Helping people with computers... one answer at a time.

An external hard drive does run certain risks when it comes to malware, but often not the ones we think of. Avoiding malware remains the best solution.

I have an external drive that I use to backup my data, and it is permanently connected to a USB port. Is there a significant risk that a virus could enter my system destroying all my data including the data on the external drive? (I use Norton protection package that comes with Comcast).

I won't call it significant, but yes, there is a risk.

And what you describe isn't even the biggest risk.

That being said, I'll put it this way: when coupled with good behaviour and good tools, I leave my external hard drives plugged in all the time as well.

I'll tell you why.

First, yes, it's quite possible that there are viruses out there that will simply seek out and destroy data on every device connected to your computer, including external hard drives and perhaps even remote network connections.

"So in my opinion you're actually more at risk that your external hard drive becomes infected as a carrier than you are for any data loss."

But those types of incredibly destructive viruses are pretty rare these days. I actually wouldn't expect to come across one that simply destroys everything.

Viruses are more ... purposeful ... these days.

They typically want to do two things:

  • send spam, or steal data and information

  • copy themselves to more systems

Destroying everything doesn't accomplish the first goal - in fact it's somewhat counterproductive.

It's the second goal we want to be wary of.

In recent years, several fairly major viral infections were the result of viruses that figured out how to copy themselves to USB thumbdrives. That way, when people inserted a thumbdrive into an infected system that drive became infected itself - a "carrier" of the infection. Then when placed into another uninfected machine the virus copied itself from the thumbdrive to the formerly clean system, infecting it.

Now, while I said "USB Thumbdrive", in fact many of the viruses would copy themselves to any removable media on your system.

Including - you guessed it - your external USB hard drive.

It is, after all, removable media.

So in my opinion you're actually more at risk that your external hard drive becomes infected as a carrier than you are for any data loss. If that drives become infected, and you then take it to another machine, you run the risk of carrying the infection with you.

For what it's worth, I also don't think leaving it plugged in all the time really has much of an impact one way or another. The act of plugging it in - perhaps to perform your backups - is enough for a virus to spread to the drive if your machine is infected.

I'm not meaning to be trite here, but the real solution is not to get infected in the first place.

Do all the things you already know how to do to keep your system clean. The net result is that as part of your system your external hard drive would be protected as well.

And I'm quite OK leaving it plugged in all the time. If nothing else it means that your backups are more likely to happen - be they manual or automatic. As you also know, backups are pretty darned important. Balanced against the practical risks we've just been discussing I'd much rather leave it plugged in all the time so that those backups actually happen.

Article C4264 - April 17, 2010 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

April 20, 2010 8:35 AM

I disagree here Leo. Assuming that this is the writer's only backup it should be disconnected when it is not in use. If something fries the computer's harddrive it will be likely to take out the USB drive too. Backups should be kept physically away from what they are backing up.

And I disagree. Smile

If this really is his only backup, clearly he's not taking all the steps he should I agree, but I want him to remain as likely as possible to continue backing up. That means removing all the barriers possible, which means leaving it plugged in so that backups happen.

In addition to this backup he should be doing the offsite/firesafe/whatever thing, but in practice I believe he's more likely to a) not do backups regularly if it's not plugged in, and b) encounter a problem where a daily backup would be the solution. The firesafe/offsite solution, while important is less likely to be needed.

Frank Lawrentz
April 20, 2010 11:01 AM

Leo, I question the wisdom of leaving external devices with the unit one is backing up. If there is a fire or theft, I'd say you're pretty much screwed. My removables used for backups are put in a firesafe and/or moved off site. It can be a hassle to always do manual backups, but I rest easier knowing I've increased the odds I won't lose all my data.
Thanks for all your advice and tips!!

Rick Lewis
April 20, 2010 11:25 AM

Disconnecting the external drive makes automatic backups impossible. Also, 99% of the people who do simple backups won't go through the trouble of putting them in a firesafe or moving them offsite. Yes, it does give you an extra level of protection, but so does locking yourself in the house during flu season to keep from getting sick. It's just not practical.
I'm with Leo here.

April 20, 2010 11:54 AM

Very good analysis of todays modern Virus. While in the old days virus's would just destroy everything in their path, today they are more oriented towards identity theft and financial theft. Keystroke logging is also a big thing too.

Most people would probably never know they had one.

There is a new wave of Virus that poses itself as an *anti* Virus, which request that the user install the thing onto their system. which most folks do (from my experience at least).

Thanks for keeping us Edumucated!

Sandy Smith
April 21, 2010 6:16 PM

I don't like the idea of leaving them connected either... I think it's safer disconnected. But to each his own here - as long as the "user" has thought it through...

Also, wouldn't the drive last longer if it's not "used" except for writing to it for backup? If the rest of the time it's put away.

John Neeting
May 4, 2010 5:08 PM

While the ultimate security is overkill for the average user [ Stored backups off site ] for us paranoid joe paypackets like me - I have a complete copy of everything on large USB drives so I can mirror in real time without spending additional time each week doing it. One thing I do, do is have the power packs all plugged into one distributor so that when I log off or shut down the PC, the power pack array switches off a few seconds later; so while they are still physically connected to the PC [ all 6 of them ]they appear to not exist as they have no power. When I log on or restart the PC, the power packs start also. Being on a home network, I can additionally mirror critical data to another USB drive attached to another machine essentially 'off site' as it's in the business office up the back yard. I recon I just about covered worst case scenario.

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to to ask your question.