Study Shows how Threats are Backed up and Restored Along with Data
A recent widely quoted study shows that malware (viruses, Trojans, etc) get backed up and restored regularly, and may be bypassing antivirus measures. I don’t have an issue with that. I agree with it. However, I DO have an issue with how the authors came up with their data.
The study was disclosed in a blog post by Oliver Friedricks of Sourcefire. Sourcefire is a cyber security firm that offers firewalls and malware protection and compliance services. Oliver is head of their cloud technology group, and a very smart guy.
The study claims, among other things, that during a one month period a number of popular backup services restored tens of thousands of threats, re-infecting the target systems.
Mr. Friedrichs listed exact numbers of threats restored during this period for each company. DropBox, 17,705 threats; Maxtor Backup, 165 threats; 2BrightSparks SyncBack, 104 threats; FreeFileSync, 104 threats.
My first thoughts when I read the articles were:
“Dude. How does he know?”
How does he know such exact numbers, the (I suppose) real, exact numbers of threats restored by these services over the same one month period?
Are the security policies at these companies so lax, their encryption so non-existent, their disregard for the privacy of their customers’ data so intense, that they just let some guy come in and comb through their customers’ files and count viruses?
I really hope not. I can’t believe that any backup company would allow this kind of intrusion.
In fact, if they correctly encrypt customer data as they should, I can’t believe anyone could count viruses anyway. The viruses would be encrypted and therefore indistinguishable from the data they infect. It would be impossible to detect them. Unless (gasp) the data are not encrypted.
Maybe Oliver came by his data using customer reports as a source. Then he wouldn’t have had to comb through data.
NAHHHH, that’s not it. Seventeen thousand customers in one month are not going to go to the trouble to file reports with their Service Providers. It’s likely most of them didn’t even know they restored a threat anyway.
Maybe Oliver got his data from one of his own products, running on end users’ computers, counting viruses that get restored by various programs, and reporting the data it collects back to him. Like spyware. In which case, that’s creepy.
I’m writing in a blog promoting Remote Backup Systems’ RBackup, an Online Backup product. So in the interest of disclosure, I will tell you that all RBS software provides a high enough level of security that would have prevented Oliver from being able to comb through customer files to count viruses. It’s just not possible.
But these other companies? Now I wonder.
It is true that backup software, encrypted or not, can back up and restore threats just like it does with live data. That’s just the nature of the application. AV software is supposed to clear the threats. Firewalls are supposed to block them.
It is not the job of backup software to eliminate viruses. Backup software just does backups and restores, and if it does its job properly it encrypts the data and keeps multiple versions. This process also deactivates threats so they cannot infect the Online Backup Server and cannot infect other customers’ data stored on the same system.
Even if a virus is restored and reactivated you can restore from a previous version that was backed up before the infection occurred.
I don’t mean to be hard on Oliver. I’m sure he didn’t do anything he shouldn’t have done. However, I think he inadvertently spanked DropBox, MaxSync, SyncBack, and FreeFileSync by naming them by name and linking them to threat infections. In that respect I think a follow-up clarification and apology is probably in order.
Rob Cosgrove is the President of Remote Backup Systems, founder of the Online Backup Industry, and a vocal advocate for maintaining the highest standards in Online Backup software. His latest book, the Online Backup Guide for Service Providers: How to Start and Operate an Online Backup Service, is available online now, on Amazon.com, and at bookstores.
Remote Backup Systems provides brandable, scalable software and solutions to MSPs and VARs enabling them to offer Online Backup Services.