The New York Times published an article today about making off-site (a.k.a online) backups that contained some debatable advice.
The point I most disagree with is this: "As long as your credit card keeps working, there's no need to think about the backups unless disaster strikes." The problem with this advice is that if something is automated too much, it can break without your knowing it.
The classic example of this was the magazine Business 2.0 (which has since ceased publication). After they deployed an automated backup system, they ignored it. At some point the backup system broke, but no one noticed. Only when their main computer system failed and they needed the backups did they learn that the backup system had stopped working long before.
Do you leave your house and simply close the door, confident that it locks behind you? What if something jams the latch? What if that button that prevents the lock from engaging was pushed in? Isn't it worth taking the extra few seconds to try to open the door after closing it just to ensure that it's really locked?
It's the same with automated backups. If your files are important, it's worth a little time to ensure that the backups are actually being made. Then too, you should test recovering a file or two, just to be sure that you still can. It's the computer equivalent of a fire drill.
Need Software?
The article also said, "The idea is simple. The user installs some software..." Installing software is not necessary for making off-site backups. It may not even be a good approach.
For one thing, installing any software is risky. Backup software that needs to know every time a file is modified has to both run all the time and be intimately wedded to the operating system. Both raise the level of risk.
The requirement to use software from the backup storage company may also limit the computers from which you can make backups or perform restores. Some backup companies charge by the number of computers being backed up, and they use their software to enforce this. Even if you choose a company that charges solely by the gigabyte, if they offer Windows software and you later buy a Mac or a Linux-based Netbook, you may not be able to back up files from your new computer.
Some backup services offer a Web page front end. If you know your user ID and password you can walk up to any Internet-connected computer in the world and either upload or download files from the backup service. There's a lot to be said for that. I just purchased a Netbook computer and used such a service for making my initial backups. No software needed.
Then too, some backup services can be used with portable software. In the Windows world, the term "portable" refers to software than can be run without being installed. Typically, portable software is thought of in terms of running the software from a USB flash drive, but the software can also run from the C disk. I personally use the free, portable WinSCP program offered at PortableApps.com with a paid backup service.
WebDAV is yet another option for accessing off-site backups without installing software. WebDAV is a protocol that, in Windows, lets you view remote files much like Windows Explorer lets you view local files. WebDAV support is available in all current operating systems.
In Windows XP, WebDAV is a "Network place." The procedure to add a remote network place is simple, all you need to know is the name of the remote computer, and a user ID/password. An existing network place can be made into a desktop icon, providing simple, easy access to remote files.
Where Are Your Off-site Files Stored?
Anyone serious about off-site backups needs to consider where, physically, their remote files reside.
The article touched on this and reported that Intronis stores files in Toronto and New Jersey, iBackup stores customer files at two of the company's four centers in California, and iDrive uses only one data center.
Off-site backups are best stored as far away from you as possible. Another time zone is a good rule of thumb.
If your off-site backups are your only backups (not advisable but better than nothing), then you should only consider a company that keeps redundant copies of your files in multiple locations. Here too, the farther apart the better.
Amazon's S3 service stores files in multiple data centers in the U.S. For an extra fee, you can also have your files stored in Europe. When you sign up with rsync.net, you get to choose whether you want your files stored in San Diego, Denver, or Zurich, Switzerland. Here too, for an extra fee they will store your files in two locations.
Mozy
I can't discuss off-site backups without mentioning Mozy. Last summer I wrote two postings (here and here) about Mozy that anyone considering the service should read.
In brief, you need to be aware that if you accidentally delete a file from your computer, Mozy will delete their backup of that file. Such is the nature of a service that offers unlimited storage space for a fixed price. Any such provider is motivated to minimize the amount of data they store.
Another optimization they use is to copy only the portions of your files that have changed, rather than the entire file. This is complicated, and I think simple is best, especially when it comes to backups.
See a summary of all my Defensive Computing postings.
Just as patients have to trust their doctors, non-techies have to trust the advice they get from techies. My last posting was about an article in a newspaper that offered, what I felt, was questionable advice on setting up a WiFi wireless network. The July issue of PC Magazine recently arrived in my mailbox and it offers some advice on backing up your computer that is also, to me, questionable.
The article is called "Keep Your Data Safe" and doesn't seem to have been posted yet on pcmag.com.
One section of the article discusses external hard drives (page 72), an excellent medium for storing backup files. The sub-topic on "Multidrives" is what prompted this posting. The magazine defines products in this category as external hard drives that internally contain multiple hard disks (separate and distinct from Network Attached Storage).
RAID 0
One of the products is said to "...hold a pair of 1TB drives for a total of 2TB in a RAID 0 configuration or 1TB of RAID 1 storage.." Another product "uses two 2.5 inch hard drives that are internally connected to get you 500GB of speedy RAID 0 storage."
The term "RAID 0" does not belong in an article about backing up files.
Any hard disk can and will fail. Storing files on a hard disk without backup is playing Russian roulette with your data. You probably knew that. Storing files on a RAID 0 device is playing Russian roulette with two or three bullets in the chamber instead of only one.
RAID 0 is designed for speed. Simply stated, it puts half of each file on each hard disk. It does this because hard disks are brutally slow compared to the CPU and RAM so being able to read from two hard disks at the same time to get a file speeds things up. Fine.
But RAID 0 offers this speed at the cost of reliability. You are more than twice as likely to lose data with RAID 0 as opposed to a single hard disk. For starters, if either hard disk fails, you're facing a data loss. In addition, you may lose everything if the RAID 0 controller fails. A controller may fail in a regular hard disk too, but the RAID 0 controller is keeping track of which half of each file is where. Reconstructing data after a RAID 0 controller failure is likely to require serious expertise and cost thousands of dollars.
To me, suggesting the use of RAID 0 in article about backup is a serious mistake.
A RAID Controller
(Credit: Adaptec)RAID 1
As an earlier quote illustrated, the article also talked about "multdrives" using RAID 1. While RAID 1 is designed for reliability, it's a bit out of place in an external hard disk. RAID 1, presents a single hard disk image to the outside world, but internally it uses two hard disks each one an exact mirror of the other.
The protection offered by RAID 1 however is limited. It doesn't help if you accidentally delete a file or logically corrupt it (where's that missing section from that report?). It doesn't protect you from file system errors such as lost clusters and the like. And it introduces the RAID controller as something else that can fail and isn't cheap. Finally, external hard disks are usually sealed, so if one hard disk in a RAID 1 configuration fails, the protection it offered is gone for good.
RAID 1 makes sense in servers that need high availability, such as those running this very website. It also makes sense in a NAS (Network Attached Storage) device where you can replace a failed hard disk easily. But, for external hard disks used for backup, you are safer with two independent devices as opposed to a single device running RAID Level 1. It may even be cheaper.
Western Digital's Raptors in RAID-0: Are two drives better than one? at anandtech.com (July 2004) offers a good introduction to RAID Level Zero and Level One. It also reports on seven different speed tests of RAID 0. The conclusion? Quoting "...there is no place, and no need for a RAID-0 array on a desktop computer. The real world performance increases are negligible at best and the reduction in reliability, thanks to a halving of the mean time between failure, makes RAID-0 far from worth it on the desktop."
My first real posting on this blog was about RAID Level Zero, see Don't get burned by RAID Zero and Following up on RAID Level Zero.
See a summary of all my Defensive Computing postings.
Most computer users know they should back up the files on their computer, yet many don't. Why not?
Leo Notenboom raised this question recently, see "Why don't people back up?"
No computer techie can answer this question, which is why both Leo and I have to ask. We're computer nerds and, as such, backup is part of our DNA. Techies can't put themselves in the shoes of the millions of computer users who don't back up their computers. We're different.
So, those of you who don't back up your computer, but know full well that you should, tell me what the obstacle is. Send an e-mail to dontbackup at michaelhorowitz dot com.
Organization
One obstacle to any backup scheme is organization. Regardless of the hardware or software involved, you need to be able to point to the files you wanted backed up. This requires some understanding of the file system and I don't see a way around that. It also requires some organization on your part, which may be the fatal flaw for some people. If you save files that you care about all over the place, your only backup option is to copy the entire computer, which is always a pain in the neck.
Back in the days of MS-DOS, I got in the habit of saving all my personal files in a folder called "Mikelet" reflective of the fact that folders could only have eight character names and that my initial PC use was for writing letters. To this day, I keep all my personal files in a folder with the same name (although I have added subfolders for segregating specific types of files). In the years since, Microsoft invented "My Documents" to serve the same purpose. Linux users know this concept as the home folder.
I never liked the name "My Documents." First, having a space in a folder name is asking for trouble. Second, it's meant as a repository for all your personal files, not just "documents" a term normally used to refer to word processing files. So, if you're not yet organized, and your name is Harvey, you may want to start off by creating a folder called "HarveysFiles" to simplify your backups.
But there are likely to be other important files, such as e-mail, that you want to back up. Do you know where your e-mail is on your computer? Some backup programs are smart enough to know the location of e-mail for handful of popular programs, but many of us have to find it the hard way. If you exclusively use Webmail, then your e-mail does not reside on your computer at all. In some ways this is good, but if your e-mail is important, and you want to make a backup copy, you need a totally different scheme than the one employed for files on your computer.
Is it too much to get organized or to take inventory of where the files that you care about reside? Is this what's preventing you from backing up?
Other Reasons
My best guess for why people don't back up their computers is that they haven't found a simple, short introduction to the topic. Many of the comments at ask-leo.com were from computer users who simply didn't know where to begin.
Other people noted that they tried to read the documentation for their backup program but were confused by the terminology and/or jargon.
One person suspected that computer users with no training are afraid that they may accidentally screw up the computer and they'll have no idea how to fix it. I feel like that when driving a car--what I know about engines could fit on the head of a pin. Fortunately for me, cars are much more reliable than personal computers. Is the fear of screwing things up holding you back?
Is picking a backup program too much for you? There are, after all, hundreds to chose from. Is deciding on the backup media too difficult? Or, is the choice of local backups vs. remote off-site backups the stumbling block? (Mozy users may want to read "Everybody likes Mozy--except me, Part 1").
Those of you who do back up, please don't tell me what your backup scheme is. There are so many combinations of needs, software, and hardware that there is no one right answer for anyone. There isn't even one right approach for me. I use one scheme for my main desktop computer and another for my laptop which I take when traveling.
Perhaps you've heard this before: there are only two types of hard disks--those that have failed and those that will.
See a summary of all my Defensive Computing postings.
It takes one to know one. So, how can non-techies form an opinion on the abilities of a computer nerd? There is a language gap, a knowledge gap and, likely, a personality gap to overcome. Here's a tip.
Ask the techie about the system (meaning hardware, software and manual procedures) used to backup the computers they are responsible for.
I see three possible answers.
- The techie will brag about what a great system they devised or inherited.
- The techie will gripe about how management has held them back from implementing a much better system than the one currently employed. They may go on and one about the flaws in the way things are done.
- The techie will blow off the question, as if it wasn't important.
In real estate, the three most important things are location, location and location. In computers, they are backup, backup and backup. Any techie that blows off the question about backup, is a normal person in techie clothing.
Where do I fit in? See for yourself: The Best File Backup Scheme
See a summary of all my Defensive Computing postings.
Previous postings on this blog, like any blog, have been narrowly focused. Sometimes it helps to look at the forest rather than the individual trees. To that end, I take a step back here for an overall cheat sheet to Defensive Computing.
Skepticism
Perhaps the most important aspect of Defensive Computing is something money can't buy, skepticism.
Obviously this applies to email messages, many of which are scams. A relatively new approach appeals to your patriotism - emails from people claiming to be soldiers stationed in Iraq who need help bringing money home. Yeah, sure. Skepticism is not only needed with the body of an email message, but also with the From address. Never trust it. Forging the From address is child's play.
Did someone point you to a really interesting video that just happens to require installing new software before you can view it? Don't do it.
Scams aren't limited to email, read my introduction to voice phishing.
Web sites too, need a skeptical review. Are you a customer of AT&T's CallVantage VOIP service? If so, be sure to go to callvantage.att.com rather than callvantage.com. The later is a phony website (for lack of a better term). Interested in public transportation in New Jersey? If so, go to njtransit.com rather than the phony newjerseytransit.com. Read the Wall Street Journal? Which of these domains belong to the newspaper: wsj.net, wsj.info, wsj.org, wsj.biz, wsj.us, wsj.ws? Some do, some don't.* Does the website hope.net belong to Barack Obama? No, but a recent April Fools joke made it look like it did.
No software can protect the gullible.
Backup
Backup your important files to something you can hold in your hand. If they are very important, make two copies. Preferably, one copy should be a thousand miles away from the other copy.
Even having three copies of important files is not overkill. For example, I appear weekly on The Personal Computer Show on WBAI and we record three copies of the show. In the studio, we burn a normal audio CD, the radio station records all the shows all the time and I make my own recording at home from the over-the-air signal. More than once, we ended up with a single usable recording. Stuff happens.
Plan for the death of your computer
You wake up one day and your computer doesn't work. Or, it was stolen. Plan for this now. Beside a new/borrowed/backup computer running the same operating system, you need to recover your applications and your data files. This is a large topic, but a word to the wise: disk image backups.
Some people find the importance of their computer sneaks up on them. If you really need your computer, you need two. Same for a printer. It's like tires - a car needs four, so every car carries five. If your computer is nice to have but not really important, this blog is not for you.
Keep Software Up To Date
View a web page, get infected with malicious software. It happens, and one reason is that your computer has old software with known bugs.
A few days ago, Brian Krebs posted a cheat sheet on the latest version of 12 popular programs. Needless to say, the posting became outdated a couple days later.
The difficulty in keeping software on a Windows or Mac machine up-to-date is an industry disgrace. It happens because neither Microsoft nor Apple is motivated to help other companies, many of which they compete against, install bug fixes. Instead, every company handles software maintenance differently, big companies may even have more than one system for maintaining their software. In the Linux world there is more co-operation between software authors and thus hope for a single software update mechanism. That said, I've seen my share of Linux distributions that handled software updates poorly. A shout-out here to Firefox, whose self-update mechanism is excellent (at least when running on Windows).
What to do? For Java, see my javatester.org website. For Adobe's Flash Player, see their Flash tester page. Windows users with little technical background are best served by having Windows automatically install bug fixes. If you can however, I suggest installing Windows bug fixes manually a few days after they are released. For everything else, Windows users can run the excellent online Secunia Software Inspector. Mac users should nag Secunia for their own version.
There is a flip side to this though, when it comes newly released software, it is usually best to hold back. New software is always buggy, so waiting lets others find and report the problems and gives the software vendor time to fix them. In addition, newly released software may cause problems for other software on your computer. Waiting gives these problems time to sort themselves out.
Avoid Certain Companies and Software
Years ago, Jim Croce sang:
You don't tug on superman's cape
You don't spit into the wind
You don't pull the mask off that old lone ranger
And you don't mess around with Jim
In that vein, there are some companies and software that are best avoided.
A couple weeks ago, I mentioned that I won't install any software from Symantec on my computer or those of my clients. Although I use Windows XP, I avoid all other Microsoft software. Ed Foster's Worst Vendor Poll offers some other opinions on companies you might try to avoid dealing with. Microsoft topped the list, by far.
File sharing software, such as BitTorrent, LimeWire and the like, is not something that belongs on a computer you care about or one that has files you consider sensitive.
I'm also not a fan of all-in-one security suites such as Symantec's Norton 360 Version 2.0, McAfee's Total Protection or Microsoft's Windows Live OneCare. My point is not about these programs in particular (recently reviewed in the Washington Post) but the whole concept of a suite in the first place.
Windows users are best served by avoiding Vista, if for no other reason than it will suffer from more hardware and software incompatibilities than XP for quite a while. If you don't install any extensions/add-ons, you are safer with Firefox than Internet Explorer. Likewise, Thunderbird is safer than either Outlook or Outlook Express.
Technical Support?
If you call the tech support department of a company, take their advice with a grain of salt. Perhaps two.
In the last couple days I've been told many things by techies at Comcast and at ATT CallVantage (a VOIP phone service) that were not true. This is arguably the rule, rather than the exception. The entire tech support industry is broken. You are likely to be talking to someone who is not well trained, not well paid and reading from a script they are not allowed to deviate from.
Someone I know, who works from home, used to depend on AOL for email, both personal and business. This person had a huge email address book and depended on it. One day, there was a problem with the AOL software and AOL's tech support turned a small problem into a big one by wiping out the email address book.
Good tech support is so expensive that many people will probably never experience it. You may get lucky, someone reading from a script, much like a parrot, may solve your problem. But talking to a really experienced person with a good understanding the product in question is all but unheard of. The best tech support I ever experienced was with mainframe software. If I said how much the software cost, some of you wouldn't believe me. But, that's what it takes to get good tech support.
Learn From The Experiences Of Others
A couple days ago, I wrote about how a Comcast cable installer removed a crucial component of the VPN software on my computer. Take stories like this as a heads up. If someone comes to install a broadband Internet connection, realize they may not have much computer training. Watch what they do on your computer like a hawk. Make the installer explain what they are doing and why, especially if they change something. If you run Windows, make a Restore Point before the installer arrives. If it is a cable connection, there shouldn't be a need to install any software.
Anti-Malware
Stating the obvious: install anti-malware (malicious software) software and learn how to check that it's updated regularly.
Windows users, of course, need antivirus and anti-spyware software. These product categories are blurring though and some software does both. No matter what software you use however, the protection it provides is limited, the bad guys are just too motivated (see Anti-Virus Firms Scrambling to Keep Up).
Whether Mac users need anti-virus software is debatable and I don't know enough about it to have an opinion.
Windows XP users should install the free DropMyRights program. I blogged about this extensively back in August.
Firewalls
All computer users need firewall software - without exception. A firewall program that runs on your computer is called a "software" firewall. The term is used to distinguish it from a firewall program that runs outside your computer but still between you and the outside world. Consumers and small businesses typically run across these external "hardware" firewall programs in their routers. The best protection is provided by using both a hardware and a software firewall.
Bad software firewalls, such as the one in Windows XP, only provide inbound protection, better programs also provide outbound protection. Outbound protection is a nuisance to setup initially, but you are safer with it than without it.
For Windows users my preference is the free ZoneAlarm firewall. It's far from perfect, but a big step up from the firewall built into either XP or Vista. A big plus for ZoneAlarm is simplicity. Because it's just a firewall, configuring it is relatively simple. Perhaps most importantly, when it issues warnings and alerts, the language is simple, to the point and devoid of techie terminology. Even non-technical users have a good chance of understanding the issue at hand.
Initially, the Leopard version of the Mac OS shipped with the firewall turned off, an inexcusable design decision and one that Microsoft corrected years ago. It was also buggy and poorly designed. There have been fixes to it since then, but according to this article at ArsTechnica, it still leaves something to be desired.
There are many websites that let you test your firewall defenses, a good thing to do periodically. My favorite, from Sygate, was assimilated by Symantec and no longer exists. The first such site however, is still going strong, Shields Up! from Steve Gibson. It's a bit techie though.
And...
If you use a router to share a single Internet connection, be sure to read my March 8th posting, Defending your router, and your identity, with a password change, about changing the password.
While staying at a hotel, whether using a wired or a wireless Internet connection, alway use a VPN. This also applies to public WiFi networks too.
And, finally, read this blog for a steady stream of Defensive Computing tips. :-)
Update. April 25, 2008: Added advice to wait before installing new software.
*Only wsj.net and wsj.us belong to Dow Jones.
See a summary of all my Defensive Computing postings.
A few days ago, David Strom wrote an article in The New York Times about making off-site file backups over the Internet. There is no one right answer when it comes to making backups, but I'd like to expand on a few points he raised.
At the beginning of the article, Strom says that "for a few hundred dollars a year you can buy inexpensive protection." Hopefully, readers weren't scared off by the price. Many off-site storage companies will hold backup copies of your files for much less money. Personally, I started out paying $10 a year for 1 gigabyte of off-site storage. Now, I pay $20 a year for 2 gigabytes.
Mozy is one of the off-site storage companies mentioned in the article. I wrote a two-part review of Mozy back in July. Perhaps the most important point about Mozy is that it will, at times, delete your backup files. Anyone who mentions Mozy and leaves out this fact has not done their homework.
The sentence in the article that most prompted this posting was this:
"It's a good idea to try out a service to see how long it takes to make a complete backup of each computer you want to protect."
Off-site storage is not the appropriate medium for complete backups of a computer. Off-site backup is only appropriate for your important files. For most broadband users, uploading large files is slow, drastically slower than downloads (the exceptions being fiber, SDSL and T1 connections). And the cost of off-site storage usually increases with the amount of data stored.
Strom warns that "in some cases, the first backup will take hours, if not days." If it takes you days to make a backup, take it as a hint you're barking up the wrong tree. Complete backups, those that include the operating system and applications, are best done with a disk imaging program to an external hard disk or DVDs. Fedex is what I suggest for any complete backups you might want to store off-site.
Features and services
In choosing an off-site storage company, software that automates the backup process may sound like a good thing, but there is a downside--automation can go too far. Last year, Business 2.0 magazine almost didn't publish an issue because they lost all their files. Their automated backups were a bit too automated; the backups hadn't been running and no one noticed.
Many file storage companies provide you with software. Just say no. For one thing, using their software makes it harder to switch companies in the future. Also, there is no way to have real security if the same organization is both encrypting your files and storing them. Finally, it may limit you when it comes time to restore files, and, in your hour of need, that's the last thing you'll want to deal with.
Any off-site backup company should let you upload and download files from any computer connected to the Internet, using nothing more than a Web browser. Not all do. Charging customers based on the amount of data being stored is eminently fair. Charging based on the number of computers those files came from, strikes me as a rip-off.
Finally, anyone considering off-site backups for the first time should read Ed Foster's article, "Backup Service EULAs Warrant a Closer Look," from last February in which he discusses the End User License Agreement from Mozy, Iron Mountain, Carbonite, Xdrive, and SOSonlinebackup. Even expecting the worst, it's shocking.
So few people back up the files on their computers; you don't want to start off on the wrong foot.
See a summary of all my Defensive Computing postings.
Here's an interesting question: should I turn off my external hard drive when not in use? Leo Notenboom, who I mentioned back in July, addressed this issue a few days ago on his Ask-Leo.com Web site.
In short, there is no one clear answer, a number of issues have to be considered. What surprised me, though, about Leo's answer, was that he didn't mention my reason for turning off my external hard disk.
(Credit:
Western Digital)
Being a pessimist is necessary for defensive computing. The main reason I turn off my external hard disk is to protect it from me.
When my computer boots, the first thing it does is run a scheduled backup of my important files to the external hard disk. After I verify the backup ran successfully, I turn off the hard disk and leave it off until the next backup. The disk is used exclusively for backup. My backups are run by a .bat file and, in case I forget, the last thing it does is remind me to turn off the hard disk.
Why? With the disk off, I can't delete files by mistake. And, should some malicious software make its way onto the computer, it can't screw up files it doesn't see. Finally, hard disks run hot (I've seen up to 140 degrees Fahrenheit) and while there are, no doubt, air vents in every enclosure, it's only a matter of time until dust clogs them up. An external hard disk that runs for only a few minutes a day will never get dangerously hot, even if all the air vents are clogged.
But that's me. Read Leo's response and decide for yourself.
I'll contact some hard disk vendors and point them to this posting. If any of them respond with a recommendation I'll let you know.
Update: January 2, 208. I have heard back from Western Digital and Seagate about this. I hope to hear from some other vendors and gather their recommendations together in a couple days.
See a summary of all my Defensive Computing postings.
USB Flash drives are great. Securing them, however, is not so great. They are easily lost and the more you use one, the more likely it will contain files you consider sensitive. Corsair recently came out with a product that takes an entirely new approach to securing flash drives.
Seeing as this is a Defensive Computing blog, it goes without saying that my personal flash drives are secure. I use a free, open-source program called TrueCrypt. There are however, three problems with this approach:
- The hassle of installing TrueCrypt and learning how to use it. There is a portable version of it, which I use, but TrueCrypt is a large program with many features (the manual is more than 100 pages) and may be just too much for some people.
- TrueCrypt only works if you are logged on to Windows as an administrative class user.
- There is no Mac version (there is a Linux version).
My first approach to security was worse. I bought secure flash drives, models that came with their own security software preinstalled. The secure models cost more than their insecure siblings and the software from each vendor worked differently. At least TrueCrypt gave me a personal standard.
The new Corsair Flash Padlock replaces software with buttons. The side of the device has five buttons with numbers on them, and you press the buttons to chose a password initially and then to enter it later.
I have not used a Flash Padlock, but Scot Finnie wrote a review just a few days ago in his aptly named newsletter, Scot's Newsletter. There can be a huge gap between a good idea and good product. According to Scot, the Flash Padlock is a good product.
For one thing, it's designed to be locked and unlocked without any involvement from a computer. And there are lights that clearly indicate whether it is locked or not. Perhaps most importantly, Scot says "The user interface for the Flash Padlock is very well thought out." If you ever carry sensitive files on a flash drive, read Scot's review.
On the other hand, if you can live with the restrictions of TrueCrypt, then see this getting started cheat sheet that Gina Trapani did in June of last year. Geek to Live: Encrypt your data
If we could only settle on a name for these thingies.
Update: October 3, 2007. Scot wrote a follow-up to his review of the Corsair Flash Padlock drive which notes that the case can be unscrewed to provide access to the un-encrypted flash ram, which sort of defeats the high security. In addition he notes that the encryption software on the Lexar JumpDrive supports Macs despite the fact that the documentation doesn't say so. Finally, he mentions the IronKey flash drive which is very secure and very expensive.
On Thursday August 30th Walter Mossberg repeated his prior recommendation of the Mozy online backup service. While Mozy can fit the needs of some people, there are two sides to every coin and there is a downside to Mozy too. For the rest of the story, see my recent postings:
E-mail, for many of us, is very important and accumulates forever, making it a large mess when it comes to backing it up.
The importance of my e-mail snuck up on me. Once upon a time, I opened my old reliable e-mail program and was confronted with an error message. The net effect of the problem was that the last four days of incoming mail had disappeared from my in-box. This was, for me, a very big deal. In large part, my in-box is my "to do" list. As a consultant, my incoming e-mail is too important to ever allow a repeat of this problem.
Suffice it say, this made me think about backing up my e-mail perhaps more than most people.
The need for reliable and redundant e-mail backups dictates the use of a client side e-mail program such as Outlook Express, Thunderbird or Eudora. Web based e-mail systems such as Gmail, Yahoo mail and Hotmail, have their advantages but backup is not one of them.
To begin with, I have an external hard disk attached to my computer and every morning I copy all of my e-mail from the internal hard disk to the external one. This is a destructive backup. That is, every morning the backup is totally re-created on the external hard disk. The advantage of this is that I never have to worry about running out of space on the external hard disk. The disadvantage is that I can't use it to recover e-mail from three days ago. Everything is a trade-off when it comes to backups.
Also, this backup doesn't manipulate the original files in any way; they aren't combined, compressed or re-formatted. Thus, I can easily copy e-mail from the external hard disk back to my computer and use it immediately. And simple means there is less that can go wrong. The downside is that the backup is the same size as the original, but external hard disks have a huge capacity and transferring files over a USB2 connection is more than fast enough for this purpose.
One of my prime rules for backups is to never to copy a file while it's in use. That is, I never copy e-mail when my e-mail program is running and never copy Word documents when Word is running. The morning backup of my e-mail is scheduled by the Windows scheduler and since it runs first thing after Windows starts up my e-mail program is not running.
This however, is just a starting point as it still allows for the loss of an entire day's worth of e-mail. To cut my potential loss in half, I also backup my e-mail midday. This backup is also scheduled using the Windows scheduler, but it's very different from the morning backup. Rather than backing up all my e-mail, here I only copy the most important folders (the in-box and a few others). Also, the backup is sent via FTP to an online file storage company.
This limits my worst case scenario to the loss of a half day's worth of e-mail. It also means that no matter what happens to my computer and the external hard disk, I always have the most important e-mail stored a thousand miles away. And since my e-mail is sensitive, online storage space is limited and uploads are slow, I compress, encrypt and password protect the e-mail before it leaves my computer and travels over the Internet to the file storage company.
The midday backup is different in other ways too. For one, all the e-mail is combined into a single file. In addition, I keep multiple copies of the midday backup. The backup program tags the daily file with the current day of the week. Thus every backup made on a Monday will result in the same file name. When the backup is sent offsite, the backup program is instructed to delete older versions of files with the same names. I end up with seven off-site copies of my most important folders and, again, don't have to worry about running out of space.
Finally, once a month I compress and encrypt all my e-mail and send it off-site to another file storage company.
No one approach is right for everyone. For example, I have chosen to limit my worst-case loss to a half day of e-mail, which may not work for you. And my approach requires constantly filing e-mail in folders, something not everyone wants to do.
After living with the above scheme for a while, I modified it a bit to prevent the most important folders from growing in size forever.
I manually archive the in-box, sent folder and a few other important folders by moving old messages to new folders tagged with the year. For example, all the messages in my in-box from 2005 are stored in a folder called inbox2005. Likewise there are folders called inbox2004, inbox2006 and inbox2007. A couple months ago I moved messages in my in-box from January through March of this year into the inbox2007 folder. Later this year, I'll again move old messages from this year into it.
With this approach, I can eventually delete the inbox2004 and inbox 2005 folders from my computer. They remain on the external hard disk and are also stored off-site if need be. Without some type of archiving scheme, e-mail will grow forever. I find that manipulating a few folders this way a couple times a year is well worth the effort.
Of course, you can't use this approach, or anything remotely similar, unless your e-mail program stores each folder as a separate file (or two). But who would use an e-mail program that stored all your mail in a single file? :-)
