Backupper Backups Not Protected from Malware?

I have just looked at the properties of the backup (.adi) files and found that they are not read-only. Thus any malware on a PC or network could encrypt these files. So you would not be able to recover from a ransomware attack.
Is there any reason why these files are not read-only?

Comments

  • Yes, they are not read-only, we will try to improve it.
  • edited May 24
    well you could do other things, like frequent updates of your router, your windows 10 desktop pc os.

    use anti malware (MBAM? zemana? hitman?), use an anti virus (bitdefender?), other security tools to harden security (novirusthanks OS armor)

    Use chrome (or ungoogled chromium) with an adblocker (gorhill's ublock origin. UBO extra, Umatrix, nano defender, decentraleyes, httpseverywhere). Purpose being to avoid drive by malvertising when browsing the web
    https://www.malwarebytes.com/malvertising/

    Even practice good computer usage practices can help. Should you download some random file of the internet for no reason from an unknown source? you are better off not doing downloading those kinds of things. You can also use netcraft extension for chrome which will alert you about possible phishing attempts, so you don't accidentally browse a dodgy website. Don't download files unless they are direct from the source, and are of a good repute website at that. These kind of common sense things, that any computer user should know about.

    if other people need access to the internet, you can limit them to guest access, so they can use the internet but not interface with other devices on the network (including your pc and other devices e.g. NAS, etc). Asus routers can easily do this. The harder method is to configure a vlan yourself to achieve a similar setup e.g. pfsense.

    Don't just simply plug in some random unknown usb flash drive, or external storage to your PC or network. Run a scan first ideally (using AV, Anti-malware apps).

    by the time anything even reaches to your desktop pc, it should be scanned by all all your security stuff protecting you. Then you can do a backup safely (most likely).

    So yes, great if backupper could protect from malware, but you already have other things that can protect you and limit your risks. if your expectation is for aomei to protect from ransomware (for your backup when using it), so you can be lax with other areas protecting your network and pc from ransomware etc, then i don't think that is a good expectation.

    You would do better improving security in the areas i mentioned, and that ought to offer you better protection which will coincidentally lower risks of ransomware ever reaching your backups in the first place.

    So Aomei backupper should be fine for use, as long as you take all other precautions. This applies whether you use aomei or not, it keeps your pc, your external storage devices, and network safe from virus/malware/hackers.
  • ;Mooglestiltzkin Thanks for your suggestion. We will submit it to our dev team.
    We suggest that you can save backups created by AOMEI Backupper to external/network drive and disconnect the destination when the backup is performed. This is safer.
Sign In or Register to comment.