Last week I mentioned backup in passing, as part of an examination of the need to update router firmware. A properly configured router offers some protections, but any system, no matter how good, can be breached. When that happens, backup is the final safeguard for your data. I haven't mentioned backup in any serious way for more than a year, so now it's time again. But first ...
Perhaps you've already updated the firmware in your router. If not, that's something you should do right now. Log on to the router and work through the menus until you find an option to check for a firmware update. This varies slightly from one router to another, so contact the vendor who sold you the router if you get stuck.
In general, the process is easy enough. Just (1) find the advanced settings; look for (2) firmware update; (3) if an update exists, install it; and (4) if the router offers an option for automatic updates, turn it on. And 0nce you've updated the router's firmware, you're safe, right?
Click any of the smaller images for a full-size view. To dismiss the larger image, press ESC or tap outside the image.
Sorry, but no.
VPNFilter is the threat of the day. Other threats target the operating system, applications you run, and email. No matter how many you block, there's one more out there just waiting to get through.
So many people are using so many tricks to gain access to your computer that you might think the situation is hopeless and — if you think that — you're not far from the truth. Hardware flaws, software flaws, operating system flaws, and user errors can all be used by criminals.
Hardware flaws like the router vulnerability. Software flaws like attacks that use applications such as Adobe Flash. Operating system flaws like the 11 critical faults Microsoft patched earlier this month. And users: Phishing emails continue to be the primary means that crooks use to plant malware that could steal credentials, encrypt your files and hold them for ransom, or secretly exfiltrate important information from your computer.
No matter how smart, paranoid, or suspicious you are, somebody who sincerely wants access to your computer will find a way to get it. There's only one safeguard: Backup.
Most people understand that already and many probably have a backup system in place. But have you examined your backup system recently? Have you checked to see whether you can restore files from backup? The only thing worse than having no backup is having an untested backup that fails when you need it the most.
If someone uses a malware attack to exfiltrate your data, it's gone. It may still be on your computer or on your server, but somebody else has it. You can't force those who have seen your files to un-see them. But if somebody stages an attack on your system that encrypts files or deletes them, recovery is relatively easy if you have a solid, verified backup.
“Easy” is a relative term. If you have to spend hours or days (or even weeks) recovering data that a crook encrypted or destroyed, you may not think that “easy” is the right term. If the only other option is losing the data, the term does take on a more nuanced meaning.
What happens if an author loses every novel or article? Or if a videographer's latest project disappears before it's complete? Regardless of your business, would you be able to recover if your accounts receivable files were no longer available?
The Gartner Group says that 43% of companies were immediately out of business following a major loss of computer records. Another 51% permanently closed within 2 years. So the survival rate is just 6%. Those odds are not in your favor.
Because of the VPNFilter exploit, I decided to update my Wi-Fi router. Then it seemed like a good idea to review my backup procedures. Routers generally should be replaced every 3 to 5 years and I examine my backup process annually to ensure that it's performing as expected.
Some people create a directory called “backup” on the hard drive and copy important files there, thinking that they have created a secure backup.
What they don't realize is that a simple disk failure, less common these days than in the past but still plausible, would render both the original and the duplicate files unusable. So would any attack intended to encrypt or damage files, a fire, or a theft.
At the very least, the data on your computer should be backed up to a drive that's stored off-site or to a cloud-based backup system such as CrashPlan.
Backup services such as CrashPlan are not foolproof and you could still lose files, but so unlikely that it's hardly worth considering. Still, it's important to be aware of the potential for loss. Most backup services ensure that files from your computer will be stored in one other location — the backup provider's servers.
A few high-priced backup systems add another step by backing up files on their system to a separate off-site location. This extra step reduces the chances of data loss, but the increase in safety is minimal and the additional cost is substantial.
With an off-site backup, two failures would need to occur before data was lost: The disk drive on your computer would have to fail and the off-site system's disk drive with your data would also have to fail. Possible? Yes, but not at all likely.
Another potential threat exists. An automatic backup system would back up files that have been damaged or encrypted. In that case, the backup would be unable to restore good files. Some on-line backup systems include file versioning so that older versions of files can be recovered. CrashPlan includes this by default.
Versioning has two primary advantages: The ability to recover earlier good versions of files that have been damaged by malware and also the ability to recover previous versions of files that have been corrupted by user error.
User error? Maybe you opened a Word document, planning to use only some of the text to create a new version of the file. After making changes, you saved the new file using the old file name. Oops! Now the original is gone.
Versioning would allow you to recover the earlier file.
CrashPlan's versioning means that operator error or file corruption are no longer fatal to important files. If you need to recover an earlier version of a single file because of operator error, you'll be able to pick one from a list.
If it's a file that changes frequently (see the example at the right), you'll have a long list of alternates to choose from.
Versioning also offers protections from malware that damages or encrypts files. Because it's possible to set a recovery date in the past, you can recover previous versions of entire folders or even the contents of entire disk drives.
I use a multi-step backup process that combines on-line backup with multiple local file copies.
The boot drive is imaged using Acronis True Image on Wednesday and Sunday to different disk drives. It is not backed up to an off-site drive and this is a defect, but one I'm willing to live with. A worst-case scenario could destroy the boot drive and both backups; then I would need to obtain a new computer and reinstall all the applications.
Essential files are backed up continuously to CrashPlan.
Essential files are also backed up daily to a local network attached storage (NAS) drive and all data drives are backed up weekly to local USB drives using GoodSync.
Files on the NAS drive are never more than 1 day old. Files on the local USB drives are never more than 1 week old. Files on the CrashPlan server are rarely more than 1 hour old. Files on the NAS and USB drives can be recovered faster but could also be destroyed by a fire or other event that destroys the primary computer.
The boot drive is not backed up to CrashPlan because operating system files and directories are so dynamic that attempting to back them up to CrashPlan causes a lot of trouble. The twice-weekly backup to different USB drives with Acronis True Image is sufficient.
To lose a data file, several things would have to happen simultaneously:
A fire, tornado, or earthquake could destroy the data drives, the external USB drives, and the NAS drive, but the CrashPlan backup would still be available. If all local media was destroyed and the cloud-based CrashPlan server was also destroyed, I would lose a lot of data; but if something like that happened, there would doubtless be a lot more to be concerned about than lost data files.
The backup system I use is not perfect. As I said at the outset, no system is. My system might work for you, or it might be too much or too little. Regardless, now is a good time to review how your files are safeguarded, to ensure that files can be restored, and to consider how you might improve your system.
Check out the various applications on their respective websites:
A new version of Camtasia, TechSmith's video capture and editing tool, was released this week. A full review will follow, but users of version 9 or earlier might want to check it out now. Although TechSmith's screen capture program, SnagIt, can also capture screen video and allows limited editing, anyone who depends on video to document a computer process needs Camtasia.
It's not an inexpensive program. But at $250 (upgrades $100) Camtasia gives documentation specialists the ability to create high quality videos without the need to learn more complex applications such as Adobe Premiere. The Adobe application is far more flexible and feature rich than Camtasia, but it's also intended for use by video professionals.
Four new features, along with faster video rendering, look like good reasons for updating. In addition to being faster Camtasia 2018 offers:
The new version looks like it contains some solid improvements and I'll have a full review in a few weeks. In the meantime, you can check it out on the TechSmith website and download a trial version.
Fortnite is a popular video game. It will be available for Android devices later this summer, but it's not ready yet. However, if you search for the terms "android" and "fortnight", you might find a link that promises to help you install the game on an Android device. Follow that link and you won't get Fornight, but the crooks who posted the link will make a profit from you.
Apple and Google both have stores that attempt to vet and verify posted apps. Malware laden apps do occasionally get through because nothing is 100% safe, but your chances are better there than just randomly wandering around the internet and downloading things. And in this case, there's really no malware — just a con game.
According to the Malwarebytes blog, there are several videos on YouTube with links claiming to be for Android versions of Fortnite despite the fact the game has yet to be released for Android.
Dishonest developers have stolen the Fortnite icon from the IOS version of the game, along with the Epic Games logo, so it looks legitimate and so does the screen that displays while the fake app appears to be loading. That screen image was also stolen from the IOS version. Even the theme music is there, but the Malwarebytes blog says that eventually the user will see a screen that requires "mobile verification."
Once that's provided, the the user will see a pop-up that mentions unlock instructions and then redirects to the Google Play store. That doesn't sound dangerous, does it? It's a scam. Some of the users who are delivered to the Play store will mistakenly download other applications and that's where the con comes in. The developers of those applications (innocent, by the way) end up paying the referring website a commission.
Malwarebytes offers some basic advice: Every time there is craze around a new video game release, we see malware authors jumping into the game. They capitalize on that little itch that screams “I want it now!” We suggest listening to that other inner voice that warns, “This seems too good to be true.”
It's the internet. Trust nothing.
Adobe announced yet another video application this week, one that's aimed at enabling easier video editing on portable devices and faster results to get videos on the web sooner. Currently it's called Project Rush, it's in beta, and users have to sign up for it.
Much like the new version of Lightroom that's offered along with Lightroom Classic, Project Rush seems to be aimed at mobile users who want to edit video on their mobile devices, but may also want to edit on notebook or desktop computers. Adobe says that Project Rush is available on mobile and desktop and that work is automatically synced to the cloud. As a result, video captured on a phone can be edited there initially and then refined on a desktop. Rush has the same features on mobile and desktop.
Adobe's current video applications are complex, from Prelude and Premiere to After Effects and Media Encoder. The goal is to create a single tool that's used for everything. Users will capture video using Rush, then edit, add filters, optimize audio, and select customizable titles (motion graphics templates). When the video is complete, the user can add a thumbnail, schedule the post, and publish it to multiple social platforms.
Rush leverages features from Premiere (color correction, for example) and draws on Audition for comprehensive audio editing, including noise suppression. If you'd like to try the beta version of Project Rush, you can apply on Adobe's website.
