Michael Horowitz

The down side of automated backups

December 26, 2011 4:42 PM EST
The last place you would expect to hear anything negative about backing up files, is a blog on Defensive Computing. Yet here we are.

Previously I've warned about the way some off-site backup companies and their automated software work. Simply put, if you delete a file by accident, many companies will delete their off-site backup of the file 30 days later.

But a recent story in PC World, pointed up another potential problem.  

The story was about a new strain of ransomware, software that encrypts files on a Windows computer and holds them hostage until the victim pays to decrypt them.

Of course, if someone pays, there is no guarantee that their files will, in fact, be decrypted. Not to mention that their  credit card may be used shortly thereafter to buy some high end stereo systems.

What was new this time around was that the ransom Trojan offered a free trial, decrypting a few files to prove it worked. No big woop, in and of itself, but it got me thinking

What if this happened on a computer with automated backups? No doubt the backup software would see the newly encrypted files as having been updated (which they were) and start backing up the now maliciously encrypted files.

Oops.  

Unless the backup scheme supports versioning, the ransomware software could end up impacting both the original files and their backups.

I have always been a bit hesitant about over-automating backups.

Software running constantly in the background strikes me as an accident waiting to happen, as this case of unintended consequences illustrates. And automatically detecting every file update requires a tight integration with the operating system, another potential trouble-spot.  

Then too, if the backup system is too automated, it may break silently. That is, if the backup process has no visible user interface, there may well be nothing to see when it suffers a problem.  

This is not to argue that automated backup is, in and of itself, bad. Any techie will tell you that any flavor of backup is better than none.

Just keep in mind, the next time you hear about an automated backup system being the best thing since sliced bread, that there are two sides to every coin.