Helping people with computers... one answer at a time.
It's possible for malware to become part of a backup if your machine is infected at the time of the backup. It's not the end of the world.
I have read your many archives and there you suggested to backup regularly. I agree. But honestly I want to know that backup images (I use Paragon Backup & Recovery) can be infected by virus? I've 500GB of HDD and I backup all my data regularly to my another 100GB partition but if virus still can infect those image files then what does it worth?
Can a backup be infected with malware? Absolutely. I'll explain how that happens.
Does that make the backup useless? Absolutely not. I'll explain how the backup continues to remain both important and valuable even if it happens to contain malware.
And finally, I'll review how to avoid the situation in the first place.
The simplest scenario is this:
your machine becomes infected with malware
before any anti-malware tools clean it up, you backup your machine
If you're doing system/image backups, you've just backed up the malware. Even if you're just doing data backups, it's possible that you've just backed up the malware.
In addition, if you backup by simply copying files, then the backup location may also be vulnerable to direct infection. Say you periodically copy the contents of your My Documents folder to an external drive to back them up. Malware comes along and scans your machine for all ".doc" files and infects them - both in your My Documents folder, as well as the backup files you have stored on your external drive. It's just an example, but some malware does work this way - scanning your machine for files or drives to infect.
The good news is that most common backup tools actually collect the files being backed up into a single large archive. Acronis, for example, creates ".tib" files containing your backed-up system or data. While theoretically possible, once these backups have been made even if they remain online and accessible, they're not typically vulnerable to further infection.
But yes, it's quite possible for a backup to contain malware, through any of a number of scenarios that depend on exactly how you backup.
While an infected backup is something to be avoided it's not the end of the world, and doesn't invalidate the backup.
If a backup is infected there are generally two scenarios where it's still extremely valuable:
Restore uninfected files. If you've backed up your entire system with an image backup, for example, there's nothing that says you must restore the entire image. Most backup programs will let you extract and restore specific files and folders from that image. Since an image backup by definition has everything, you know that the data files you care about are there - so in case you need them you can restore just those files, by-passing any malware that might be elsewhere in the backup image.
Restore & Clean. Your backup's infected, and you know it. That means you know to take extra precautions should you need to restore it completely. For example, you might restore to a different disk and then immediately run up-to-date anti-malware scans on the restored data. Or you might disconnect your machine from your network, restore the system image and then once again immediately run up-to-date anti-malware scans to rid it of the infections. It's not guaranteed, it's not ideal, but it's one way of getting what you need from that backup without having to throw it away completely.
"It's not ideal" is the truth - there's no getting around that you might be restoring in infection when you restore an infected system image. That doesn't invalidate the backup, but it does mean you have to be careful and take additional steps to stay safe.
The ideal is very simple: don't get infected in the first place.
If people put as much energy into preventing infection as they did into recovering from (or planning to recover from) an infection, I'm convinced it'd be much less costly overall.
And the rules are ones we all know: keep Windows up to date, don't click on links in email that you aren't absolutely positive are valid, don't open attachments or file transfers that you're not expecting or from people that you don't know, and so on.
If you don't get infected in the first place, then you won't be backing up an infection. Very simple.
Another approach to reducing the impact is to keep your backups for a while. If you perform a daily backup, for example, then on Wednesday you realize that on Tuesday your machine became infected and you backed it up, you can simply restore to Monday's backup before the infection occurred.
Put your energy into staying safe in the first place. Then, if somehow you end up with an infected backup, be sure to take care should you use it to recover your data.
Comments on this entry are closed.
If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.
If you don't find your answer, head out to http://askleo.com/ask to ask your question.