|
How do I prevent
malware from infecting my backed up data?
Is
it a myth? Can you back up a virus? Can that virus first destroy
your data and then come back to haunt you when you perform restores?
It is possible, however, there ways and means to ensure that
this doesn't happen. Here's how.
I have received several emails asking me whether
it is possible to backup and restore a virus. These emails
weren't from mad people wanting to restore a virus that probably
caused the loss of data in the first place. They're normal people
who want to know whether you can actually archive a copy of
a virus, spyware or some other sort of malware in your regular
archive and whether unwittingly you can restore the virus?
The answer depends on what malware type has
infected your computer and what type of backup you are performing.
In broadest terms, you can classify three types
of backup products: traditional backup products (e.g., WinBackup),
imaging software and rollback applications (See, Rollback
Software or Backup: But Which One to Choose?). Imaging software
takes an image of your hard drive at a particular point in time;
so whatever is installed at that point will be replicated viruses,
Trojans, spyware and all.
Rollback software is safer because it reverts
you to a previous safer position but if certain files are infected
it doesn't award you complete protection. Backup software,
on the other hand, is the safest even thought there are
loop holes.
In any case, if you have an effective anti-virus
and anti-spyware running, then in all probability you won't
backup the virus, spyware or the malware application itself
or infected file.
Viruses are programs or pieces of code
that are designed to perform a negative operation without your
permission. Viruses are usually loaded, without your knowledge,
through Floppy, CD or similar devices, through networks and
through the Internet.
Certain viruses (e.g., boot sector files) can
never be backed up because backup software does not backup your
boot sector. However, other types may be backed up. You may
also inadvertently backup quarantined files, corrupt registry
settings and/or damaged documents.
Viruses are normally executable files and unless
you back up that actual file, you cannot restore that file.
If the virus is packed into a ZIP or other form of archive file
such as RAR or ARJ, then you may back the virus by mistake,
unless your anti-virus has quarantined or deleted the zip itself.
However, the virus may corrupt certain data files or your Word
templates, and so you may back up the corrupted files as well.
So, in effect, you may restore the corrupted
template or file based on that template. After restoring these
files you may have to end up running your anti-virus again.
It is always advisable to handle quarantined
files in very special ways so be sure that you follow the instructions
given by your anti-virus company.
However, how do you tackle corrupt registry
settings? This may be very difficult unless you have rollback
software or backup software that allows you to revert to a previous
safe position. If you don't have either of these types of applications
you may have to reinstall the actual application from your master
CD. This may take some time but it may be the only way to return
to a clean PC.
You are not solely at the mercy of viruses.
Malware consists of Trojans, Spyware, Adware, Keyloggers and
Diallers, Root Kits; and these may threaten your PC at any point
in time even though you may have the latest software updates.
Keyloggers and diallers are programs and are tackled in the
same way as viruses. If you don't back up the executable, then
you will not infect future restores.
Trojans are malicious programs that disguise
themselves as a useful or benign software "tricking"
recipients into opening or installing them on their systems.
These may be easy to backup unless they have been singled out
by your anti-virus or anti-spyware software.
Any software that collects information on the
user without his or her knowledge is spyware. This software
usually transmits the information (email addresses, passwords,
URLs visited, credit card details) gathered via the Internet
to a third-party. Most applications use the data collected for
advertising purposes - others write spyware to collect data
and, once collected, to sell that data to third parties. Spyware
applications are usually bundled as a hidden component of free-
or shareware that are downloaded through the Internet. Similar
to a Trojan horse, users unwittingly install the product which
contains the spyware (disguised). Spyware uses up computer memory
and other resources while also effecting your bandwidth as it
sends all the collected data through your Internet connection.
This often leads to crashes and/or general system instability.
ISTbar is a rampant low threat spyware program
that installs other spyware and adware programs while displaying
pop-ups adverts from adult sites, changing your Internet explorer
homepage to slotch.com, and adding a toolbar to your Internet
Explorer.
It is when the malware effects your settings
(e.g., preferences and/or registry settings via root kits) that
you have to pay greater attention. In the case of the ISTbar
spyware, for example, your imaging software will replicate
this malware and you would still need to flush out the threat
with anti-virus/spyware products. Rollback products will
take you to a previous safe position but certain specific preferences
may still be changed.
Backup software provides the best protection
especially if you backup your system settings and preferences
regularly. Sadly, however, not all backup products allow
you to this.
How do you prevent this?
Well, in essence good anti-virus software and anti-spyware is
a must. Don't forget to update these regularly. A firewall and
WinTasks will help you plug in the remaining holes and give
you a cleaner and safer environment. I would also use backup
software as this minimises the threats of infecting backup archives.
In future, will we have backup software coming
with some sort of heuristics that check out your data for anything
that may resemble malware before backing it up or restoring
it?
Experience Uniblue products
Click here to run a demonstration of:
RegistryBooster 2 - Clean, repair, and optimize your system.
SpeedUpMyPC 3 - Maximise system performance.
SpyEraser 2 - Protect your PC against privacy threats.
|
