Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Acronis imaging is not what I thought it was?


  • Please log in to reply
12 replies to this topic

#1 MelonBird

MelonBird

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:03:35 PM

Posted 28 July 2016 - 11:20 AM

Knowing that a good backup system is crucial to dealing with ransomware, I've decided to go beyond backing up with FileHistory on external drives and get some cloud backup and also disk imaging to go along with local backups.

 

My understanding of disk imaging is that it is like a snapshot of ALL your software and operating system, as they were at a point in time. And this allows you to restore your corrupted, malware-infested software with clean copies of all of it, possibly weeks or months old, without also losing all your data from the previous weeks or months (yes, those files are now encrypted, but you should also have multiple backups of these files, only, which you can restore). This was what a company I used to work at did if you got malware on your PC - they just reformatted with an image (and all data was kept on servers, so you only lost data if you'd broken the rules and stored it to your C drive).

 

So I downloaded Acronis True Image, which is highly recommended here, and it has no option to do that. The Acronis I tried to chat with didn't even understand what I was talking about. Thought I wanted Acronis to block the virus, and started telling me there's this invention called an anti-virus, like I don't already know that. And he said Acronis defines imaging as "backing up."

 

Huh? Am I misunderstanding what "imaging" is? What product do I need for what I'm trying to do?

 

Acronis TM seems to make a nice, Time Machine style backup, which is great since the only backup I've ever had that worked was Time Machine (back when I used Mac). And I suspect that if I did have to go back two weeks to "Restore PC" (all software and data) to get rid of malware, I could then go to a more recent backup of my data to find the latest unencrypted versions of those files. But the Acronis employee's answer was, "Acronis cannot protect your PC from virus. You need antivirus scan." Sigh.



BC AdBot (Login to Remove)

 


#2 JohnC_21

JohnC_21

  • Members
  • 22,589 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:05:35 PM

Posted 28 July 2016 - 11:50 AM

I think your company most likely had daily, weekly, and monthly backups. If you do a System Image with TrueImage and months later you are infected then you will lose all data placed on the hard drive after the image was taken. 

 

You would need to create a base disk image with TrueImage then do daily or weekly differential/incremental images. If infected would would lose at most a day if you did daily backups and weekly if doing weekly backups. TrueImage allows scheduling so your backups would automatically be created while working on the computer.

 

This would not be Time Machine but a complete disk image. Using the recovery media created in TrueImage you could recover your disk image even if the computer no longer boots. 

 

I don't have much experience with TrueImage. I have used Macrium Free and Aomei Backupper. Also Easues Todo Backup Free.

 

This is a good user guide for True Image that explains deferential and incremental backups.

 

http://www.acronis.com/en-us/download/docs/ati2016/userguide/


Edited by JohnC_21, 28 July 2016 - 11:58 AM.


#3 MelonBird

MelonBird
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:03:35 PM

Posted 28 July 2016 - 12:02 PM

It sounds like you're saying a "System Image", then, includes data as well as software? Maybe what I'm thinking of is more like a System Restore Point. The company I worked for did do backups, but imaging seemed to be different. They had "images" for various types of employees' computers, and the image just installed the OS and what software that employee needed, with permissions and license keys and so on intact.

 

You would need to create a base disk image with TrueImage then do daily or weekly differential/incremental images. If infected would would lose at most a day if you did daily backups and weekly if doing weekly backups.

Except that malware can lurk silently for weeks before deploying. In which case yesterday's backup would be infected, and you might need to go back several weeks.

 

However... Acronis offers "Recover PC" (OS, software, data files, and wipes out everything as it goes) or "Recover Files" (just your files). I'm thinking in the worst case scenario, I could go to my oldest backup for "Recover PC", just to make sure the virus is gone, and then "Recover Files" from a more recent backup in which they are unencrypted.

Maybe it amounts to the same thing even though it's not how I was expecting it to work?



#4 JohnC_21

JohnC_21

  • Members
  • 22,589 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:05:35 PM

Posted 28 July 2016 - 12:32 PM

Correct, if you had malware that went undetected then your System Images (disk images taken after the infection would also be bad). The only reliable way to fix it would be to do a clean install of the OS then take a base image of that clean install or use an OEM factory reset.

 

A disk image would include data and software. Acronis also allows you to browse the disk image by mounting it to a virtual drive in order to pull data out of the image. This would at least let you recover data from an infected image as the malware is infecting your system files, not necessarily your data unless the malware was a file infector.

 

Otherwise use Time Machine where once you reboot it sets the system back to its original state.

 

Edit: A good antivirus helps including software that detects zero day similar to HitmanPro Alert.

 

http://www.surfright.nl/en/alert


Edited by JohnC_21, 28 July 2016 - 12:34 PM.


#5 MelonBird

MelonBird
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:03:35 PM

Posted 28 July 2016 - 03:10 PM

I'm not on a Mac anymore, I just made the Time Machine reference because I have experience with it.

 

Thanks for the AV rec. I've read this forum inside out on preventative measures, so I've got those covered. The problem is, the malware people keep upping their game. That's why I'm working on my backup strategy. It's a lot safer to wipe a drive and restore it than to try to clean malware off of it, so I want to make sure I can do that. I'm still looking into other options.



#6 smax013

smax013

  • BC Advisor
  • 2,329 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:35 PM

Posted 29 July 2016 - 06:05 PM

It sounds like you're saying a "System Image", then, includes data as well as software? Maybe what I'm thinking of is more like a System Restore Point. The company I worked for did do backups, but imaging seemed to be different. They had "images" for various types of employees' computers, and the image just installed the OS and what software that employee needed, with permissions and license keys and so on intact.


Keep in mind that you mentioned that the company expected you to keep the data on the servers. The images that they created likely did contain any data that the users had on their individual computers, but since the likely updated those images very, very infrequently that data backed up with the image would like be woefully out of date if the image was used to restore the computer. So, what they did and what Acronis True Image did are likely the same thing. The difference being is that they were not expecting their image to also keep a current backup of the data, where you can do that with True Image and incremental/differential images if you want (i.e. if you keep your data on your boot drive). In the company's case, they would restore the image if need and if it nuked any data stored on the local computer after when the image was done then that was the employee's fault for violating the company's policy of keep data on the servers and that data would be gone...and that employee likely in trouble.

Personally, this is why I tend to use a separate physical disk for my data or a NAS for my data with my Windows computers (all desktops...my laptops are Macs). I can then clone (very similar in concept to an image) my boot drive with nominally no data to a second drive (and maybe third if I want to create an original setup clone and a working, updated clone) that can be swapped into the Windows computer if something happens to the boot drive. I then separate do incremental type backups of the data drive or NAS. This allows me to only very infrequently update the clone of the boot drive (when installing new programs or installing updates or upgrades to Windows) but then much more frequently backup my data (i.e. daily and/or weekly...depending on how many back up copies I want of that data). I also do some "archive" type backup of some data (i.e. purchased movies/TV shows) that does not need frequent backups.

I do something similar for my Macs in that I maintain a working, updated clone of my Mac. I update the clone after I install new programs or update/upgrade the OS...and I am satisfied there are no issues. Since I do keep data on the boot drive (cannot install two different physical drives on my Mac laptops), this means that it will back up data, but since I rather infrequently update the clone, I then also do other types of backup of the data (such as use Time Machine to backup to a NAS device).

#7 MelonBird

MelonBird
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:03:35 PM

Posted 30 July 2016 - 10:31 AM

I think I'm getting it now. The company must have made images of drives as they wanted them to be for new employees - software only, no data files. So they kept those on hand when someone needed their computer wiped, or a new computer had to be set up for a certain employee. I'm sure that made it easier than installing everything separately, and trying to remember which employees needed Photoshop, who needed accounting software, etc.

 

I've always just kept everything on my hard drive at home because that's the default setting and I didn't know about other options. I've read some about partitioning, and using NAS servers, but I'm not confident I understand enough about any of it to not break something.



#8 smax013

smax013

  • BC Advisor
  • 2,329 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:35 PM

Posted 31 July 2016 - 07:42 PM

I think I'm getting it now. The company must have made images of drives as they wanted them to be for new employees - software only, no data files. So they kept those on hand when someone needed their computer wiped, or a new computer had to be set up for a certain employee. I'm sure that made it easier than installing everything separately, and trying to remember which employees needed Photoshop, who needed accounting software, etc.


Yes, some companies will have "deployment" images that they use to setup computers with out having to sit there and feed individual discs for the individual programs. Just wipe the drive of the newly purchased computer and restore the "deployment" clone with all programs and pretty much all the settings already setup/installed. Makes life a lot easier. There are things you have to be careful of such as different hardware that might require different drivers, but typically still way easier than doing every program one by one and each setting manually.
 

I've always just kept everything on my hard drive at home because that's the default setting and I didn't know about other options. I've read some about partitioning, and using NAS servers, but I'm not confident I understand enough about any of it to not break something.


It is not that hard to do with a desktop. Just install a second hard drive, format it, and then set the "My Documents" (or just Documents in current versions of Windows if memory serves) folder's settings to move when it points to in terms of actually storing the files. This will handle most situations of saving your documents. There might be a few programs that don't default to "My Documents" when saving, but most will. The big offender will be Outlook, if you use it. It tends to default to saving the PST files in another location in your user profile.

#9 RolandJS

RolandJS

  • Members
  • 4,477 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austin TX metro area
  • Local time:04:35 PM

Posted 31 July 2016 - 09:10 PM

Backup/restore programs such as Acronis True Image, Macrium Reflect, Image for Windows, and others, do exactly what they were designed to do -- make numerous kinds of backups, make restores, no more, no less.

Using such to fight viri or malware or ransomware only happens when restorable backups on trustworthy external media exist preceding any entrance into a computer of troubles.

The thread starter described very well-thoughtout, well-planned, well-executed backup routines, which can be called a security defense because of the timely and consistent executions.

Thread starter, I salute you and your company!   :)


Edited by RolandJS, 01 August 2016 - 09:55 AM.

"Take care of thy backups and thy restores shall take care of thee."  -- Ben Franklin revisited.

http://collegecafe.fr.yuku.com/forums/45/Computer-Technologies/

Backup, backup, backup! -- Lady Fitzgerald (w7forums)

Clone or Image often! Backup... -- RockE (WSL)

"I heard Spock finally got colander!"  "I believe the word is Kolinahr."  "Oh."


#10 MelonBird

MelonBird
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:03:35 PM

Posted 01 August 2016 - 08:06 AM

I've always just kept everything on my hard drive at home because that's the default setting and I didn't know about other options. I've read some about partitioning, and using NAS servers, but I'm not confident I understand enough about any of it to not break something.


It is not that hard to do with a desktop.

 

 

I'm afraid I haven't had a desktop in 15 years. Strictly laptops.
 

 

Thread starter, I salute you and your company!   :)

Thank you.

I'm thinking now I will:

 

  • Make a system state backup of Windows 10
  • Collect installers for all my software on a thumb drive, along with a pw-protected file listing any serial numbers needed to unlock them

That way, if I find my full backups from Acronis are corrupted by malware, I have a way of fairly quickly reinstalling all software, and then restoring data from Acronis. If this ever happens, I can make a "deployment image" as smax013 called it. I can store that on an external drive and alter it as I add or delete programs. I should even be able to back that deployment image up to Acronis, just in case local backups fail.


Edited by MelonBird, 01 August 2016 - 08:07 AM.


#11 smax013

smax013

  • BC Advisor
  • 2,329 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:35 PM

Posted 01 August 2016 - 09:18 PM

I've always just kept everything on my hard drive at home because that's the default setting and I didn't know about other options. I've read some about partitioning, and using NAS servers, but I'm not confident I understand enough about any of it to not break something.


It is not that hard to do with a desktop.

 
I'm afraid I haven't had a desktop in 15 years. Strictly laptops.

 
Laptops are a bit more work to do unless your laptop supports two internal hard drives. If so, then it can be just like a desktop.

If it is only one internal drive, then to get a similar type effect you are then into partitioning the disk into a boot partition and a data partition. It is easier to some degree as you don't need a third party utility to split a single partition into two partitions non-destructively as Windows 7's disk management can do it. But, still that typically is more work then it is worth for most people.

#12 MDD1963

MDD1963

  • Members
  • 688 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 14 August 2016 - 07:52 PM

Clonezilla is not pretty to look at, but, it sure works, and works well....; although naturally, if you are making an image of a 500GB laptop drive (5400 rpm) where 250 gb are used, be prepared for said image to take approximately 5.5 hours! Best to simply clone/image the drive right after OS and vital apps installed, as it is much quicker this way.


Asus Z270A Prime/7700K/32 GB DDR4-3200/GTX1060


#13 tos226

tos226

    BleepIN--BleepOUT


  • Members
  • 1,568 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:LocalHost
  • Local time:05:35 PM

Posted 06 September 2016 - 09:57 PM

@ MelonBird,

Re: "This was what a company I used to work at did if you got malware on your PC - they just reformatted with an image (and all data was kept on servers, so you only lost data if you'd broken the rules and stored it to your C drive).

So I downloaded Acronis True Image, which is highly recommended here, and it has no option to do that."

 

 

Acronis CAN do that. You can recover any image, full one or differential so long as you date them and know what you want to recover.

Recovery can be done from Windows - a bit tricky on Windows 10.

The best way is to boot from the recovery flash drive which you can make from within True Image. There you can select what you want to recover.

Just make sure to always include the system_drive (or whatever it's called on your box) which contains the boot path.

 

My random rambling, if you're still interested:

Incremental images are tricky because you need the entire chain to recover to a particular date.

I normally do 3-5 differentials, each then is independent and all you need is the differential you want + its full image base.

Differentials grow against the base, of course, so when it gets silly big, just make a new full image.

 



Edited by tos226, 06 September 2016 - 10:00 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users