS. He’s very particular about layers of backup and protection and yet leaves this gap in accessibility in the event of real trouble.

Personally, I don’t like how Microsoft organizes User files and too many programs dump their own folders in there. I leave all that stuff on the C drive and have my own familiar folder structure on the Data drive. Doing it the Microsoft way does give you some minor advantages in using their software but I’m not much of a fan of that either. I don’t use a Mac because you have to do it the Mac way in Mac world but Windows seems to be drifting that way too.

I understand Paul T’s suggestion but I’ve never found organizing files by size all that useful. I’d rather have all my music together, and so forth.

Reply | Quote

I understand Paul T’s suggestion but I’ve never found organizing files by size all that useful. I’d rather have all my music together, and so forth.

Having music files in one place, not on C:, is what I meant.

cheers, Paul

Reply | Quote

I have windows 10 and all program installations on my SSD (C:) and my My Documents folder on E: (2 TB HDD) (with picture and music)

I use Karen’s Tools, from 2002, for my backup, precisely for the same reason as DavidFB. I like my backup files to be accessible in DOS (i.e., not stored in some proprietary all-in-one format). And, I don’t trust zip files, long term storage, as I’ve lost too many file collections to zip files somehow getting corrupted.

Reply | Quote

I use Karen’s Tools, from 2002, for my backup

Karen passed away years ago. Her backup program hasn’t been updated in 14 years and DOES NOT back up open files. If you don’t do your backup’s from outside Windows (which Karen’s old program can’t operate from), you can’t depend on files not being open.

Reply | Quote

I don’t trust zip files, long term storage, as I’ve lost too many file collections to zip files somehow getting corrupted.

There are also numerous zip file recovery utilities about – for free. FWIW, Microsoft’s own Office files and Windows Backup all use zip archives.

Cheers,
Paul Edstein
[Fmr MS MVP - Word]

Reply | Quote

I have windows 10 and all program installations on my SSD (C:) and my My Documents folder on E: (2 TB HDD) (with picture and music)

I use Karen’s Tools, from 2002, for my backup, precisely for the same reason as DavidFB. I like my backup files to be accessible in DOS (i.e., not stored in some proprietary all-in-one format). And, I don’t trust zip files, long term storage, as I’ve lost too many file collections to zip files somehow getting corrupted.

Agree with everyone who splits data and OS/programs drives.
1. DON’T want my ~1TB of data imaged, DO want my 100gig OS/programs & settings imaged.
2. DO want my data readily available if my OS crashes.
3. DON’T want to either waste money or lose performance by having everything on either a large SSD or a fast HD. Small SSD + large slow HD is usually the best cost/benefit option.

I agree from bad experience re avoiding ZIPs and proprietary backup formats. I used to use Karen’s Replicator up to recently for the simple and effective straight copy ability. I just switched to Comodo Backup which is easier to use but also has a straight Copy function.

Karen … backup program … DOES NOT back up open files.

It’s not intended for open files [eg OS], but for data files which you should obviously close before running the program.

Lugh.
~
Alienware Aurora R6; Win10 Home x64 1803; Office 365 x32
i7-7700; GeForce GTX 1060; 16GB DDR4 2400; 1TB SSD, 256GB SSD, 4TB HD

Reply | Quote

One option if you have a separate internal disk for backups and “manually” backup to it: Using diskmgmt.msc in an administrator’s command prompt window, set the disk offline between backups. A bit more work but it makes the disk invisible to Win so hopefully ransom ware won’t see it either.

Reply | Quote

This is an interesting discussion about separating OS/progs from data; it is perhaps unfortunate that it may be hidden under the Thread heading of “Protecting your backup files from ransomware”.

Could it be moved to a separate Thread with an appropriate heading, to ensure all with an opinion see it?

Reply | Quote

This is an interesting discussion about separating OS/progs from data; it is perhaps unfortunate that it may be hidden under the Thread heading of “Protecting your backup files from ransomware”.

Could it be moved to a separate Thread with an appropriate heading, to ensure all with an opinion see it?

Thanks, Trev.
Time and time ago I have suggested just that and got shut down for some technical reason.

I believe that the actual origin of this is the fact that all too often an author on WS packs two or three interesting subjects under one header. Then if I want to comment only on one of the three different subjects of an article I am forced to do stuff like I did in post #6:
[INDENT]Fred Langa, … writes in his article “Protecting your backup files from ransomware / Win10 file-management best practice?” …[/INDENT]

IMHO it is about high time that SOMETHING gets done about that, whatever the real reasons may be! The simplest thing seems to be that for example above mentioned Fred Langa post could and IMHO also SHOULD have been three separate shorter posts with their individual titles. “Problem” solved.

Or is it only some maybe by now ancient “policy” of the “we have always done it this way” type? I mean up in the WS hierarchy there definitely are people that can think… 😉

Reply | Quote

This is an interesting discussion … it is perhaps unfortunate that it may be hidden under the [wrong] Thread heading

it is about high time that SOMETHING gets done about that … for example above mentioned Fred Langa post could and IMHO also SHOULD have been three separate shorter posts with their individual titles. “Problem” solved.

Having adminned a vBulletin forum for a decade, there is no vB reason what we’re asking for can’t be done. I agree it should be done this way.

Lugh.
~
Alienware Aurora R6; Win10 Home x64 1803; Office 365 x32
i7-7700; GeForce GTX 1060; 16GB DDR4 2400; 1TB SSD, 256GB SSD, 4TB HD

Reply | Quote

This is an interesting discussion about separating OS/progs from data; it is perhaps unfortunate that it may be hidden under the Thread heading of “Protecting your backup files from ransomware”.

Could it be moved to a separate Thread with an appropriate heading, to ensure all with an opinion see it?

There have been prior discussions on that issue, which crops up from time to time. A recent one, that I can remember, is this:

http://windowssecrets.com/forums/showthread//172985-Need-advice-about-partitioning-SSD-for-new-W10-laptop

Reply | Quote

Would encrypting backups, as with EaseUS ToDo Backup, make them any safer or would Ransomware see through that and ‘over’ encrypt.
(Thanks Fred for an awe-full lot of interesting/useful articles over time.)

Reply | Quote

Encrypting the backup is of little use if:
a. the original files are already compromised.
b. the backup files are targetted – encrypted by ransomware.

Not getting malware is really the only answer.

cheers, Paul

Reply | Quote

“Win10 file-management best practice?”
(My vote for this topic as a separate thread.)

Like others in this discussion, I have been saving user files on a separate partition. Even to the extent of having become blind to the need for, or indeed the evolution of, File History. That is until this article, which led to the more exhaustive, “Best of breed: Win10’s hybrid backup system” of 15th October, 2015. All of which makes me wonder whether to implement File History at least for frequently modified crucial files, but…

In this day of Ultrabooks and “tablets to replace laptops”, carrying around external peripherals or an external USB drive for continuous File History seems to defeat the purpose of those light weight, easily portable, devices. Any suggestions? Dock the PC after each session? Wouldn’t be practical while travelling!

Reply | Quote

I have followed Fred since Langa List days. Since I learned how to separate Data from OS, reinstalling after crashes has become faster. Before the separation (i.e. Win XP), it would take days to reinstall from scratch. I have forgotten the number of times I have had to reinstall Win 7 from scratch on my computers (stability–what stability?). Even with SP1 on DVD, all following Updates (in the hundreds) require many hours to install.

Now, dear readers, why has Fred (and all the other PC writers) gone over to the other side??? Because if he (and they) were to make any comments deemed negative by the Computer Industry, they would no longer have access to any components or programs to review. Thus, with no work of any kind available, he (and they) would be out of a job.

Reply | Quote

Now, dear readers, why has Fred (and all the other PC writers) gone over to the other side??? Because if he (and they) were to make any comments deemed negative by the Computer Industry, they would no longer have access to any components or programs to review. Thus, with no work of any kind available, he (and they) would be out of a job.

If you never see any negative comment from any PC writer then you can’t do much reading.

What components or programs would you imagine Fred has been given access to recently?

Reply | Quote

I’ve relocated my “Users” (like the old “Documents and Settings”) folder to a secondary partition because I’ve done it this way for many years.

I make the change through a registry hack, so doubt it will cause any problems, despite Fred’s protestations.

Reply | Quote

For future reference, when getting a new computer, select a Windows OS version that is Professional or higher, rather than Home or lower. Professional or higher includes the Software Restriction Policy which, when used with standard accounts, prevents malware from executing. The only thing the malware can do is sit there until the next antimalware scan cleans it out. This is how companies with multiple employees prevent them from running crap. They may be able to download it, but they cannot run it. Also great if you have children who are clicking on every bell and whistle the internet offers. Again, they may be able to download something, but that’s where it ends. There are tiny holes in the Software Restriction Policy that could be exploited by a very knowledgeable person, but those holes can be plugged if a user wants to spend about 30 minutes on that. I haven’t bothered, so I can’t properly explain how to do it. For those with Windows Home or lower, there is a way to sort of simulate the Software Restriction Policy and that would be with Parental Controls. I’ve never had a Home version of Windows, so I can’t fully explain this, but my understanding is that Parental Controls is sort of like whitelisting. Each Home user would get a standard account with Parental Controls enabled and a list of allowed executables. Anything attempting to execute that’s not on the whitelist would be blocked.

Reply | Quote

Setting up policies to prevent malware running is beyond most people’s ability. Getting people to run anti virus and perform a backup is hard enough.

cheers, Paul

Reply | Quote

Setting up policies to prevent malware running is beyond most people’s ability.

I can only speak for Windows 7 Professional, where implementing the Software Restriction Policy is very easy. I’ve been using this for about eight years with very little trouble. It only takes a couple of minutes to set up. Here are the paths in the administrator account.

32-bit OS: Start > Administrative Tools > Local Security Policy > User Account Control (select Yes) > Software Restriction Policies > Security Levels > Choose Disallowed or Unrestricted, then right click on your selection to get the task menu and select Set as Default. Next, right click on Designated File Types to get the task menu and select Properties. Scroll down the list of file extensions, select LNK, select Remove, then select Apply and OK. Close Local Security Policy.

64-bit OS: Same as 32-bit, but with an additional rule. In the Software Restriction Policies folder, right click on Additional Rules to get the task menu and select New Path Rule. Browse to C:Program Files (x86), select OK, make sure the security level is Unrestricted, then select Apply and OK.

Removing the LNK extension allows program shortcuts to work, otherwise they would be blocked.

If you are using Windows 8 and Apps from the Windows Store, add the following New Path Rule: C:Program FilesWindowsApps and make sure the security level is Unrestricted.

44238-SRP-Security-Levels

44239-SRP-File-Types

44240-SRP-64-bit-Additional-Rule

Reply | Quote

I can only speak for Windows 7 Professional, where implementing the Software Restriction Policy is very easy. I’ve been using this for about eight years with very little trouble. It only takes a couple of minutes to set up. Here are the paths in the administrator account.

But most Windows 7 users don’t have Windows 7 Professional – only Home Basic or Home Premium – and the process you’ve outlined, simple though it might be, would be beyond them.

Cheers,
Paul Edstein
[Fmr MS MVP - Word]

Reply | Quote

But most Windows 7 users don’t have Windows 7 Professional – only Home Basic or Home Premium.

I understand that, which is why in my initial post (#30) I started out with “for future reference,” since I was just offering a suggestion for the next time someone is thinking about purchasing a new computer.

and the process you’ve outlined, simple though it might be, would be beyond them.

Paul T in post #31 had a similar comment. Since you both have much more experience than I have with individual users, I have to assume you are right. It’s really surprising to me that the average user could not do this.

Reply | Quote

Setting up policies to prevent malware running is beyond most people’s ability. Getting people to run anti virus and perform a backup is hard enough.

cheers, Paul

…besides, for some promoting this would be inti-job-security.

Reply | Quote

Cloudsandskye, I tried tree-climbing what you posted, however, I cannot find the last two or three directories you mentioned, I have Windows 7 Pro 7601 build.

"Take care of thy backups and thy restores shall take care of thee." Ben Franklin, revisted

Reply | Quote

Why not use automatic NAS isolation for ransomware protection.

Thanks to Fred for his continuing and useful comments.

To prevent access by ransomware, I would like to use a program operated external relay so I can switch off my backup NAS when I am not using it.

The key protection from ransomware seems to be a separate NAS which is manually connected only during backup. It would seem practical to automate this process using a simple program controlled USB relay to power up the NAS for each backup event and then turn it off when the backup is done.
The simplest solution would seem to be switching the mains power to the NAS rather than switching the signal cabling between the NAS and the PC.

I envisage the relay being activated by a batch file or similar program than can be scheduled to run periodically. It would run some level of virus check, then power up the NAS, make a backup, and then turn off the NAS.

This leads to the question, how much time elapses between a ransomware infection and its damaging actions becoming visible in my working network? If this delay time is say 4 hours, then my backup interval needs to be longer than 4 hrs to ensure the NAS is off line when the ransomware activates.

It assume it does not matter if the Ransomware is copied to the NAS whilst it is still inactive, as the NAS can be connected to a ‘clean’ computer for disinfection and recovery of its key files.

Comments and guidance from lounge members would be much appreciated.

Thanks, Graeme.

Examples of USB relay units.
http://sigma-shop.com/product/7/usb-relay-controller-one-channel-box.html
http://www.sainsmart.com/relay-1/sainsmart-8-channel-controller-usb-hid-programmable-control-relay-module-kit.html
http://www.robotshop.com/en/devantech-2-channel-usb-relay.html
http://www.yoctopuce.com/EN/products/usb-actuators/yocto-powerrelay

Reply | Quote

The simpleset way to protect your NAS is to have the backup directory write only. Without modify, rename or delete rights there is no way for malware to mangle your files.

cheers, Paul

Reply | Quote

Hi Paul, surely the write only constraint is just a standard software bit setting which the bad guys can preset the virus to bypass. Whereas a custom written Batch File to control the external relay is not something a virus can be preset to handle.
Or are you suggesting a NAS with a physical switch or link that can not be changed by software?
Graeme.

Reply | Quote

The permissions are controlled by the NAS OS and therefore the bad guys can’t change them, unless you manage to install software on the NAS.

cheers, Paul

Reply | Quote

Re: “…I’ve lost too many file collections to zip files somehow getting corrupted.”

Um, really? I’ve used the zip format for 25 years and the arc format for several years before that. Never once can I think of a time when file corruption stopped me from accessing data stored in one of these. File corruption due to faulty hardware, yeah sure. However the zip format has been stable and reliable for me, and it’s important so I am sure to notice if it isn’t.

Not that I’m challenging your experience you understand. Just that it does not match mine.

In general, for long-term data storage and archiving, I agree that the fewer layers, data formats and transformations you do, the better. Backup programs have often used proprietary data formats. The zip format though, I do not consider to be a proprietary file format. But it is a data transformation and if you want the best possible chance of reading a file in 20 years, best not to use it.

Reply | Quote

In general, for long-term data storage and archiving, I agree that the fewer layers, data formats and transformations you do, the better. Backup programs have often used proprietary data formats. The zip format though, I do not consider to be a proprietary file format. But it is a data transformation and if you want the best possible chance of reading a file in 20 years, best not to use it.

That makes about as much sense as not allowing any program to store its data files in anything other than a plain text format. The reality is that just about every program on the market stores its data in a ‘transformed’ format. The zip format looks like being with us for a long time yet, given that Microsoft has adopted it as the default format for Office files, MS Backup, etc. It’s now become so ubiquitous one could argue it’s a de-facto industry standard. And, when it one day gets superseded, I’m sure there’ll be quite a few years before it’s phased out entirely. Besides which, your ‘best possible chance of reading a file in 20 years’ issue seems to beg the question: even without zip, what makes you think there’ll be any other software to read the uncompressed data by then??? No one I know of would be foolish enough to rely on 20-year old backups for which the software to decompress them or read the decompressed content is around.

Cheers,
Paul Edstein
[Fmr MS MVP - Word]

Reply | Quote

The need for offline backups has been known for a long time. Any time you are concerned about malware/ransomware getting through your primary defences, your backups typically become your primary response and strategy.

If those backups are online then the danger is that the malware can find them and infect/encrypt/mess with them. One article I read even suggested that downed VMs were not adequately isolated because those VMs can be booted up through an electronic interface. Which makes it theoretically possible for malware to do just that.

This isn’t the article I was thinking of, when the subject was raised. It does however discuss many of the issues involved.

Your backup drive needs a backup plan: Three ways to safeguard the data

There are limits to how effectively you can protect your data. Knowing the fundamentals though, can safeguard you from the most common and plausible events you will encounter.

Reply | Quote