Wednesday, November 7, 2007

Why backup?

Although this does relate to the previous article I wrote (see “O.K. You Now Have Thousands of Digital Photos, Now What?”), I thought it was important to dedicate a section just to backups. I recently had a client come to me that told me his laptop had been stolen when he walked away from a table he was sitting at to go to the restroom. As it turns out, this man had an extensive database of confidential information about his clients on his laptop… and ONLY his laptop. He kept no backups of the data on his desktop (because he didn’t want people getting into it when he wasn’t there). This raises several topics, only a few of which I will touch on at this moment.
1. If you are going to have your data in one place, then MAKE BACKUPS.
2. A laptop is NOT a reliable means of storing your data for long term purposes.
3. If your laptop gets stolen and you do not take the appropriate precautions in securing your data then you are liable for any information that may be obtained from said device.

In today’s day and age, backups of data are more critical now, than they ever were. People store photos, music, documents, databases, applications and much more on their computers and many times need to refer back to them for one reason or another. Hard drives are very reliable these days and getting more reliable all the time. However, the fact remains that hard drives have moving parts in them (to spin them up and to move the read/write head back and forth). Although not having them will significantly reduce the amount of data loss problems people have, it won’t eliminate the need for backups all together. I recommend to everyone (including home users) that they run at a minimum monthly, backups. Good practice is weekly full backups and daily incremental backups. I will go into more details on that in a few minutes.

Backups can be done on CD, DVD or if you want to protect your data, put it on a password protected flash drive. These can store a tremendous amount of data these days and are very reliable. If you have an enormous amount of data (over 10GB) it is probably advisable that you either backup to Tape or external hard drive. Tape is more reliable, but it is more expensive, thus the hard drive option will probably make more sense for most people.

Let’s get down to basics. What is a backup? A backup is a copy of a file or files that you want to keep for a long time, if not indefinitely. Backups are grouped into three different categories, and pay attention because it can be a little confusing:

Full Backups – Which backs up all of the selected data in a given set.
Incremental Backups – Which backs up all of the data that has not been backed up since the last backup. (not the last full)
Differential Backups – Which backs up all of the data that did not get backed up since the last full.

So, the first thing people usually ask is “Isn’t an Incremental Backup the same as a Differential Backup then?” The answer is No. An incremental backup backs up all of the data that has not been backed up since the last backup. That’s ANY TYPE of backup. The last backup could have been another incremental, or it could have been a differential. The downside to incremental backups is that to do a full restore of data and have it UP TO DATE, you must have a full backup AND EVERY incremental backup that took place up to the date you want to restore to. Whereas, if you are doing fulls and differentials, you only need the last full and the last differential.

Okay, that covers the basics.

Physical Backups vs. Online Backups
There has been a lot of discussion (see Brian’s comments in “O.K. You Now Have Thousands of Digital Photos, Now What?”) regarding online backups and physical backups such as CD or Flashdrive.

Online backups (such as Dell Datasafe and EVault) have come a long way, but from a personal standpoint it will be a while before I exclusively trust an online backup company. Basically the way it works is, you load software on your computer and your computer securely encrypts your data and sends it to a server somewhere on the Internet. In theory, should you lose your data or hard drive then you can download your files from your backups. My main concerns with this method are the fact that these companies are new and there is no way of telling who will be around in ten years and who won’t. What if a company goes under and you are not informed? You’ve lost your data. Or what if your data is damaged in transit or your files get corrupted enroute? You’ve lost your data. Worse yet is the fact that although everyone’s Internet connections are improving (speed-wise), if you have gigabytes of data then it can take hours, days or even weeks to do a single backup. This is why I prefer physical backups and if necessary use online backups as a secondary backup.

Physical Backup Software
Now on to software. Keep in mind, that I try to aim this Blog at the home user. If you want to know good business or enterprise grade backup solutions, then post a comment and I’ll be happy to expand on that. So as far as software goes for backing up there are hundreds (if not thousands) of choices. So I will just mention a couple of my favorites. Microsoft’s Backup & Restore that is native to Windows XP (and Server 2003) is very good for the average user (and most power users). It is actually a scaled down version of the professional backup software “Backup Exec”. Nero works very well and is getting better all the time, however it has a lot of auxiliary components that install (various little do dads that do nothing but take up memory and CPU usage). Roxio has several backup software products that do well. Almost all of these products can do the three types of backups listed above. If all you are backing up is photos and video, then Picasa does a good job (see the above mentioned article).

Regarding Theft of Data
The most important thing you can do if your data is stolen is file a police report IMMEDIATELY. Next, contact as many people as possible that you believe may have been compromised by this loss of data, INCLUDING your employer if their data was in the stolen set. Any delay in not contacting all those involved puts you and them at risk.

Thursday, November 1, 2007

Viruses, Hoaxes and Zombies... Oh! My!

There has been an ever growing quantity of Spam on the Internet these days and we all notice it. From erectile dysfunction ads to hair loss ads to gibberish emails that make no sense what-so-ever it is just out of control. The big question... Why?

Why is Spam so out of control?
The problems with Spam can be be isolated down to 3 major problems:
1. The desire for specific individuals (or groups of individuals) with a desire to bring the Internet to a halt.
2. Home and Business users with insufficient virus protection (I'll explain in a minute)
3. Zombies

What is the point of the gibberish emails?
Many of the junk emails (Spam) that users get these days is basically gibberish or a collection of words that mean nothing at all. This is because these emails are not there to inform you of anything. They are there to simply get through your Spam filters and fill up your email box.

Who 'dun it?
Although computers are sophisticated, let's face it, only a human can set the ball in motion when it comes to setting up a program. So, let's address the first topic: Who is doing the Spamming?

There are those out there who for several reasons have a desire to bring the Internet (and businesses connected to the Internet) to a halt. These are people who have a complete aversion to technology (a bit of irony here as they use technology to cause the attacks); People who feel that our technological / informational society is out of control; and those who simply like the power kick of causing disruption to others. These are the primary culprits when it comes to Spam transmissions.

How they do their 'dirty work' is where things get really interesting and that takes us to our next two topics.

Home and Business users with insufficient virus protection
The average home user has some form of virus protection normally given to them freely by their ISP or a trial that they downloaded from a company such as McAfee or Symantec or Trend Micro. The major problem is almost all (decent quality) antivirus programs out there require a subscription (at least for home users) to maintain their antivirus definitions.

Many home users simply either forget to update their subscriptions or just can't afford to keep them up to date and thus get out of date on their virus definitions making them more susceptible to an attack. Given their vulnerable state, all the user has to do is inadvertently access a malicious website and voila! They have downloaded a virus and been compromised. Now, these viruses are much more complicated than your typical "I'll destroy your data" virus.

These viruses are designed to load a special piece of software (or softwares) on your computer called server engines. These server engines are actual email transmission servers that operate in the background of the computer where you can not see. The only thing that may give an indication that you have been taken over is a very slow computer or many pop-ups.

This brings us to the next topic: Zombies

What is a Zombie?
A Zombie is a computer attached to the Internet that has been compromised by a security cracker/hacker, a computer virus, or a trojan horse. Generally, a compromised machine is only one of many in a "botnet", and will be used to perform malicious tasks of one sort or another under remote direction (such as using your computer as an email server to send Spam email.)

What does this mean exactly?
It means that the virus that the user downloaded inadvertently, installed a piece of software that contacted a main computer somewhere on the Internet. That main computer then told the computer that it will be responsible for a specific malicious task, for example; The master computer tells the computer to transmit out 1,000 emails to a given set of addresses. The user's computer than acknowledges the command and begins transmitting. Keep in mind, these addresses are NOT from the address book of the user's computer, they are a set of addresses predefined by the Spam Master Host (or sometimes a defined parameter such as 500 different names for domain

Now, it's one thing having a single computer sending out 1,000 emails that are Spam, but these masters typically communicate with thousands of home computers. So for example you take 1,000 "zombied" computers all talking to a master computer and that master computer tells it's "botnet" to each transmit 1,000 emails and suddenly the Internet is flooded with 1 million false emails going into people's email accounts.

Keep in mind these example numbers are all very small numbers compared to the reality of what's going on. According to PC Magazine (August 2007) there is on average 800 thousand Spam emails in transmission every second of the day. That amounts to 69.1 billion Spam emails flying around the Internet per day!

What can the average user do about it?
Two things:
1. Use a high quality antivirus program such as Symantec, McAfee or Trend Micro
2. Keep your antivirus definitions UP TO DATE!

It may cost you a little money, but you know the old saying "An once of prevention is worth a pound of cure." Spend a little money now and save yourself hundreds (if not thousands) of dollars in headaches later. It also never hurts to have a computer professional check out your computer just to ensure that everything is running fine and make sure you have no unknown threats floating about. Have them run SpyBot (A good free spyware removal software) and a good Antivirus to check for problems.