Viruses, Trojans and Malware in general

Introduction

Viruses, worms, Trojans, and bots are all part of a class of software called malware. Malware or malicious code (malcode) is short for malicious software. It is code or software that is specifically designed to damage, disrupt, steal, or in general inflict some other “bad” or illegitimate action on data, hosts, or networks.

There are many different classes of malware that have varying ways of infecting systems and propagating themselves. Malware can infect systems by being bundled with other programs or attached as macros to files. Others are installed by exploiting a known vulnerability in an operating system (OS), network device, or other software, such as a hole in a browser that only requires users to visit a website to infect their computers. The vast majority, however, are installed by some action from a user, such as clicking an e-mail attachment or downloading a file from the Internet.

Some of the more commonly known types of malware are viruses, worms, Trojans, bots, back doors, spyware, and adware. Damage from malware varies from causing minor irritation (such as browser popup ads), to stealing confidential information or money, destroying data, and compromising and/or entirely disabling systems and networks.

Malware cannot damage the physical hardware of systems and network equipment, but it can damage the data and software residing on the equipment. Malware should also not be confused with defective software, which is intended for legitimate purposes but has errors or bugs.

Classes of Malicious Software

Two of the most common types of malware are viruses and worms. These types of programs are able to self-replicate and can spread copies of themselves, which might even be modified copies. To be classified as a virus or worm, malware must have the ability to propagate. The difference is that a worm operates more or less independently of other files, whereas a virus depends on a host program to spread itself. These and other classes of malicious software are described below.

Viruses

A computer virus is a type of malware that propagates by inserting a copy of itself into and becoming part of another program. It spreads from one computer to another, leaving infections as it travels. Viruses can range in severity from causing mildly annoying effects to damaging data or software and causing denial-of-service (DoS) conditions. Almost all viruses are attached to an executable file, which means the virus may exist on a system but will not be active or able to spread until a user runs or opens the malicious host file or program. When the host code is executed, the viral code is executed as well. Normally, the host program keeps functioning after it is infected by the virus. However, some viruses overwrite other programs with copies of themselves, which destroys the host program altogether. Viruses spread when the software or document they are attached to is transferred from one computer to another using the network, a disk, file sharing, or infected e-mail attachments.

Worms

Computer worms are similar to viruses in that they replicate functional copies of themselves and can cause the same type of damage. In contrast to viruses, which require the spreading of an infected host file, worms are standalone software and do not require a host program or human help to propagate. To spread, worms either exploit a vulnerability on the target system or use some kind of social engineering to trick users into executing them. A worm enters a computer through a vulnerability in the system and takes advantage of file-transport or information-transport features on the system, allowing it to travel unaided.

Trojans

A Trojan is another type of malware named after the wooden horse the Greeks used to infiltrate Troy. It is a harmful piece of software that looks legitimate. Users are typically tricked into loading and executing it on their systems. After it is activated, it can achieve any number of attacks on the host, from irritating the user (popping up windows or changing desktops) to damaging the host (deleting files, stealing data, or activating and spreading other malware, such as viruses). Trojans are also known to create back doors to give malicious users access to the system.

Unlike viruses and worms, Trojans do not reproduce by infecting other files nor do they self-replicate. Trojans must spread through user interaction such as opening an e-mail attachment or downloading and running a file from the Internet.

Bots

“Bot” is derived from the word “robot” and is an automated process that interacts with other network services. Bots often automate tasks and provide information or services that would otherwise be conducted by a human being. A typical use of bots is to gather information (such as web crawlers), or interact automatically with instant messaging (IM), Internet Relay Chat (IRC), or other web interfaces. They may also be used to interact dynamically with websites.

Bots can be used for either good or malicious intent. A malicious bot is self-propagating malware designed to infect a host and connect back to a central server or servers that act as a command and control (C&C) center for an entire network of compromised devices, or “botnet.” With a botnet, attackers can launch broad-based, “remote-control,” flood-type attacks against their target(s). In addition to the worm-like ability to self-propagate, bots can include the ability to log keystrokes, gather passwords, capture and analyze packets, gather financial information, launch DoS attacks, relay spam, and open back doors on the infected host. Bots have all the advantages of worms, but are generally much more versatile in their infection vector, and are often modified within hours of publication of a new exploit. They have been known to exploit back doors opened by worms and viruses, which allows them to access networks that have good perimeter control. Bots rarely announce their presence with high scan rates, which damage network infrastructure; instead they infect networks in a way that escapes immediate notice.

Best Practices for Combating Viruses, Worms, Trojans, and Bots

The first steps to protecting your computer are to ensure that your OS is up to date. This means regularly applying the most recent patches and fixes recommended by the OS vendor. Secondly, you should have antivirus software installed on your system and download updates frequently to ensure that your software has the latest fixes for new viruses, worms, Trojans, and bots. Additionally, you want to make sure that your antivirus program can scan e-mail and files as they are downloaded from the Internet. This will help prevent malicious programs from reaching your computer. You may also want to consider installing a firewall.
Additional Definitions and References

Exploit

An exploit is a piece of software, a command, or a methodology that attacks a particular security vulnerability. Exploits are not always malicious in intent—they are sometimes used only as a way of demonstrating that a vulnerability exists. However, they are a common component of malware.

Back Door

A back door is an undocumented way of accessing a system, bypassing the normal authentication mechanisms. Some back doors are placed in the software by the original programmer and others are placed on systems through a system compromise, such as a virus or worm. Usually, attackers use back doors for easier and continued access to a system after it has been compromised.

Backups

Did you know…

… that 66% of Internet users have suffered serious data loss?

In information technology, a backup, or the process of backing up, refers to the copying and archiving of computer data so it may be used to restore the original after a data loss event.

Backups have two distinct purposes. The primary purpose is to recover data after its loss, be it by data deletion or corruption. Data loss can be a common experience of computer users. The secondary purpose of backups is to recover data from an earlier time, according to a user-defined data retention policy, typically configured within a backup application for how long copies of data are required. Though backups popularly represent a simple form of disaster recovery, and should be part of a disaster recovery plan, by themselves, backups should not alone be considered disaster recovery. One reason for this is that not all backup systems or backup applications are able to reconstitute a computer system or other complex configurations such as a computer cluster, active directory servers, or a database server, by restoring only data from a backup.

Since a backup system contains at least one copy of all data worth saving, the data storage requirements can be significant. Organizing this storage space and managing the backup process can be a complicated undertaking. Nowadays, there are many different types of data storage devices that are useful for making backups. There are also many different ways in which these devices can be arranged to provide geographic redundancy, data security, and portability.

Before data is sent to its storage location, it is selected, extracted, and manipulated. Many different techniques have been developed to optimize the backup procedure. These include optimizations for dealing with open files and live data sources as well as compression, encryption, and de-duplication, among others. Every backup scheme should include dry runs that validate the reliability of the data being backed up. It is important to recognize the limitations and human factors involved in any backup scheme.

Any backup strategy starts with a concept of a data repository. The backup data needs to be stored somehow and probably should be organized to a degree. It can be as simple as a sheet of paper with a list of all backup tapes and the dates they were written or a more sophisticated setup with a computerized index, catalog, or relational database. Different repository models have different advantages. This is closely related to choosing a backup rotation scheme.

Unstructured
An unstructured repository may simply be a stack of floppy disks or CD-R/DVD-R media with minimal information about what was backed up and when. This is the easiest to implement, but probably the least likely to achieve a high level of recoverability.

Full only / System imaging
A repository of this type contains complete system images from one or more specific points in time. This technology is frequently used by computer technicians to record known good configurations. Imaging is generally more useful for deploying a standard configuration to many systems rather than as a tool for making ongoing backups of diverse systems.

Incremental
An incremental style repository aims to make it more feasible to store backups from more points in time by organizing the data into increments of change between points in time. This eliminates the need to store duplicate copies of unchanged data, as would be the case with a portion of the data of subsequent full backups. Typically, a full backup (of all files) is made which serves as the reference point for an incremental backup set. After that, any number of incremental backups are made. Restoring the whole system to a certain point in time would require locating the last full backup taken previous to the data loss plus each and all of the incremental backups that cover the period of time between the full backup and the point in time to which the system is supposed to be restored. Additionally, some backup systems can reorganize the repository to synthesize full backups from a series of incrementals.

Differential
A differential style repository saves the data since the last full backup. It has the advantage that only a maximum of two data sets are needed to restore the data. One disadvantage, at least as compared to the incremental backup method, is that as time from the last full backup (and, thus, data changes) increase so does the time to perform the differential backup. To perform a differential backup, it is first necessary to perform a full backup. After that, each differential backup made will contain all the changes since the last full backup. Restoring an entire system to a certain point in time would require locating the last full backup taken previous to the point of the failure or loss plus the last differential backup since the last full backup.

Note: Vendors have standardized on the meaning of the terms “incremental backup” and “differential backup”. However, there have been cases where conflicting definitions of these terms have been used. The most relevant characteristic of an incremental backup is which reference point it uses to check for changes. By standard definition, a differential backup copies files that have been created or changed since the last full backup, regardless of whether any other differential backups have been made since then, whereas an incremental backup copies files that have been created or changed since the most recent backup of any type (full or incremental). Other variations of incremental backup include multi-level incrementals and incremental backups that compare parts of files instead of just the whole file.

Reverse delta
A reverse delta type repository stores a recent “mirror” of the source data and a series of differences between the mirror in its current state and its previous states. A reverse delta backup will start with a normal full backup. After the full backup is performed, the system will periodically synchronize the full backup with the live copy, while storing the data necessary to reconstruct older versions. This can either be done using hard links, or using binary diffs. This system works particularly well for large, slowly changing, data sets. Examples of programs that use this method are rdiff-backup and Time Machine.

Continuous data protection
Instead of scheduling periodic backups, the system immediately logs every change on the host system. This is generally done by saving byte or block-level differences rather than file-level differences.[5] It differs from simple disk mirroring in that it enables a roll-back of the log and thus restoration of old image of data.

Storage media

Regardless of the repository model that is used, the data has to be stored on some data storage medium somewhere.

Magnetic tape
Magnetic tape has long been the most commonly used medium for bulk data storage, backup, archiving, and interchange. Tape has typically had an order of magnitude better capacity/price ratio when compared to hard disk, but recently the ratios for tape and hard disk have become a lot closer.[6] There are myriad formats, many of which are proprietary or specific to certain markets like mainframes or a particular brand of personal computer. Tape is a sequential access medium, so even though access times may be poor, the rate of continuously writing or reading data can actually be very fast. Some new tape drives are even faster than modern hard disks. A principal advantage of tape is that it has been used for this purpose for decades (much longer than any alternative) and its characteristics are well understood.

Hard disk
The capacity/price ratio of hard disk has been rapidly improving for many years. This is making it more competitive with magnetic tape as a bulk storage medium. The main advantages of hard disk storage are low access times, availability, capacity and ease of use.[7] External disks can be connected via local interfaces like SCSI, USB, FireWire, or eSATA, or via longer distance technologies like Ethernet, iSCSI, or Fibre Channel. Some disk-based backup systems, such as Virtual Tape Libraries, support data deduplication which can dramatically reduce the amount of disk storage capacity consumed by daily and weekly backup data. The main disadvantages of hard disk backups are that they are easily damaged, especially while being transported (e.g., for off-site backups), and that their stability over periods of years is a relative unknown.

Optical storage
Recordable CDs, DVDs, and Blu-ray Discs are commonly used with personal computers and generally have low media unit costs. However, the capacities and speeds of these and other optical discs are typically an order of magnitude lower than hard disk or tape. Many optical disk formats are WORM type, which makes them useful for archival purposes since the data cannot be changed. The use of an auto-changer or jukebox can make optical discs a feasible option for larger-scale backup systems. Some optical storage systems allow for cataloged data backups without human contact with the discs, allowing for longer data integrity.

Floppy disk
During the 1980s and early 1990s, many personal/home computer users associated backing up mostly with copying to floppy disks. However, the data capacity of floppy disks failed to catch up with growing demands, rendering them unpopular and obsolete.

Solid state storage
Also known as flash memory, thumb drives, USB flash drives, CompactFlash, SmartMedia, Memory Stick, Secure Digital cards, etc., these devices are relatively expensive for their low capacity. A solid state drive does not contain any movable parts unlike its magnetic drive counterpart and can have huge throughput in the order of 500Mbit/s to 6Gbit/s. SSD drives are now available in the order of 500GB to TBs.

Remote backup service
As broadband internet access becomes more widespread, remote backup services are gaining in popularity. Backing up via the internet to a remote location can protect against some worst-case scenarios such as fires, floods, or earthquakes which would destroy any backups in the immediate vicinity along with everything else. There are, however, a number of drawbacks to remote backup services. First, Internet connections are usually slower than local data storage devices. Residential broadband is especially problematic as routine backups must use an upstream link that’s usually much slower than the downstream link used only occasionally to retrieve a file from backup. This tends to limit the use of such services to relatively small amounts of high value data. Secondly, users must trust a third party service provider to maintain the privacy and integrity of their data, although confidentiality can be assured by encrypting the data before transmission to the backup service with an encryption key known only to the user. Ultimately the backup service must itself use one of the above methods so this could be seen as a more complex way of doing traditional backups.

Managing the data repository

Regardless of the data repository model or data storage media used for backups, a balance needs to be struck between accessibility, security and cost. These media management methods are not mutually exclusive and are frequently combined to meet the needs of the situation. Using on-line disks for staging data before it is sent to a near-line tape library is a common example.

On-line
On-line backup storage is typically the most accessible type of data storage, which can begin restore in milliseconds time. A good example would be an internal hard disk or a disk array (maybe connected to SAN). This type of storage is very convenient and speedy, but is relatively expensive. On-line storage is quite vulnerable to being deleted or overwritten, either by accident, by intentional malevolent action, or in the wake of a data-deleting virus payload.

Near-line
Near-line storage is typically less accessible and less expensive than on-line storage, but still useful for backup data storage. A good example would be a tape library with restore times ranging from seconds to a few minutes. A mechanical device is usually involved in moving media units from storage into a drive where the data can be read or written. Generally it has safety properties similar to on-line storage.

Off-line
Off-line storage requires some direct human action in order to make access to the storage media physically possible. This action is typically inserting a tape into a tape drive or plugging in a cable that allows a device to be accessed. Because the data is not accessible via any computer except during limited periods in which it is written or read back, it is largely immune to a whole class of on-line backup failure modes. Access time will vary depending on whether the media is on-site or off-site.

Off-site data protection
To protect against a disaster or other site-specific problem, many people choose to send backup media to an off-site vault. The vault can be as simple as a system administrator’s home office or as sophisticated as a disaster-hardened, temperature-controlled, high-security bunker that has facilities for backup media storage. Importantly a data replica can be off-site but also on-line (e.g., an off-site RAID mirror). Such a replica has fairly limited value as a backup, and should not be confused with an off-line backup.

Backup site or disaster recovery center (DR center)
In the event of a disaster, the data on backup media will not be sufficient to recover. Computer systems onto which the data can be restored and properly configured networks are necessary too. Some organizations have their own data recovery centers that are equipped for this scenario. Other organizations contract this out to a third-party recovery center. Because a DR site is itself a huge investment, backing up is very rarely considered the preferred method of moving data to a DR site. A more typical way would be remote disk mirroring, which keeps the DR data as up to date as possible.

Selection and extraction of data

A successful backup job starts with selecting and extracting coherent units of data. Most data on modern computer systems is stored in discrete units, known as files. These files are organized into filesystems. Files that are actively being updated can be thought of as “live” and present a challenge to back up. It is also useful to save metadata that describes the computer or the filesystem being backed up.

Deciding what to back up at any given time is a harder process than it seems. By backing up too much redundant data, the data repository will fill up too quickly. Backing up an insufficient amount of data can eventually lead to the loss of critical information.
Files

Copying files
Making copies of files is the simplest and most common way to perform a backup. A means to perform this basic function is included in all backup software and all operating systems.

Partial file copying
Instead of copying whole files, one can limit the backup to only the blocks or bytes within a file that have changed in a given period of time. This technique can use substantially less storage space on the backup medium, but requires a high level of sophistication to reconstruct files in a restore situation. Some implementations require integration with the source file system.

Filesystems

Filesystem dump
Instead of copying files within a filesystem, a copy of the whole filesystem itself can be made. This is also known as a raw partition backup and is related to disk imaging. The process usually involves unmounting the filesystem and running a program like dd (Unix). Because the disk is read sequentially and with large buffers, this type of backup can be much faster than reading every file normally, especially when the filesystem contains many small files, is highly fragmented, or is nearly full. But because this method also reads the free disk blocks that contain no useful data, this method can also be slower than conventional reading, especially when the filesystem is nearly empty. Some filesystems, such as XFS, provide a “dump” utility that reads the disk sequentially for high performance while skipping unused sections. The corresponding restore utility can selectively restore individual files or the entire volume at the operator’s choice.

Identification of changes
Some filesystems have an archive bit for each file that says it was recently changed. Some backup software looks at the date of the file and compares it with the last backup to determine whether the file was changed.

Versioning file system
A versioning filesystem keeps track of all changes to a file and makes those changes accessible to the user. Generally this gives access to any previous version, all the way back to the file’s creation time. An example of this is the Wayback versioning filesystem for Linux.

Live data

If a computer system is in use while it is being backed up, the possibility of files being open for reading or writing is real. If a file is open, the contents on disk may not correctly represent what the owner of the file intends. This is especially true for database files of all kinds. The term fuzzy backup can be used to describe a backup of live data that looks like it ran correctly, but does not represent the state of the data at any single point in time. This is because the data being backed up changed in the period of time between when the backup started and when it finished. For databases in particular, fuzzy backups are worthless.

Snapshot backup
A snapshot is an instantaneous function of some storage systems that presents a copy of the file system as if it were frozen at a specific point in time, often by a copy-on-write mechanism. An effective way to back up live data is to temporarily quiesce it (e.g. close all files), take a snapshot, and then resume live operations. At this point the snapshot can be backed up through normal methods. While a snapshot is very handy for viewing a filesystem as it was at a different point in time, it is hardly an effective backup mechanism by itself.

Open file backup
Many backup software packages feature the ability to handle open files in backup operations. Some simply check for openness and try again later. File locking is useful for regulating access to open files.
When attempting to understand the logistics of backing up open files, one must consider that the backup process could take several minutes to back up a large file such as a database. In order to back up a file that is in use, it is vital that the entire backup represent a single-moment snapshot of the file, rather than a simple copy of a read-through. This represents a challenge when backing up a file that is constantly changing. Either the database file must be locked to prevent changes, or a method must be implemented to ensure that the original snapshot is preserved long enough to be copied, all while changes are being preserved. Backing up a file while it is being changed, in a manner that causes the first part of the backup to represent data before changes occur to be combined with later parts of the backup after the change results in a corrupted file that is unusable, as most large files contain internal references between their various parts that must remain consistent throughout the file.

Cold database backup
During a cold backup, the database is closed or locked and not available to users. The datafiles do not change during the backup process so the database is in a consistent state when it is returned to normal operation.

Hot database backup
Some database management systems offer a means to generate a backup image of the database while it is online and usable (“hot”). This usually includes an inconsistent image of the data files plus a log of changes made while the procedure is running. Upon a restore, the changes in the log files are reapplied to bring the copy of the database up-to-date (the point in time at which the initial hot backup ended).

Metadata

Not all information stored on the computer is stored in files. Accurately recovering a complete system from scratch requires keeping track of this non-file data too.

Manipulation of data and dataset optimization

It is frequently useful or required to manipulate the data being backed up to optimize the backup process. These manipulations can provide many benefits including improved backup speed, restore speed, data security, media usage and/or reduced bandwidth requirements.

Compression
Various schemes can be employed to shrink the size of the source data to be stored so that it uses less storage space. Compression is frequently a built-in feature of tape drive hardware.
Deduplication
When multiple similar systems are backed up to the same destination storage device, there exists the potential for much redundancy within the backed up data. For example, if 20 Windows workstations were backed up to the same data repository, they might share a common set of system files. The data repository only needs to store one copy of those files to be able to restore any one of those workstations. This technique can be applied at the file level or even on raw blocks of data, potentially resulting in a massive reduction in required storage space. Deduplication can occur on a server before any data moves to backup media, sometimes referred to as source/client side deduplication. This approach also reduces bandwidth required to send backup data to its target media. The process can also occur at the target storage device, sometimes referred to as inline or back-end deduplication.
Duplication
Sometimes backup jobs are duplicated to a second set of storage media. This can be done to rearrange the backup images to optimize restore speed or to have a second copy at a different location or on a different storage medium.
Encryption
High capacity removable storage media such as backup tapes present a data security risk if they are lost or stolen.[13] Encrypting the data on these media can mitigate this problem, but presents new problems. Encryption is a CPU intensive process that can slow down backup speeds, and the security of the encrypted backups is only as effective as the security of the key management policy.
Multiplexing
When there are many more computers to be backed up than there are destination storage devices, the ability to use a single storage device with several simultaneous backups can be useful.
Refactoring
The process of rearranging the backup sets in a data repository is known as refactoring. For example, if a backup system uses a single tape each day to store the incremental backups for all the protected computers, restoring one of the computers could potentially require many tapes. Refactoring could be used to consolidate all the backups for a single computer onto a single tape. This is especially useful for backup systems that do incrementals forever style backups.
Staging
Sometimes backup jobs are copied to a staging disk before being copied to tape. This process is sometimes referred to as D2D2T, an acronym for Disk to Disk to Tape. This can be useful if there is a problem matching the speed of the final destination device with the source device as is frequently faced in network-based backup systems. It can also serve as a centralized location for applying other data manipulation techniques.

Managing the backup process

It is important to understand that backing up is a process. As long as new data is being created and changes are being made, backups will need to be updated. Individuals and organizations with anything from one computer to thousands (or even millions?) of computer systems all have requirements for protecting data. While the scale is different, the objectives and limitations are essentially the same. Likewise, those who perform backups need to know to what extent they were successful, regardless of scale.
Objectives

Recovery point objective (RPO)
The point in time that the restarted infrastructure will reflect. Essentially, this is the roll-back that will be experienced as a result of the recovery. The most desirable RPO would be the point just prior to the data loss event. Making a more recent recovery point achievable requires increasing the frequency of synchronization between the source data and the backup repository.

Recovery time objective (RTO)
The amount of time elapsed between disaster and restoration of business functions.

Data security
In addition to preserving access to data for its owners, data must be restricted from unauthorized access. Backups must be performed in a manner that does not compromise the original owner’s undertaking. This can be achieved with data encryption and proper media handling policies.

Limitations

An effective backup scheme will take into consideration the limitations of the situation.

Backup window
The period of time when backups are permitted to run on a system is called the backup window. This is typically the time when the system sees the least usage and the backup process will have the least amount of interference with normal operations. The backup window is usually planned with users’ convenience in mind. If a backup extends past the defined backup window, a decision is made whether it is more beneficial to abort the backup or to lengthen the backup window.

Performance impact
All backup schemes have some performance impact on the system being backed up. For example, for the period of time that a computer system is being backed up, the hard drive is busy reading files for the purpose of backing up, and its full bandwidth is no longer available for other tasks. Such impacts should be analyzed.

Costs of hardware, software, labor
All types of storage media have a finite capacity with a real cost. Matching the correct amount of storage capacity (over time) with the backup needs is an important part of the design of a backup scheme. Any backup scheme has some labor requirement, but complicated schemes have considerably higher labor requirements. The cost of commercial backup software can also be considerable.

Network bandwidth
Distributed backup systems can be affected by limited network bandwidth.

Implementation

Meeting the defined objectives in the face of the above limitations can be a difficult task. The tools and concepts below can make that task more achievable.

Scheduling
Using a job scheduler can greatly improve the reliability and consistency of backups by removing part of the human element. Many backup software packages include this functionality.

Authentication
Over the course of regular operations, the user accounts and/or system agents that perform the backups need to be authenticated at some level. The power to copy all data off of or onto a system requires unrestricted access. Using an authentication mechanism is a good way to prevent the backup scheme from being used for unauthorized activity.

Chain of trust
Removable storage media are physical items and must only be handled by trusted individuals. Establishing a chain of trusted individuals (and vendors) is critical to defining the security of the data.

Measuring the process

To ensure that the backup scheme is working as expected, the process needs to include monitoring key factors and maintaining historical data.

Backup validation
(also known as “backup success validation”) The process by which owners of data can get information about how their data was backed up. This same process is also used to prove compliance to regulatory bodies outside of the organization, for example, an insurance company might be required under HIPAA to show “proof” that their patient data are meeting records retention requirements.[16] Disaster, data complexity, data value and increasing dependence upon ever-growing volumes of data all contribute to the anxiety around and dependence upon successful backups to ensure business continuity. For that reason, many organizations rely on third-party or “independent” solutions to test, validate, and optimize their backup operations (backup reporting).

Reporting
In larger configurations, reports are useful for monitoring media usage, device status, errors, vault coordination and other information about the backup process.

Logging
In addition to the history of computer generated reports, activity and change logs are useful for monitoring backup system events.

Validation
Many backup programs make use of checksums or hashes to validate that the data was accurately copied. These offer several advantages. First, they allow data integrity to be verified without reference to the original file: if the file as stored on the backup medium has the same checksum as the saved value, then it is very probably correct. Second, some backup programs can use checksums to avoid making redundant copies of files, to improve backup speed. This is particularly useful for the de-duplication process.

Monitored backup
Backup processes are monitored by a third party monitoring center. This center alerts users to any errors that occur during automated backups. Monitored backup requires software capable of pinging the monitoring center’s servers in the case of errors. Some monitoring services also allow collection of historical meta-data, that can be used for Storage Resource Management purposes like projection of data growth, locating redundant primary storage capacity and reclaimable backup capacity.

Confusion

Because of a considerable overlap in technology, backups and backup systems are frequently confused with archives and fault-tolerant systems. Backups differ from archives in the sense that archives are the primary copy of data, usually put away for future use, while backups are a secondary copy of data, kept on hand to replace the original item. Backup systems differ from fault-tolerant systems in the sense that backup systems assume that a fault will cause a data loss event and fault-tolerant systems assure a fault will not.

Advice

The more important the data that is stored on the computer, the greater is the need for backing up this data.
A backup is only as useful as its associated restore strategy. For critical systems and data, the restoration process must be tested.
Storing the copy near the original is unwise, since many disasters such as fire, flood, theft, and electrical surges are likely to cause damage to the backup at the same time. In these cases, both the original and the backup medium are likely to be lost.
Automated backup and scheduling should be considered, as manual backups can be affected by human error.
Incremental backups should be considered to save the amount of storage space and to avoid redundancy.
Backups can fail for a wide variety of reasons. A verification or monitoring strategy is an important part of a successful backup plan.
Multiple backups on different media, stored in different locations, should be used for all critical information.
Backed up archives should be stored in open and standard formats, especially when the goal is long-term archiving. Recovery software and processes may have changed, and software may not be available to restore data saved in proprietary formats.
System administrators and others working in the information technology field are routinely fired for not devising and maintaining backup processes suitable to their organization.

Windows 8 beta – Part IV

Personalization and Settings in Windows 8

This article of this series follows on the previous one and on it I will show you the personalization options that Windows 8 has on the Metro side of things. All the options are accessible by positioning the mouse or tapping the right side of the screen, bringing the main menu and clicking on the Settings icon, as shown in Fig. 1:

Fig. 5

When we get the Settings menu, things get a little confusing, because there is a Settings menu right under Start, and another one right at the bottom, that says “More PC Settings”, as seen in Fig. 2, so, which is it?

Fig. 2

The Settings option under Start refers only to personalization to the Start screen, which as of this version, includes only two things: whether or not to show the administrative tools tiles in the Start screen, and the option to clear personal info from the tiles (Fig. 3). I suppose this will be vastly improved by the time Windows 8 is ready to launch, because in its current form it does not improve the experience at all.

Fig. 3

OK, then… what’s under the More PC settings option?… well, that’s exactly where all the options are! A quick look at Fig. 4 and you’ll see that pretty much everything you need is there. Let’s go under the hood and see what’s in each menu!

Fig. 4

In the Personalize screen we can see three options listed at the top: Lock Screen allows us to change the image displayed when the screen is locked, and also specify which apps can run in the background and display status and notifications, even when the screen is locked.
The Start Screen option is where we can change its background color and image (Fig. 5). At this time, these options are very limited to a handful of images and colors (none of which I like, to be honest), and there is no way to upload or choose different ones (minus point for Microsoft on this one!).

Fig. 5

And the last option of this screen is Account picture, where we can choose from an existing picture on our hard drive, take a picture with our webcam or use another app to create one (Fig. 6)

Fig. 6

The next menu is the Users one, where we can change between a Windows Live account and local account (the last option won’t allow us to keep settings between PCs), change our password (it can be text, picture or a PIN), and also create accounts for other users (Fig. 7)

Fig. 7

The third option is Notifications, where we can specify whether or not installed apps can show notifications, if they can show them when the screen is locked, and if they should play a sound when there is a notification. If notifications are on, we can pick which individual apps notifications will be shown for (Fig. 8).

Fig. 8

The next screen is Search (Fig. 9). Here we can clear the search history, specify whether or not we want Windows to save searches for future search suggestions, and whether the apps you search most are shown at the top or not. We can also specify individual apps we want included in searches.

Fig. 9

The next option is Share (this refers to social network sharing, not local network sharing), where we specify if we want a list of the most common used programs to share displayed or not, how many to show in the list, and if the most used go to the top, as well as an individual list of apps that we can enable to use for sharing (Fig. 10)

Fig. 10

The General settings window (Fig. 11) is the one that may be the most useful for a lot of users. The first few options are Time (set up time zone, adjust for daylight savings time automatically), App Switching (allow switching between recent apps, who’d want to turn this off and open one app at a time?), Spelling (autocorrect and highlight misspelled words), Language (input methods, keyboard layout, language options). The last three ones allow you to: Refresh your PC without affecting your files (think about System Restore), Reset your PC and start over (erases everything and leaves the PC as it was the day you bought it), and Advanced Startup: boot from USB or DVD, change Windows startup settings (safe mode, etc.), or restore Windows from a system image.
Depending on how well the security model in Windows 8 works against the many viruses/malware that are certain to target it, these last three options sure will come in handy.

Fig. 11

The next option is Privacy (Fig. 12), which right now only gives us three things we can adjust: whether or not to let applications use our location, let applications use our name and picture, and let apps send URLs they use to the Windows Store for “improvements”. Too little but I can only hope it will improve for the final version.

Fig. 12

The Devices screen shows us what’s connected to our PC/Tablet (Fig. 13), and also presents a strange option for PCs, which is Metered Internet connections. By turning off this option we are supposed to avoid driver download charges when using Windows with  metered data plans? It’s confusing and since I assume it’s geared towards tablets with 3 or 4G built in and metered data plans, I don’t see the point of having this under the Devices category, I think this feature would be a lot more useful for downloads of all kinds of software and given a more prominent placement. We’ll see…

Fig. 13

The Ease of Access screen contains options for changing the look of Windows for people who may have certain visual impairments, and that’s where it ends. The options are: high contrast color schemes, make everything on the screen bigger, shortcuts to turn on the narrator feature, and cursor width (Fig. 14). No other help is offered at this time.

Fig. 14

The Sync your settings screen is actually very complete. Here we can pick which settings we want synchronized between computers (desktop, bookmarks, languages, ease of access, certain app settings, and more) provided that we are using a Windows Live account to store the settings (Fig. 15), If the account is local, this feature is not available.

Fig. 15

And the last screen I’ll show you is the HomeGroup one. Windows Update is really nothing to look at… 🙂 In HomeGroup (Fig. 16) is where we can tell Windows if and what we want to share with other devices (such as a TV that supports media server streaming) on the local network. Documents, music, pictures, videos and printers can be shared easily with other HomeGroup members.

Fig. 16

And this concludes Part IV of this series. I hope the information here helped you understand better what’s coming. In Part V, which will be the last of the series, I’ll go over the Desktop, which I’m sure will bring some comfort to those that don’t like things to change too much too suddenly!

Until then.

Windows 8 beta – Part III

Apps

In Part II of this series, we learned how to move around in the new Windows 8 Metro interface. Now comes the fun part: installing and running apps, so read on!

The App Store

When we are using Metro, all apps are available through the App Store, which is similar to the iTunes store or the Android market in structure. Fig. 1 shows the desktop with the Store tile displayed first on the top left side:

Fig. 1

The number 8 on the tile refers to the number of apps already installed that are ready for an upgrade at this time. Clicking on the tile brings the splash screen shown in Fig. 2, and after a few moments, the main Store interface (Fig. 3).

Fig. 2
Fig. 3

As we can see, apps are presented using groupings, and shown using tiles displaying images/icons for the app, plus its name and public rating. We scroll to the right to access more categories. Let’s see what’s available under the Top Free category (Fig. 4)

Fig. 4

When we click on any of the tiles shown, we access all the information available for the app in a full screen, as seen in Fig. 5. To install the app, we just click on the Install button.

Fig. 5

While installing, we are taken back to the category main screen (Fig. 6), where we can see in the upper right corner of the screen the installation status.

Fig. 6

When we’re done installing we can see the new program’s tile has been added to the Start screen and we are ready to use it (Fig. 7).

Fig. 7

OK, what if I don’t like this app and want to remove it? The answer is simple, we right-click on the tile and a menu will pop-up at the bottom of the screen with the actions we can perform on this program: 1)Unpin from the Start screen, 2)Uninstall it and 3)Make the tile smaller, as shown on Fig. 8:

Fig. 8

To get rid of the app, just click or tap Uninstall, and a confirmation menu will appear, so we click on the Uninstall button to confirm and the app is gone (Fig. 9)

Fig. 9

And this concludes part III of this series. Next: Metro customizations.

If you’d like to share your questions or comments on Windows 8, please register!

See you later!

Windows 8 beta – Part II

What’s up Doc?

In Part I of this series, I covered installation of Windows 8 Consumer Preview, which for those who where looking for big changes from Windows 7 may have been a disappointment. Well, at least until the last part, since that’s where the changes begun with the integration of the new Metro user interface and Windows Live services. In this Part II, we’ll go over these changes.

In Part I of these series, we saw how the login experience changes radically, by integrating the Windows Live account into the mix. This integration is not mandatory, as you will be able to use the new operating system without one, but the experience will be limited to logging on and keeping all your settings on your own PC, as opposed to having an account and settings you can use on anyone’s PC.

Moving around in Windows 8

So, we’re logged on with our Windows Live account, now what? Fig. 1 shows the Metro interface, designed for touch screens but also fully functional with a mouse.

Fig. 1

Here, the most important applications we can access are shown in squares called tiles. We can touch or click on any of them to launch the program, and as we add more programs, which in Metro are installed through the Store, more tiles are added to the right side of the screen. You can simply drag and drop the tiles to rearrange them.

No more Start button!

Microsoft decided for this version of Windows to get rid of the Start button, replacing it instead with the Start screen, which has 4 areas (one in each corner of the screen) that can be activated to perform additional functions. Fig. 2 shows the area at the bottom left corner of the screen, which is programmed to give us access to the Start screen at any time.

Fig. 2

So, no matter what we are doing at any time, we can go back to the Start screen with one click or tap.

Fig. 3 shows the activated upper left corner area of the screen, where we can see and cycle through open apps running in the background. Because the Metro programs run in full screen mode, there are no buttons that can be clicked to minimize, maximize/restore, or to close the windows, so the only way I found to close a running program is to right-click on this corner window and select Close from the pop-up menu.

Fig. 3

Fig. 4 shows what is activated by placing the mouse on the upper and lower right corners of the screen, a simple menu that gives us access to most of the functions in Windows.

Fig. 4

If we put the mouse over one of these icons, at this time we get the following screen, which brings up the labels for each icon and also puts the time and date on the screen (Fig. 5):

Fig. 5

As we can see, the first icon from top to bottom is for Search (both local files and online), the second icon is for Share (let’s say you take a picture with your tablet’s webcam, or have some thoughts to share, you can post it to your Live, Facebook or other accounts immediately), the third icon is also to bring the Start screen to the front, the fourth one is for managing connected devices, and the fifth one is where you can customize and change settings in Metro. This last icon is also the one where you have to go in order to shut down the PC/tablet, if we click or tap on it we get this screen as shown in Fig. 6 and 7:

Fig. 6
Fig. 7

On Part III of these series, I’ll go over the Metro App Store, app installation and customization of the Metro interface. I hope you enjoyed this article and feel free to comment/share with your friends.

See you then!

Windows 8 beta – Part I

Installing to a clean hard drive

Windows 8 Consumer Preview (AKA Beta) is here! and with a lot of changes from Windows 7, as Microsoft gets ready to enter the tablet market, I thought I’d cover installation and daily use for desktop users to stay ahead of the curve.

Installation of this beta version was done inside a virtual machine, with a single processor running at 1.8 GHz, 1 GB of RAM and 20 GB of disk space, to get an idea of how well this OS will perform in a constrained environment.

You can dowload the installer or an .iso image from this page: http://windows.microsoft.com/en-US/windows-8/download

The install process goes a lot like that of Windows 7, I’ll go step by step with these images:

Fig. 1

Once I started the virtual machine with the ISO file for the Windows 8 DVD, and after a few moments, the screen shown in Figure 1 came up, asking for language, time and keyboard settings. I accepted the detected defaults and clicked on the Next button.

Fig. 2

Figure 2 shows what happened next, Windows 8 is ready to install (or so it seems). Let’s click on Install Now and see what happens…

Fig. 3

After a few moments of looking at the screen shown in Figure 3, we get asked to enter the serial number (the one that works for this CP version of Windows 8 is NF32V-Q9P3W-7DR7Y-JGWRW-JFCK8), as Figure 4 illustrates:

Fig. 4

If you don’t enter the serial number, just as in Windows 7, you can still continue with installation, but it will prompt you later. Let’s move on…

Fig. 5

The usual EULA screen appears, so we just click on I accept the license terms and the Next button. Then the real installation begins, with the option to upgrade or do a Custom install, as shown in Figure 6. Since there was nothing to upgrade from, I chose Custom and proceeded.

Fig. 6

Selected the hard drive to install to and clicked Next.

Fig. 7

And Windows proceeded to copy all files, just as it did in the previous version, no news here…

Fig. 8
Fig. 9

When it was done and restarted, I couldn’t help but notice that Microsoft had changed the initial startup logo for that of a fish (???) see Fig. 10. The bubbles form the number 8, but the windows logo is gone. The final version will likely see this replaced.

Fig. 10

After it was done starting, the Personalize screen came up so we can set the background color and PC name. I left the default color on, as none of the others seemed specially applealing, named it test-pc as seen in Fig. 11 and proceeded to the next step.

Fig. 11

The Settings screen is where we specify if we want automatic updates applied automatically, whether or not to send anonymous info to Microsoft to help make Windows and location services better, enable sharing on the network, and also let applications give you personalized content based on your location, name and account picture, as shown in Fig. 12. This is one big change from Windows 7, as we’ll see later, apps are a lot more interactive with the desktop and display changing info. I chose express settings (you can customize as well) and clicked Next.

Fig. 12

The next big change is that now you also have the option to sign in with your Windows Live (or Hotmail) account, for further integration and personalization, access to the future Windows App store, as well as access to your documents, photos and more from anywhere, by synchronizing your content with some of the Windows Live services such as Skydrive, etc.
You can also let the PC act as a regular standalone desktop, for example, to connect it to a corporate network, but you loose most of the appeal this new version has.

Fig. 13

After I entered my Windows Live email address, Microsoft made sure the account existed and then it prompted for the password, as seen in Fig. 14.

Fig. 14

The next step is entering a mobile phone number, you can get a code sent to your cell if you forget your password so you can reset it and log in again. This is cool, but not mandatory, so I skipped it and clicked Next.

Fig. 15

Then Windows went on about finalizing some settings…

Fig. 16

Until it finally brought up the Welcome screen, with a generic icon next to my name and e-mail address…

Fig. 17

… which after a little while changed to my Windows Live profile picture, and also loaded more of my Live settings in the background while it kept Preparing Windows.

Fig. 18

Fig. 19 shows the new initial screen, where only the current time and date and a little network connection indicator icon shows up. To proceed, you must click on the screen.

Fig. 19

Then the old Personalized Settings dialog box showed up, indicating that Windows wasn’t fully ready yet for me (Fig. 20)…

Fig. 20

But when it was ready, the new Metro user interface came up (Fig. 21). Now I’m ready to do some actual work!

Fig. 21

But that will be material for Part II of this series. I hope you’ve enjoyed this one and look forward to your comments. Please register so you can post, see you next time!