|
|
| Next: Scr Files |
| Author |
Message |
carpal tunnel
Joined: Dec 24, 2003
Posts: 6
|
 Posted: Wed Dec 24, 2003 7:31 pm Post subject: |
|
|
I always thought this to be somewhat of an imposibility, but i thought i'd ask anyway.
I have an external USB have drive that i have data backed up to every night. My backup software runs trasparently and simply creates anouther copy of my data on the external drive(along with some archives of previous copies). The problem with this setup is that the backup medium is an actual hard drive, and thus, if a virus were to wipe my system, it would be gone as well.
The question being, is there any way of preventing a virus from doing this? Posible ideas include limiting write access to the drive to the backup program, however i'm not sure this would do much good either, especialy if the virus goes boot.
As far as i can see, the ideal backup solution for me is anouther HD, but this risk has always nagged at me as a downside. tape is too expensive, most other media is not automated. What shall i do?
Thanks for any insight |
|
| Back to top |
|
 |
Ricardo
Joined: Oct 23, 2003
Posts: 179
|
| Posted: Wed Dec 24, 2003 9:06 pm Post subject: |
|
|
|
| What about if you make a new administrator level account called, say, Backup and format your USB drive with NTFS.
Set the NTFS security permission on your USB drive so your account has read permission but only Backup has write permission. Then set your backup tasks to run using the Backup account either using the Run As facilitiy or, if your using Task Scheduler, then give the username and password of the task as the Backup account.
Any viruses will be running under your account with your privileges and so will be prevented from changing the data on your USB drive.
|
|
|
| Back to top |
|
|
carpal tunnel
Joined: Dec 24, 2003
Posts: 6
|
| Posted: Wed Dec 24, 2003 10:13 pm Post subject: |
|
|
Excellent!!!
This is exactly the kind of thing i was looking for! Never thought of that, but thats what these forums are for, right?
I will report back as to how it goes.
Any chance a virus could change my own privilages? My account is an admin(running XP pro), couldnt it change the my privilages to write?
(this does not seem likely however)
Many thanks! |
|
| Back to top |
|
|
carpal tunnel
Joined: Dec 24, 2003
Posts: 6
|
| Posted: Thu Dec 25, 2003 1:26 am Post subject: |
|
|
Well, i am having some problems.
one of lesser importance is that when i schedual the backup program to start on startup under the backup user acount, i cannot see any of the activity of the program. not a biggy, as log as it works
the big problem is that the backup program can now NOT copy my personal files, because of course they are assigned to my acount, not the new backup account. I suppose i could reasign all the files on the drive with permision for the backup account, but would that apply to newly created files? The other option is to give this new account administrator privlages... which i tried and doesnt seem to work... but should work, so i'll try again. isnt there a security risk in doing this though? |
|
| Back to top |
|
|
falliston
Joined: Feb 17, 2003
Posts: 2184
Location: Edmonton, Canada
|
| Posted: Thu Dec 25, 2003 10:52 am Post subject: |
|
|
In my opinion, the only way to keep the backup clean is to keep it disconnected until its time to back up, and follow stringent safety measures on the PC in between.
Keeping it disconnected means that if the PC does get hosed, the drive isn't accessible and is therefore safe. Keeping the PC clean, and doing a full virus scan before connecting the drive should keep it safe.
Remember that a lot of virii don't just run and disappear. They load files, or infect present files on the harddrive. Any such file that isn't detected by your anti-virus app is going to be backed up to the external, as that is precisely what your backup app does.
The only truly perfect firewall/anti-virus tool out there is a pair of sidecutters. |
|
| Back to top |
|
|
Ricardo
Joined: Oct 23, 2003
Posts: 179
|
| Posted: Thu Dec 25, 2003 2:41 pm Post subject: |
|
|
To answer some of your questions:-
When you run a scheduled task as another account from the one you're logged on as, the running task doesn't interact with your desktop and so you'd have to keep checking the Last Run Time in Task Scheduler to check it's still running and if you ever changed the password for the Backup account it doesn't automatically sync with the credentials stored in Task Scheduler - the new password would need to be entered here as well.
Maybe you could use a clever batch file trick to create a file with the current day's date as it's name onto your desktop.
Could a virus running under your administrator account change your permissions back to Full Control? Even though your account has only read permissions on the
USB drive you are going to be the owner of all the files and folder on the USB drive and the owner always has the Write DAC permission which is the Change Permissions permission. So the answer is yes - in theory. You could therefore log on as the Backup account and seize ownership of everything on the USB drive. Again, in theory, a virus operating under your Administrative level account could seize back ownership of the USB drive. To be bulletproof you can take the final step of denying your account Write Ownership permission - let's see a virus get around that.
The Backup account can't backup your data. If the Backup account is only used for running a backup program I can't see any problem making it a member of Administrators.
It's common to have the Administrators group and the System account having full control over the whole drive of a computer. Check the security permissions for the files and folders you want to backup and if necessary add either the backup account or the administrators group - you'll need to go to Advanced and check "Replace permission entries on all child objects etc.". New files created in a folder inherit the folder's security settings.
I see Falliston's point that virus-affected files on your main drive will be backup up the the USB drive. Maybe you'll only have to backup immeduiately after scanning your personal files with newly-downloaded definitions. |
|
| Back to top |
|
|
goretsky
Joined: Dec 07, 2002
Posts: 9041
Location: Southern California
|
| Posted: Thu Dec 25, 2003 7:56 pm Post subject: |
|
|
Hello,
As far as I know it would be fairly difficult to infect a hard disk drive in an external USB enclosure with a master boot record or boot sector virus since a rather specific set of conditions would have to occur (system handles USB drive as an INT13h device, system booted from virus-infected floppy diskette, and so forth) so I assume for purposes of this discussion you are talking only about viruses which infected files. Is that correct?
If so, then you are correct in your assumption that a virus-infected file could be transferred from your primary hard disk drive(s) to your backup hard disk drive and/or affect (modify or delete) the files on it.
Ricardo gives an excellent explanation of how to limit access to backed up files in order to reduce the likelihood of a virus being able to affect the files on your backup hard disk drive, but there is still an issue of a virus running under the Administrator-privilege 'Backup' account or a compromised backup program.
Admittedly, the likelihood of this is infinitesimal, but still non-zero.
Aside from general computer hygiene activities such as keeping up to date with operating system and anti-virus vendor patches, not running software from untrusted sources, and so forth probably the best way to keep your backups virus-free is to not backup any files capable of being infected by a computer virus. In other words, do not backup any files containing executable code and only use data file formats which do not incorporate macro languages. Depending upon the type of data files you work with though this may or may not be a practical solution.
As FAlliston suggested, keeping your backup set offline is one way to reduce the chance of infection. For especially critical files you might want to consider making additional backups to a write-once media, such as CD-R or DVD±R discs. Although this might not prevent you from backing up a computer virus if the files are already infected by one, it will prevent the files--if they are free of computer viruses--from subsequently being infected. Also, they might help you build an audit trail to determine from where and when your system became infected.
I know that this discussion might sound alarming, but try to keep in mind we're talking about some events which have a very low likelihood of occurring in the "real world" outside of a test environment in very specialized configurations. Overall, you're doing a good job of backing up your data and keeping it free of viruses. It really isn't that much of a big deal if you back up a virus-infected file: You just have to be extra-careful when restoring it, that's all.
Regards,
Aryeh Goretsky |
|
| Back to top |
|
|
councillor
Joined: Dec 07, 2002
Posts: 361
|
| Posted: Thu Dec 25, 2003 8:36 pm Post subject: |
|
|
| Yrs ago, I hated Norton for many reason's BUT I was wondering what the forum thinks is today's most reliable virus program out here..?? |
|
| Back to top |
|
|
gsterry
Joined: Dec 05, 2002
Posts: 6949
|
| Posted: Fri Dec 26, 2003 8:06 am Post subject: |
|
|
| Quote: |
| Yrs ago, I hated Norton for many reason's BUT I was wondering what the forum thinks is today's most reliable virus program out here..?? |
Sounds like a good topic for a new thread  |
|
| Back to top |
|
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
| |
|
|
General