Helping people with computers... one answer at a time.

Backing up manually will not give you better options in recovering from malware. In fact, it could easily be worse than an automated system.

In reference to Matt Honan's problems, I wholeheartedly agree that one should do frequent backups. However, turning my backups over to an automated program seems to be a very easy way to back up a virus or a trojan or any other problem on your system. I would much rather set up a reminder to a do a backup regularly. At least when I do a backup, I have some sense that my system is behaving normally at that time.

In this excerpt from Answercast #49, I look at the idea that backing up manually will prevent malware from being backed up. It's just not so.

Scheduling backups

I disagree with you actually, and I disagree fairly strongly.

  • It's much too easy to skip doing backups when you have yourself in the loop.

  • In other words, when the backups rely on you remembering or reacting to a reminder or anything like that.

Backing up viruses

Now, the problem that you are mentioning about backing up Trojans and viruses and so forth. Yes, it absolutely happens.

  • If you get a virus on Tuesday;

  • Then the backup you take Tuesday night will, in fact, include the virus in the backup.

But a proper backup system will let you do something very important and that is:

  • They will let you restore your machine to the state it was on Monday;

  • Or some time before the infection occurred;

  • Which means that everything that happened on Tuesday is lost.

Yes, if you were doing work on Tuesday, you might lose that. There are still ways to potentially recover specific pieces of work, but if you recover your entire system to the state it was on before the virus actually appeared, then you've recovered:

  • You've got your machine back without the virus;

  • And all that is quite possible just using an automated backup system that does backups every night;

  • Without your needing to think about it.

Automated is better

So, like I said:

  • I strongly disagree with making yourself a critical part of the backup process.

  • Backups are simply too important;

And the reason you are insisting being part of the process, I think, is not an appropriate one. There are ways to recover to positions prior to the viruses and malware appearing on your system.

You might not notice malware

Again, don't take this the wrong way, but:

  • Just because you believe a machine is acting appropriately;

  • Doesn't mean that you aren't backing up something on your machine that you didn't want;

  • Like malware, or a virus, or a bot, or something else;

And you may not discover it for several days later. So you may in fact yourself have manually backed up your virus.

Again, the only way to recover from that kind of thing with a proper backup system is to restore to a backup that was taken prior to the malware appearing. An automated backup system makes that easy.

Article C5767 - September 3, 2012 « »

Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

1 Comment
September 4, 2012 12:44 PM

OK, suppose I inadvertently back up with malware on my computer, then a month later after the malware has been removed, incrementally backup my computer. If I restore the entire computer from the latest incremental backup, will the malware still be gone?

As always it depends on the backup software you're using, but a backup image is supposed to represent a snapshot in time. So if on Monday you remove a virus and on Tuesday you backup then the snapshot as of Tuesday would not have the virus. It gets complicated only because with incremental backups you might still be able to restore to the snapshot as of Monday when the virus was present, but as long as you only restore to Tuesday you should restore to a virus-free state. (Or, rather, whatever state your machine was on on Tuesday.)

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to to ask your question.