The New York Times published an article today about making off-site (a.k.a online) backups that contained some debatable advice.
The point I most disagree with is this: "As long as your credit card keeps working, there's no need to think about the backups unless disaster strikes." The problem with this advice is that if something is automated too much, it can break without your knowing it.
The classic example of this was the magazine Business 2.0 (which has since ceased publication). After they deployed an automated backup system, they ignored it. At some point the backup system broke, but no one noticed. Only when their main computer system failed and they needed the backups did they learn that the backup system had stopped working long before.
Do you leave your house and simply close the door, confident that it locks behind you? What if something jams the latch? What if that button that prevents the lock from engaging was pushed in? Isn't it worth taking the extra few seconds to try to open the door after closing it just to ensure that it's really locked?
It's the same with automated backups. If your files are important, it's worth a little time to ensure that the backups are actually being made. Then too, you should test recovering a file or two, just to be sure that you still can. It's the computer equivalent of a fire drill.
Need Software?
The article also said, "The idea is simple. The user installs some software..." Installing software is not necessary for making off-site backups. It may not even be a good approach.
For one thing, installing any software is risky. Backup software that needs to know every time a file is modified has to both run all the time and be intimately wedded to the operating system. Both raise the level of risk.
The requirement to use software from the backup storage company may also limit the computers from which you can make backups or perform restores. Some backup companies charge by the number of computers being backed up, and they use their software to enforce this. Even if you choose a company that charges solely by the gigabyte, if they offer Windows software and you later buy a Mac or a Linux-based Netbook, you may not be able to back up files from your new computer.
Some backup services offer a Web page front end. If you know your user ID and password you can walk up to any Internet-connected computer in the world and either upload or download files from the backup service. There's a lot to be said for that. I just purchased a Netbook computer and used such a service for making my initial backups. No software needed.
Then too, some backup services can be used with portable software. In the Windows world, the term "portable" refers to software than can be run without being installed. Typically, portable software is thought of in terms of running the software from a USB flash drive, but the software can also run from the C disk. I personally use the free, portable WinSCP program offered at PortableApps.com with a paid backup service.
WebDAV is yet another option for accessing off-site backups without installing software. WebDAV is a protocol that, in Windows, lets you view remote files much like Windows Explorer lets you view local files. WebDAV support is available in all current operating systems.
In Windows XP, WebDAV is a "Network place." The procedure to add a remote network place is simple, all you need to know is the name of the remote computer, and a user ID/password. An existing network place can be made into a desktop icon, providing simple, easy access to remote files.
Where Are Your Off-site Files Stored?
Anyone serious about off-site backups needs to consider where, physically, their remote files reside.
The article touched on this and reported that Intronis stores files in Toronto and New Jersey, iBackup stores customer files at two of the company's four centers in California, and iDrive uses only one data center.
Off-site backups are best stored as far away from you as possible. Another time zone is a good rule of thumb.
If your off-site backups are your only backups (not advisable but better than nothing), then you should only consider a company that keeps redundant copies of your files in multiple locations. Here too, the farther apart the better.
Amazon's S3 service stores files in multiple data centers in the U.S. For an extra fee, you can also have your files stored in Europe. When you sign up with rsync.net, you get to choose whether you want your files stored in San Diego, Denver, or Zurich, Switzerland. Here too, for an extra fee they will store your files in two locations.
Mozy
I can't discuss off-site backups without mentioning Mozy. Last summer I wrote two postings (here and here) about Mozy that anyone considering the service should read.
In brief, you need to be aware that if you accidentally delete a file from your computer, Mozy will delete their backup of that file. Such is the nature of a service that offers unlimited storage space for a fixed price. Any such provider is motivated to minimize the amount of data they store.
Another optimization they use is to copy only the portions of your files that have changed, rather than the entire file. This is complicated, and I think simple is best, especially when it comes to backups.
See a summary of all my Defensive Computing postings.
A few days ago, David Strom wrote an article in The New York Times about making off-site file backups over the Internet. There is no one right answer when it comes to making backups, but I'd like to expand on a few points he raised.
At the beginning of the article, Strom says that "for a few hundred dollars a year you can buy inexpensive protection." Hopefully, readers weren't scared off by the price. Many off-site storage companies will hold backup copies of your files for much less money. Personally, I started out paying $10 a year for 1 gigabyte of off-site storage. Now, I pay $20 a year for 2 gigabytes.
Mozy is one of the off-site storage companies mentioned in the article. I wrote a two-part review of Mozy back in July. Perhaps the most important point about Mozy is that it will, at times, delete your backup files. Anyone who mentions Mozy and leaves out this fact has not done their homework.
The sentence in the article that most prompted this posting was this:
"It's a good idea to try out a service to see how long it takes to make a complete backup of each computer you want to protect."
Off-site storage is not the appropriate medium for complete backups of a computer. Off-site backup is only appropriate for your important files. For most broadband users, uploading large files is slow, drastically slower than downloads (the exceptions being fiber, SDSL and T1 connections). And the cost of off-site storage usually increases with the amount of data stored.
Strom warns that "in some cases, the first backup will take hours, if not days." If it takes you days to make a backup, take it as a hint you're barking up the wrong tree. Complete backups, those that include the operating system and applications, are best done with a disk imaging program to an external hard disk or DVDs. Fedex is what I suggest for any complete backups you might want to store off-site.
Features and services
In choosing an off-site storage company, software that automates the backup process may sound like a good thing, but there is a downside--automation can go too far. Last year, Business 2.0 magazine almost didn't publish an issue because they lost all their files. Their automated backups were a bit too automated; the backups hadn't been running and no one noticed.
Many file storage companies provide you with software. Just say no. For one thing, using their software makes it harder to switch companies in the future. Also, there is no way to have real security if the same organization is both encrypting your files and storing them. Finally, it may limit you when it comes time to restore files, and, in your hour of need, that's the last thing you'll want to deal with.
Any off-site backup company should let you upload and download files from any computer connected to the Internet, using nothing more than a Web browser. Not all do. Charging customers based on the amount of data being stored is eminently fair. Charging based on the number of computers those files came from, strikes me as a rip-off.
Finally, anyone considering off-site backups for the first time should read Ed Foster's article, "Backup Service EULAs Warrant a Closer Look," from last February in which he discusses the End User License Agreement from Mozy, Iron Mountain, Carbonite, Xdrive, and SOSonlinebackup. Even expecting the worst, it's shocking.
So few people back up the files on their computers; you don't want to start off on the wrong foot.
See a summary of all my Defensive Computing postings.
On Thursday August 30th Walter Mossberg repeated his prior recommendation of the Mozy online backup service. While Mozy can fit the needs of some people, there are two sides to every coin and there is a downside to Mozy too. For the rest of the story, see my recent postings:
This is a continuation of Tuesday's posting (Everybody likes Mozy--except me. Part 1), which introduced the Mozy online backup service and software and where I started offering my opinions. Since Tuesday, I came across two more positive Mozy reviews.
In April, Serdar Yegulalp, writing for InformationWeek, reviewed Online Vault, Carbonite, eSureIT, iBackup and Mozy (Five Online Backup Services Keep Your Data Safe, April 9, 2007). He concluded that "The all-around winner for regular users and small business from this bunch was definitely Mozy, both for its plan structure and its unobtrusive client."
Also in April, BusinessWeek had a short article by Arik Hesseldahl about the beta release of Mozy for the Mac where he said "I've used Mozy on the Windows machine at the office, and actually came to like it a great deal" (Mozy Comes To Mac Today! April 25, 2007).
Encryption
Anyone considering backing up sensitive files has to be concerned with security and encryption. Walter Mossberg barely mentioned security, but David Pogue warned:
"Then there's the security thing. All four companies insist that your files are encrypted before they even leave your computer. But if you still can't shake the image of backup-company employees rooting through your files and laughing their heads off, then this may not be the backup method for you."
Note: He was referring to the idea of off-site backups, not specifically to Mozy.
At first glance, Mozy security sounds impressive--files are encrypted on your PC using 448-bit Blowfish encryption and then transferred over the Internet to Mozy using 128-bit Secure Socket Layer (SSL) encryption. But let's take a step back.
- Mozy software encrypts the files on your computer
- To do this, the Mozy software needs to know the encryption key (basically a password)
- Mozy stores your files on Mozy's computers
The problem here is that Mozy is doing everything. In effect, Mozy makes the key, the lock and the safe.
How files are transferred between the PC and Mozy has nothing to do with the real security issue, as I see it. The SSL encryption used during the transfer offers protection from interception while the files are in transit, but no protection from Mozy.
There are two ways the Mozy software learns the encryption key/password--either you pick one and type it into the program, or the program will chose a password on its own. As they explain:
"You have the option of using a Mozy key, or your own private key to encrypt your data. Note, that if you use your own private key, you must be very careful about not losing it, because if you do, we won't be able to help ... Most users opt to use the Mozy key, but it's up to you."
Note: "key" can be thought of as a password and "private key" can be thought of as you're choosing the password.
Using a key/password generated by the Mozy software may not sound so bad, but it means your sensitive files are not secure.
In Part 1, I quoted Walter Mossberg as saying "Both companies encrypt the backed-up files and say they don't view them." Not that they can't view them, but that they don't view them. And the Mozy warning--do not lose your key/password or they can't help you--implies that when their software chooses the password, they can help you. They must know the password.
Even if you choose the encryption password, you are trusting the Mozy software not to externalize it, either on purpose or by accident. When it comes to backing up sensitive files, there is no place for trust in the equation.
This situation is not at all unique to Mozy. Other online storage companies also provide software that encrypts your files. I suggest using a backup scheme where software from one company does the encryption while an unrelated company stores the files.
Restoring Files
When it comes to restoring files, Mozy can be slow. You can't simply go to their Web site, navigate to your needed files and download them. Instead, you have to request all the files you need up front (don't forget any) and wait. In Mozy's own words:
"Depending on how large the restore is, it could take a few minutes or a few hours for Mozy to prepare the data for you. When it's ready, you will be emailed letting you know you can download it. When you get the email, go to your Account page and from there you can download the restored data."
If you can imagine a situation where you need to access your off-site backup files quickly, Mozy might not be an optimal fit. Joe Hruska at Ars Technica described his experience restoring files using the Web-based interface: "When I requested a restore build as a free user, it took Mozy 36 hours to make my restore file available versus only 18 minutes when I requested the same service as a paying customer."
Only 18 minutes? With the nothing-special backup service I use, it takes less than 18 seconds to start downloading files, and e-mail is not involved at all. And 36 hours seems excessive, even for a free service.
More Gripes
There are a couple things I don't like about the way Mozy backs up files.
For one, their software copies open and locked files. No thanks, I prefer my files closed and unlocked when they are backed up. Why they do this, I don't know. What problem are they solving? Since the Mozy software runs all the time, there should be very little delay between when a file is closed and when it's sent off-site. I prefer backup software that issues a warning when it tries to copy an open or locked file.
Part 1 of this blog had a discussion of why Mozy is motivated to store as little data as possible. This may explain why Mozy doesn't always back up entire files. They try to be smart about it and only back up the pieces of a file that changed, a feature they call "block level incremental backups". I'm a pessimist, and this strikes me as just something else that can go wrong. I prefer my backups simple, and backing up pieces of files and later putting all the pieces together, is complicated.
The Ars Technica review had this gripe: "Unlike several of the other programs we tested, Mozy doesn't offer a 'Backup this file' option when an item is right-clicked inside Windows Explorer."
Being a computer nerd, I'm comfortable using FTP to transfer files. Mozy does not allow uploads or downloads via FTP.
Warranty
Ed Foster writes The Gripe Line column for InfoWorld. Back in February, he wrote a memorable article called Backup Service EULAs Warrant a Closer Look (alternate link). A reader of his column reviewed the terms of service for Mozy, Iron Mountain, Carbonite, Xdrive, and SOSonlinebackup. According to Ed, "All disavowed that the product had to actually function at all except Iron Mountain, which in its warranty promises to at least try to fix bugs..."
The unnamed Gripe Line reader said it well: "The availability of data, in essence, completely defines the service itself. Yet, all of the online backup companies I surveyed expressly disclaim any responsibility for actually delivering on the service they claim to offer." Three of the companies, Mozy being one of them, disavow damages for their own negligence.
And here's an analogy that really puts it in perspective: "Who would buy life insurance if the carrier's terms of service has a clause that says that if you die, they have no real obligation to pay the claim?"
Finally, on a (much) lighter note, some people may have a hard time complying with parts of Mozy's End User License Agreement. In the LIMITATION OF LIABILITY section it says:
"FURTHERMORE, YOU AGREE TO USE THE SOFTWARE OR SERVICE
EXCLUSIVELY FOR GOOD AND FOR AWESOME."
Talk about restrictive. And then there is this, in the next paragraph:
"DO NOT TAUNT HAPPY FUN BALL."
Wikipedia has an explanation of Happy Fun Ball. As lawyer jokes go, this one is pretty good.
To end on a legal note, that's my case.
For a company in the boring business of online file storage, Mozy gets more than its share of press coverage, and from what I've seen, it's all been positive. Mozy attracted attention back in December 2006 when they started offering unlimited file storage for $5 per month or $55 per year (rounded off).
The first Mozy review I ran across was by Walter Mossberg in The Wall Street Journal ("These Services Make Backing Up Your Files Safe and Inexpensive", December 14, 2006). He liked Mozy, so I spent some time reviewing them for a class I teach on backing up your computer. My opinion differed from Mr. Mossberg's, not for the first time.
Then in January 2007, David Pogue, writing in The New York Times, also liked the service ("Fewer Excuses For Not Doing A PC Backup", January 4, 2007). I blew that off too. But a couple weeks ago the tech Web site Ars Technica published a review of online storage providers by Joel Hruska that recommended Mozy as the best of the bunch ("Online backup solutions: a review", July 16, 2007). For me, that was the final straw. Time to speak up.
The good reviews
In his review Walter Mossberg compared Mozy to Carbonite, another online storage company. He found Mozy "easy to set up and easy to use" and seemed impressed that using the Web-based interface he could restore files on a Macintosh computer. Security is an obvious concern with off-site storage and addressing it he said, "Both companies encrypt the backed-up files and say they don't view them." Finally, he notes that "you can back up multiple computers--but you have to pay extra for each additional machine."
Pogue also found Mozy more flexible than Carbonite, citing as an example the fact that backups can either be continuous or run at specified times and dates. He pointed out that Mozy can back up only changed portions of files, and he liked that you can review 30 days of backups (more on this below). His only criticism was minor, he felt that Mozy might not be the best choice for beginners as some of its options are "novice-hostile."
Writing for Ars Technica, Joe Hruska reviewed Xdrive, Backup/PC, Mozy and Carbonite and concluded: "Of the services we tested here, Mozy Online struck the best balance between functionality and flexibility and is our overall top pick for an online backup service."
My opinions
To start with, I don't like any backup service whose software has to run constantly in the background. The more software running on a computer the greater the chance of something going wrong. I prefer a backup scheme where the backups happen on a schedule and/or on demand. Thus, 99 percent of the time there is no backup software running. I don't like my computer doing stuff without me knowing about it.
And, if I had to go with background software that never shuts down, my preference would be for a mature product. Something that's at version 11 and has been around for years. Mozy is a relatively new company; it was founded in 2005. In December of 2006 when Mr. Mossberg wrote his review, the Mozy application software only ran under Windows XP. Now it also supports Windows 2000 and Vista and they have Mac software in beta testing. This is all too new for me to trust it with something as important as file backups.
Mr. Mossberg's description of the Web-based interface failed to point out that it can't be used for making backups, only for restoring files. As he said, Mozy charges extra for each additional computer that you back up from. The online backup service that I use, which I'm not going to mention both because it's not perfect and this blog is not an ad, allows me to back up files from an unlimited number of computers using their Web interface. This should be a prerequisite for any online storage service you may be considering.
Big sin
Mozy's biggest sin wasn't mentioned in any of the reviews. (Doesn't anyone read the fine print?)
An obvious reason for making backups is to be protected from accidentally deleting files. If your fingers slip while typing, you can wipe out dozens of files and not realize it. Or someone else using your computer might delete them. Or there may be a glitch in the file system and Windows loses track of some files.
If you delete a file by accident and don't notice it, Mozy will delete the backups of the file too. I kid you not.
This is a quote from Mozy.com (as of July 29, 2007): "If you delete the working copy on your machine and then run a backup, Mozy will assume that you no longer need a backup copy, since you got rid of the working copy, and will mark the file to be removed from our system in 30 days...After 30 days, you cannot get these files back."
Pogue made a bad thing seem like a good thing when he wrote: "You can view 30 days' worth of backups, too--a feature that prevents you from deleting a file from your PC accidentally and then finding its deletion mirrored in your latest backup." Mr. Pogue is assuming both that you know a file was deleted by accident and that you try to recover it within 30 days. But if you are not aware that a file is missing until 31 days after it disappeared, it's gone. With my online backup company I could accidentally delete a file, not know about it for years and still be able to recover the last backed-up copy.
Perhaps you know someone who has had to reinstall Windows? Or had their laptop computer stolen? With Mozy there is a chance it may treat missing files as being deleted on purpose, and delete the backups in 30 days. I have no idea how likely this is, but if something can go wrong, it will. And again, there's that issue of relatively new version 1 software to consider.
Why does Mozy do something that seems so wrong? I think I know.
In their free service Mozy offers 2GB of storage space to anyone who feels like asking for it. The less space someone uses, the better it is for them. In their paid service, Mozy offers unlimited storage for $55 per year. Here, too, the less space a customer uses the better it is for Mozy. In this context, it makes sense for them to delete as many files as possible. It's a natural outgrowth of their business model.
In contrast, Mozy's competitors charge more as their customers use more storage space. It's reasonable to assume that these companies make more money the more data they are storing. Thus, they are not motivated to delete files. In my opinion, you're better off using a company with this business model.
Mozy customers are, in effect, trying to get something for nothing with unlimited storage for only $55 per year. It's too good to be true.
I'm far from done. More tomorrow...
Update. February 9, 2008. In an attempt to generate commissions someone made a comment to this article suggesting that mozyonlinebackup.com offered impartial reviews. It does not. The site is run by John Pontillo of Fishkill, New York. That the links to Mozy look like
http://www.mozy.com/?ref=99999999&kbid=99999&m=9&i=99
is a giveaway of the true purpose of the site - generating commissions.
See a summary of all my Defensive Computing postings.
- prev
- 1
- next
