Can you make a backup without risking viruses, malware, crypto-lockers coming with it?

Quick to answer questions about finding your way around Linux Mint as a new user.
Forum rules
There are no such things as "stupid" questions. However if you think your question is a bit stupid, then this is the right place for you to post it. Stick to easy to-the-point questions that you feel people can answer fast. For long and complicated questions use the other forums in the support section.
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
Vilsen
Level 5
Level 5
Posts: 983
Joined: Thu Nov 16, 2017 4:45 am

Can you make a backup without risking viruses, malware, crypto-lockers coming with it?

Post by Vilsen »

Can you make a backup without risking viruses, malware, crypto-lockers coming with it?

I have previously tried to get an answer to this question as a result of the question of
possible attacks against a linux-mint -desktop installation which otherwise works well
and where all upgrades are done regularly.

Unfortunately, the moderator here has used his total power and STOPPED all attempts to answer that question.

Why, one might wonder?

Is there no sensible answer?

Is the truth that Linux MINT is defenseless against an attack from a modern
carpented ransomware / cryptolocker prg and that
the BACKUP you take with you becomes equally infected and destroyed
which means that all talk about how important it is to take BACKUP becomes
completely uninteresting.
Last edited by LockBot on Wed Dec 28, 2022 7:16 am, edited 1 time in total.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
User avatar
Moem
Level 22
Level 22
Posts: 16226
Joined: Tue Nov 17, 2015 9:14 am
Location: The Netherlands
Contact:

Re: Can you make a backup without risking viruses, malware, crypto-lockers coming with it?

Post by Moem »

Vilsen wrote: Sun Oct 17, 2021 6:57 am Unfortunately, the moderator here has used his total power and STOPPED all attempts to answer that question.

Why, one might wonder?
Wonder not, for that question has been answered here: viewtopic.php?p=2082582#p2082582
And as long as this thread stays constructive and on topic, which is surely what you as a topic starter will want, it will stay open.
Vilsen wrote: Sun Oct 17, 2021 6:57 am Can you make a backup without risking viruses, malware, crypto-lockers coming with it?
Yes. You can make your backup on an external medium, and then not leave that medium attached to your computer when you are done making the backup.
This answer has been given in your topic about viruses and malware, but you apparently overlooked it. It was said by three people at least, so it was easy to miss.
Image

If your issue is solved, kindly indicate that by editing the first post in the topic, and adding [SOLVED] to the title. Thanks!
User avatar
JoeFootball
Level 13
Level 13
Posts: 4674
Joined: Tue Nov 24, 2009 1:52 pm
Location: /home/usa/mn/minneapolis/joe

Re: Can you make a backup without risking viruses, malware, crypto-lockers coming with it?

Post by JoeFootball »

Vilsen wrote: ... the BACKUP you take with you becomes equally infected and destroyed ...
Again, external backups mitigate this risk. i.e., not connected to the system which has been theoretically infected.
User avatar
Lady Fitzgerald
Level 15
Level 15
Posts: 5743
Joined: Tue Jan 07, 2020 3:12 pm
Location: AZ, SSA (Squabbling States of America)

Re: Can you make a backup without risking viruses, malware, crypto-lockers coming with it?

Post by Lady Fitzgerald »

To quote Rene, "sigh".

Mike November and JoeFootball gave you excellent advice (which I expanded on) in your previous threads but you appear to have chosen to ignore it. Against my better judgement, I'm going to try again...once.

1. Although this was not mentioned before, the few antivirus programs for Linux are either ineffectual or are intended to block viruses from infecting Windows through Linux when dual booting Windows and Linux. Most experienced users report less than stellar results when using antivirus programs, such as ClamAV. In short, forget about them. At best, they will only give you a false sense of security

2. Due to the way Linux operates, pretty much the only way a virus can infect it is for a user to let it in. The rare times even a potential a virus makes it into a version of a distro or it's updates, the Linux "watchdogs" are quick to deal with it. This may (or may not) happen by downloading and installing programs from a source other than approved repositories, browsing to dodgy websites that may use your internet connection to slip in malware (even then, you have to approve its installation when it arrives like this), or from opening dodgy attachments in emails, again inviting in malware.

In short, learn safe browsing habits to avoid infecting yourself and always apply security updates when you get them.

3. Make and maintain proper backups! As long as you properly backup your system and your data, it is highly unlikely (something like 99 44/100% unlikely) that the backups will become infected. ( The percentage I stated was stolen from old Ivory soap commercials, claiming their soap was 99 44/100% pure. I used it as hyperbole to emphasize how unlikely a properly maintained backup will become infected.)

I cannot stress enough the importance of making proper backups. As long as a backup is kept disconnected from a computer or network and is kept powered down, it cannot get infected. It is possible for a backup to get infected with ransomware while connected to a computer for updates but it is again 99 44/100% unlike since you will probably be aware you have been infected by ransomware (it's pretty obvious when that happens). Other forms of infection are not likely enough to worry about and are not likely to affect your data (a good reason to segregate your data from the system).

There is no way to guarantee 100% safety in anything in life. Just stepping outside your home exposes you to certain hazards, such as getting stung by a venomous creature (bee, scorpion, snake, etc.) and dying, falling into a hole in the ground, slipping on ice, getting struck by lightning, etc. Driving a car can get you injured, maimed. or killed. Even staying inside your home can be risky. Homes burn down, get hit by airplanes (seriously, it happens!), home invasions happen, etc. The point is, you can't eliminate all hazards but you can mitigate the risks to an acceptable level.

The same is true with Linux. You can't eliminate all hazards but you can mitigate them to an acceptable level and prepare solutions for recovery ahead of time should the worst happen.

To sum it all up:

1. Forget about antivirus programs. End of subject.

2. Learn safe computer operating and safe browsing procedures.

3. Before you even install Linux, you need to plan for your backup strategy. How you install Linux can affect how you back up your system and your data. My recommendations (there are other good ways but I've found these work together best for me):

a. Do not keep any data in /home. Keep your data in a separate partition or on a separate drive(s). This allows the use of different, more appropriate programs for backing up the system and data.

b. Use Timeshift. It works a lot like Windows Restore except it actually does work; every time. It allows you to quickly return your system to an earlier point in time. How to properly use Timeshift should be covered in another thread since there are many options on can use, some good, some bad, some depending on what you want Timeshift to do for you. The Timeshift Snapshots should not be kept on the same drive your system is on, such as in /home. They should be kept on a separate internal drive (or partition) or on an external drive (I do both).

c. Use an imaging program, such as Foxclone or Rescuezilla (the latter if Foxclone won't work for you due to rare hardware incompatibility) for when the system is so hopelessly borked, even Timeshift won't restore it or when the drive the system is on completely dies. In the unlikely event your system does get infected, you can just go back to a time before the infection with an image or with Timeshift.

d. Use a program like FreeFileSync to backup your data onto external backup drives. Note that drives is plural. Even backup drives can fail so you should have more than one, including an onsite backup drive and an offsite backup drive. How to set these up and use FreeFileSync are topics for another thread or two.


You can choose to take our advice or not. I'm not posting on this again here. If you want to do what I have suggested, ask for help in new threads.
Jeannie

To ensure the safety of your data, you have to be proactive, not reactive, so, back it up!
User avatar
AZgl1800
Level 20
Level 20
Posts: 11145
Joined: Thu Dec 31, 2015 3:20 am
Location: Oklahoma where the wind comes Sweeping down the Plains
Contact:

Re: Can you make a backup without risking viruses, malware, crypto-lockers coming with it?

Post by AZgl1800 »

JoeFootball wrote: Sun Oct 17, 2021 12:27 pm
Vilsen wrote: ... the BACKUP you take with you becomes equally infected and destroyed ...
Again, external backups mitigate this risk. i.e., not connected to the system which has been theoretically infected.
I will just echo this,
I have a 8 TB SeaGate HUB USB drive, it sits next to my PC all the time, it rarely ever gets used though, until I need to backup something.

Plug it in, perform the backup, use DISKS to "power it OFF" and then unplug the USB cord.

I never, ever, unplug anything from a USB port unless it is powered OFF.
totally destroyed all of the USB 2.0 ports on my favorite little "carry with me" laptop, it is a Thinbook that will run for 8 hours on battery.

now, it has one (1) USB 3.0 port...
that turned into a major PITA, adapters hanging off of it to one side, kept getting tangled up risking a broken port jack....

caused to find a new 'carry with me' laptop.
LM21.3 Cinnamon ASUS FX705GM | Donate to Mint https://www.patreon.com/linux_mint
Image
redcarrot
Level 2
Level 2
Posts: 79
Joined: Tue Oct 06, 2020 3:27 pm
Location: Mumbai, India

Re: Can you make a backup without risking viruses, malware, crypto-lockers coming with it?

Post by redcarrot »

a. Do not keep any data in /home. Keep your data in a separate partition or on a separate drive(s). This allows the use of different, more appropriate programs for backing up the system and data.
Hi
Sorry, I do not understand. Isn't everything on /home?
I have done a basic install with only one efi and one /
As I understand from reading other current posts on security issues, I should have probably gone for a '/' as well as a '/home' partition.

A bit lost here.

Regards
LINUX FAN
Replies may be delayed due to different time zone
sanmig
Level 5
Level 5
Posts: 536
Joined: Tue Dec 04, 2018 8:27 am

Re: Can you make a backup without risking viruses, malware, crypto-lockers coming with it?

Post by sanmig »

Re topic: No, any “virus” or such will propagate into the next backup and wait there for a restore.
redcarrot wrote: Sun Oct 17, 2021 4:27 pm Sorry, I do not understand. Isn't everything on /home?
I have done a basic install with only one efi and one /
Right, with a basic install, everything (system+home) is on one single partition.
Not bad at all, however it depends on your use of Mint.
“Do not keep any data in /home” may sound harsh but comes with a hidden beauty:

We understand Timeshift is intended to quickly restore only (!) the system in case of “playing root” or a corrupted download / update? (*)
And we regularly backup the data (home) at least on one external drive.
Additionally, as a last line of defence, we backup the whole drive by FoxClone or any other drive backup (image) program from time to time, say, six months, - Just in case Timeshift doesn’t help to recover (e.g. drive failure).

And exactly here is the problem: Restoring a partition with 50GB system (OS) is fast, but restoring 50GB system + 600GB (six month old) used data (music, videos, whatever) will take some time!
Additionally we’d have then to import the 600GB up-to-date data backup anyway!

Thus it makes sense to keep at least the bulk of user data on an extra partition (disk?) and keep the /home user data small.

(*) In Timeshift, don’t forget to include the hidden files from your “Users” /home folder, they contain app settings (OK, sometimes these settings are the cause of an app malfunction, too :evil: ).
sanmig
Level 5
Level 5
Posts: 536
Joined: Tue Dec 04, 2018 8:27 am

Re: Can you make a backup without risking viruses, malware, crypto-lockers coming with it?

Post by sanmig »

Re “crypto-lockers” (if we had that in Linux):
A locker is fully transparent, you can access already encrypted files, use them, back them up, copy, whatever - until the locker decides to delete the key.
Very similar to an encrypted partition/drive.
- One would only realize encryption if the backups are accessed by a clean machine.
User avatar
AZgl1800
Level 20
Level 20
Posts: 11145
Joined: Thu Dec 31, 2015 3:20 am
Location: Oklahoma where the wind comes Sweeping down the Plains
Contact:

Re: Can you make a backup without risking viruses, malware, crypto-lockers coming with it?

Post by AZgl1800 »

I don't bother with any kind of tricks to hide my files...

I do a standard install and let it erase the disk and do it normally.
no special considerations at all.

I just do backups once in a blue moon manually.

Timeshift runs every day and keeps 5 backups

Back In Time, runs once a day, and backs up /home to my /Backup partition.

and that is all I do.

the modem has a firewall, and the PC has a firewall, good enough for me.
did the same exact thing with Windows from day one, no special tricks there at all, other than using AVAST to monitor the web. Win7 is as far as I went with MSloth
.
LM21.3 Cinnamon ASUS FX705GM | Donate to Mint https://www.patreon.com/linux_mint
Image
User avatar
MikeNovember
Level 7
Level 7
Posts: 1839
Joined: Fri Feb 28, 2020 7:37 am
Location: Nice, Paris, France

Re: Can you make a backup without risking viruses, malware, crypto-lockers coming with it?

Post by MikeNovember »

Hi,

The backup will reflect the state of your disk. If your computer is infected, your backup will be...

As I wrote, to reduce the risk your computer is infected, you should (see former post viewtopic.php?f=90&t=359127):
- reduce the risk of an exploit,
- practice safe browsing,
- be careful to mail attachments,
--> if you follow the advices I gave, the probability your computer is infected is very low.

Rkhunter is worth using because of its system files hash:
* once installed, your first launch it with "rkhunter --propupd", it builds the hashes database,
* at each next launches, you launch it with "rkhunter -c", it is fast,
* you read at the log, and will find warnings if system files have changed, then you have to decide if these changes are normal (as a consequence of an update) or not (as a consequence of a malicious change), you can use Synaptic history for this,
* if the change is normal, you update the database by a new "rkhunter --propupd",
* if not, you are warned something is wrong, and use your system backup or make a fresh complete installation to correct the problem.

Eventually use anti-viruses scanners; Clamav per se has not a high detection rate, but with the complementary clamav-unofficial-sigs its detection rate improves (Clamav then uses all Yara signatures, often and freshly updated by security companies and researchers); it is still a pain to completely scan the computer since Clamav is veeeery sloooow....

NB: infected files would be more probably in your system, "/" than in your "/home" (if they were in your "/home" you could easily identify them, you are the guy writing files to your home, and delete them).

Concerning the backup:
- it should be done on an external disk, in order to reduce the disk wear,
- it is easier to backup if you have separate partitions "/" and "/home",
- backup strategy should include image backup of your "/" (Foxclone, Clonezilla, System Rescue...), system snapshots with Timeshit, and your "/home" backup with a program such as FreeFileSync.

In the same thread, as mentioned, page 2, you have a fully explained backup and restore strategy.

Note that, when you have separate "/" and "/home" partitions, a full reinstall takes less than 2 hours: downloading fresh ISO, burning DVD or making an USB key, installing the distribution on your "/" without touching at your "/home", personalizing the installation (updated programs, flatpaks etc.). It is the best to do when in doubt about your backup (or the only solution without backup).

Regards,

MN
Last edited by MikeNovember on Mon Oct 18, 2021 9:35 am, edited 1 time in total.
_____________________________
Linux Mint 21.3 Mate host with Ubuntu Pro enabled, VMware Workstation Player with Windows 10 Pro guest, ASUS G74SX (i7-2670QM, 16 GB RAM, GTX560M with 3GB RAM, 1TB SSD).
RIH
Level 9
Level 9
Posts: 2834
Joined: Sat Aug 22, 2015 3:47 am

Re: Can you make a backup without risking viruses, malware, crypto-lockers coming with it?

Post by RIH »

Can you make a backup without risking viruses, malware, crypto-lockers coming with it?
Yes, just institute some form of containerisation & don't include the Downloads Folder in your backup..
Image
redcarrot
Level 2
Level 2
Posts: 79
Joined: Tue Oct 06, 2020 3:27 pm
Location: Mumbai, India

Re: Can you make a backup without risking viruses, malware, crypto-lockers coming with it?

Post by redcarrot »

Thanks sanmig and all others replying. Sorry for the late reply as I crashed (Different time zones)
So I will follow your instructions and safety advice.

Thanks again.
Last edited by redcarrot on Mon Oct 18, 2021 12:47 pm, edited 1 time in total.
LINUX FAN
Replies may be delayed due to different time zone
Vilsen
Level 5
Level 5
Posts: 983
Joined: Thu Nov 16, 2017 4:45 am

Re: Can you make a backup without risking viruses, malware, crypto-lockers coming with it?

Post by Vilsen »

Well, actually:

My backup is NOT attached to the computer

all the time - only when backup is taen -

BUT reading about how Fontonlake works :

How can I be sure that the backup does not get encrypted WHEN
I attach it ?

Known components of FontOnLake

FontOnLake’s currently known components can be divided into three following groups that interact with each other:

Trojanized applications – modified legitimate binaries that are adjusted to load further components, collect data, or conduct other malicious activities.
Backdoors – user mode components serving as the main point of communication for its operators.
Rootkits – kernel mode components that mostly hide and disguise their presence, assist with updates, or provide fallback backdoors.
User avatar
ricardogroetaers
Level 6
Level 6
Posts: 1368
Joined: Sat Oct 27, 2018 3:06 am
Location: Rio de Janeiro, Brasil

Re: Can you make a backup without risking viruses, malware, crypto-lockers coming with it?

Post by ricardogroetaers »

Vilsen wrote: Sun Oct 17, 2021 6:57 am Can you make a backup without risking viruses, malware, crypto-lockers coming with it?
Short, thick, fast and pragmatic.
If the object to be copied is infected, the copy of the infected object is an infected copy.
Don't complicate it!
Last edited by ricardogroetaers on Mon Oct 18, 2021 6:50 am, edited 1 time in total.
Vilsen
Level 5
Level 5
Posts: 983
Joined: Thu Nov 16, 2017 4:45 am

Re: Can you make a backup without risking viruses, malware, crypto-lockers coming with it?

Post by Vilsen »

All seems good , but some warnings:

Code: Select all

    Checking for hidden files and directories                [ Warning ]

[Press <ENTER> to continue]
    


System checks summary
=====================

File properties checks...
    Files checked: 152
    Suspect files: 1

Rootkit checks...
    Rootkits checked : 480
    Possible rootkits: 7

Applications checks...
    All checks skipped

The system checks took: 2 minutes and 49 seconds

All results have been written to the log file: /var/log/rkhunter.log

One or more warnings have been found while checking the system.

Performing malware checks
    Checking running processes for suspicious files          [ None found ]
    Checking for login backdoors                             [ None found ]
    Checking for sniffer log files                           [ None found ]
    Checking for suspicious directories                      [ None found ]
    Checking for suspicious (large) shared memory segments   [ Warning ]

  Performing Linux specific checks


/usr/bin/who                                             [ OK ]
    /usr/bin/whoami                                          [ OK ]
    /usr/bin/numfmt                                          [ OK ]
    /usr/bin/gawk                                            [ OK ]
    /usr/bin/lwp-request                                     [ Warning ]
    /usr/bin/mail.mailutils                                  [ OK ]
    /usr/bin/x86_64-linux-gnu-size                           [ OK ]
    /usr/bin/x86_64-linux-gnu-strin

  Performing additional rootkit checks
    Suckit Rootkit additional checks                         [ OK ]
    Checking for possible rootkit files and directories      [ None found ]
    Checking for possible rootkit strings                    [ None found ]

  Performing malware checks
    Checking running processes for suspicious files          [ None found ]
    Checking for login backdoors                             [ None found ]
    Checking for sniffer log files                           [ None found ]
    Checking for suspicious directories                      [ None found ]
    Checking for suspicious (large) shared memory segments   [ Warning ]

  Performing Linux specific checks
    Checking loaded kernel modules                           [ OK ]
    Checking kernel module names                             [ OK ]

[Press <ENTER> to continue]

  Performing filesystem checks
    Checking /dev for suspicious file types                  [ None found ]
    Checking for hidden files and directories                [ Warning ]

[Press <ENTER> to continue]
    


System checks summary
=====================

File properties checks...
    Files checked: 152
    Suspect files: 1

Rootkit checks...
    Rootkits checked : 480
    Possible rootkits: 7




Please check the log file (/var/log/rkhunter.log)
User avatar
MikeNovember
Level 7
Level 7
Posts: 1839
Joined: Fri Feb 28, 2020 7:37 am
Location: Nice, Paris, France

Re: Can you make a backup without risking viruses, malware, crypto-lockers coming with it?

Post by MikeNovember »

Hi,

After having used rkhunter, you should read its log:

Code: Select all

sudo nano /var/log/rkhunter.log
or:

Code: Select all

xed admin:///var/log/rkhunter.log
Look at the warnings in the log.

Some comments:
Checking for suspicious (large) shared memory segments [ Warning ]: this has generally no importance
Checking for hidden files and directories [ Warning ]: very often an hidden void directory "/etc/.java"

The following two needs further analysis:
Suspect files: 1: generally a system file without hash, or a script where rkhunter expected a program.
Possible rootkits: 7: generally skipped tests (if, in the log, you have only "not found" at the rootkits tests, there is no rootkit).

Regards,

MN
_____________________________
Linux Mint 21.3 Mate host with Ubuntu Pro enabled, VMware Workstation Player with Windows 10 Pro guest, ASUS G74SX (i7-2670QM, 16 GB RAM, GTX560M with 3GB RAM, 1TB SSD).
Vilsen
Level 5
Level 5
Posts: 983
Joined: Thu Nov 16, 2017 4:45 am

Re: Can you make a backup without risking viruses, malware, crypto-lockers coming with it?

Post by Vilsen »

Code: Select all

[12:42:24]   /usr/bin/gawk                                   [ OK ]
[12:42:25]   /usr/bin/lwp-request                            [ Warning ]
[12:42:25] Warning: The command '/usr/bin/lwp-request' has been replaced by a script: /usr/bin/lwp-request: Perl script text executable
[12:42:25]   /usr/bin/mail.mailutils                         [ OK ]
[12:42:25]   /usr/bin/x86_64-linux-gnu-size                  [ OK ]


[12:44:30] Info: The minimum shared memory segment size to be checked (in bytes): 1048576 (1,0MB)
[12:44:31]   Checking for suspicious (large) shared memory segments [ Warning ]
[12:44:31] Warning: The following suspicious (large) shared memory segments have been found:
[12:44:31]          Process: /usr/bin/mate-panel    PID: 1368    Owner: mate18    Size: 64MB (configured size allowed: 1,0MB)


[12:44:44]   Checking /dev for suspicious file types         [ None found ]
[12:44:44]   Checking for hidden files and directories       [ Warning ]
[12:44:44] Warning: Hidden directory found: /etc/.java
[12:44:44]   Checking for missing log files                  [ Skipped ]


[12:42:08] Info: No mail-on-warning address configured


[12:42:08] Info: Using syslog for some logging - facility/priority level is 'authpriv.warning'.

12:42:25] Warning: The command '/usr/bin/lwp-request' has been replaced by a script: /usr/bin/lwp-request: Perl script text executable
Vilsen
Level 5
Level 5
Posts: 983
Joined: Thu Nov 16, 2017 4:45 am

Re: Can you make a backup without risking viruses, malware, crypto-lockers coming with it?

Post by Vilsen »

So, I guess it's all OK then ?
gittiest personITW
Level 12
Level 12
Posts: 4289
Joined: Tue May 28, 2019 4:27 pm

Re: Can you make a backup without risking viruses, malware, crypto-lockers coming with it?

Post by gittiest personITW »

Vilsen wrote: Tue Oct 19, 2021 6:59 am So, I guess it's all OK then ?
Just means this particular application hasn't found anything.
Vilsen
Level 5
Level 5
Posts: 983
Joined: Thu Nov 16, 2017 4:45 am

Re: Can you make a backup without risking viruses, malware, crypto-lockers coming with it?

Post by Vilsen »

Well, you protect yourself by expressing yourself that way.

Yes, what can one say ?

After a tumultuous "discussion" in previous forum posts,
this ended with the moderator closing the entire discussion.

It seems that no one really KNOWS how it is with security
in Linux MINT for a desktop user.
Locked

Return to “Beginner Questions”