Backing up hard to do, but worth it

This is an edited version of my weekly column for Loose Wire Service, a service providing print publications with technology writing designed for the general reader. Email me if you’re interested in learning more.

Sometimes it takes something like an earthquake to realize that you’re vulnerable.

Once the ground stops shaking and you’ve begun to sense that your life — and those of your loved one(s) — are not in imminent danger, your thoughts turn to the next most important thing in your world: Your data.

Well, of course, that may not be your exact train of thought, but it’s the general direction. So much of our lives are digital these days — e-mails, music, photos, social lives — the first thing we tend to clutch when we’re in trouble is our cell phone/laptop/external disk drive.

Or at least it should be. So what should you prepare for when things go wrong and you need to evacuate, pronto?

Here, in brief, is how to do it:

Whatever can be online, should be. E-mails, for example, should be on something like Google’s Gmail (or Yahoo!, who have launched a new e-mail service that’s at least as generous in terms of storage as Google’s.)

This doesn’t mean you can’t also keep your e-mails on your own computer, but make sure they are also online. Get in the habit of e-mailing important documents to yourself, as well, so you’ve got an extra copy online.

This means you can evacuate in a relaxed state of mind. Well, as relaxed as you can be fleeing a building that is burning/falling/swaying/no longer strictly speaking a building.

Same goes with photos: Get in the habit of uploading your favorite photos to an online photo album service like Flickr (www.flickr.com), because if there’s one thing you don’t want to lose it’s family snaps.

Sign up for the Pro edition if you’ve got the cash and a fast(ish) Internet connection, since at US$25 a year for unlimited storage it’s a reasonably cheap way of backing up.

Add photos incrementally: Just get into the habit of uploading photos to your Flickr account when you upload them from your camera/cellphone to the computer (I’m assuming you do this; you do do this, right?)

Of course, online options are only good if you’re online. And, tellingly, I’m not right now because there’s a problem with the Internet — and quite a big problem, since even my trusty backup connection is down — so you shouldn’t rely exclusively on connectivity.

(The other problem is that as more of us go digital, we can’t hope to store everything online, because there’s so much of it. Our iPods store 60 GB or more these days, which is still impractical to back up online.)

In which case you need to have a hard drive backup. There are several ways of doing this, but here’s the best one: Back up everything on all the PCs and laptops in your house to one big external drive the size of hardback book, which you can then grab as you exit the building in an orderly manner.

Here’s how to do that:

Maxtor offer a pretty reasonable range of backup hard drives — the cheapest are really just hard drives in a plastic casing (good to prevent damage: hard drives are not as tough as they pretend to be.)

Expect a whopping 500 gigabyte drive to cost you less than $200. Attach the drive to a USB port and you’ve now got a seriously large drive attached to your computer.

Then buy a program called Acronis True Image ($50 from here) and make a backup image of all the computers in your house.

(An image is a sort of snapshot of your computer. It’s faster than backing up individual files, but will still allow you to restore individual files or folders if you need to.)

It’s a little tricky to set up but you’ll get the hang of it, since you’re going to be backing up once a week. (Yes, you are.)

If you think this is too much for you and that the only data you really need to save are a few documents, then get a USB flash drive (those little sticks you can put on a key ring.)

Prices have fallen to the point where they’re a cheap option now for up to four gigabytes. I would recommend the SanDisk Cruzer micro, not only because they don’t have removable caps (which always get lost) but because they include software that make backing up important files easy. (Stick the drive in a USB slot and follow the instructions.)

A word of warning: Think hard about what data you’ve got and what you want to save. It’s easy to forget stuff hidden in an obscure folder.

Get into the habit of saving important files — whether they’re attachments, photos, spreadsheets or whatever — into the same folder. It’ll make finding them to back them up much easier and quicker.

Oh, and try not to wait until the building is swaying/filled with smoke/has moved down the street before actually doing the backing up.

Trust me: You can’t count on thinking as clearly as you might expect.

The Jakarta Post – The Journal of Indonesia Today

del.icio.us Tags: , , , ,

A Patch in Time?

Further to my earlier post about what I felt was Symantec’s somewhat tardy and insubstantial public response to the discovery of a serious vulnerability in its own Antivirus software, I don’t feel much more at ease after an email exchange with their PR folk. First off, Symantec has, by midday in the Asian day, come up with a fix which can be downloaded here.  “Symantec product and security teams,” the media statement says, “have worked around the clock since being notified of this issue to ensure its customers have the best protection available.”

That’s good. And quick. But not, I fear, good enough in PR terms. Why has Symantec worked around the clock to find a solution but not made the same effort to let interested people know of the problem in the first place? There’s been no press release on the web site, for example, only a media statement emailed to those journalists who enquire. When I asked Symantec’s PR about this. and requesting a comment to my original post, all I got was a copy of the media statement and a link to the original security advisory. So I where I could find the “media statement” online, where customers, readers, users and the media could find it? Their response: “Symantec posts security advisories [here]. Please contact Symantec Public Relations for any information you need.”

Sorry, but I don’t think this is sufficient. Security advisories are for specialists. This is not a specialist problem. It’s a vulnerability that affects everyone who uses the software, and people need to know about it. (A Google search throws up more than 130 stories on the topic.) Symantec, I feel, needs to be upfront about the problem and blanket everyone with information, not bury it. Symantec occupies a hallowed position in the Internet world, since journalists, users and others turn to it for supposedly objective views on the state of Internet security. Symantec makes the most of this position, straddling telling us about the problem and selling us the solution for it.

Perhaps I’m overstating things here, but I feel Symantec has let us down. I need to know that if I’m entrusting Symantec with defending my valuable data and office network, it’s going to tell me if there’s a problem with that defence. It’s no good hiding, as Symantec PR does in its response to my email that “There are no exploits of this vulnerability. Symantec strongly recommends customers to follow best practices and apply the patches as soon as they become available from Symantec.” First off, there are no known exploits. I don’t see how Symantec can be 100% sure of this. One has to assume that if there’s a hole in your defensive wall, someone is going to see it. Especially if it’s been publicised. Now the world has known there is a problem with Symantec’s software since Thursday. It’s now Monday. I’m assuming the bad guys too read these websites and news agencies.

So while the argument that you should throw all your effort into plugging the hole and then telling your customers you’ve built a plug might work if the vulnerability wasn’t publicised, this wasn’t the case. It was splashed all over the shop. Symantec’s position on this process is “that we are responsible for disclosing product vulnerabilities to our customers, but in general, no vulnerability should be announced until we have developed and thoroughly tested a patch and made it available to licensed customers.” (For a list of all Symantec product vulnerabilities, look here.) This clearly wasn’t going to happen here, because the vulnerability was already made public, for better or worse. And the process of “disclosing product vulnerabilities to our customers” seems to be somewhat weak here; if the vulnerability is an obscure one, perhaps an advisory might work. But more people than just a sysadmin needed to know what was happening and yet no one, unless they really looked on Symantec’s site, was any the wiser. Still aren’t, actually, since no press release is available.

Some lessons in here. Sometimes just keeping readers, journalists, bloggers, customers in the loop helps, even when it’s bad news.

Xdrive Responds: Patience, Please

Further to several comments from readers about problems with Xdrive, the online storage service recently bought by AOL, I sought comment from their PR. Here, somewhat belatedly, is what they have to say:

Recently, Xdrive began a system upgrade designed to improve the quality and overall performance of the Xdrive experience. When complete, these upgrades will greatly improve the overall Xdrive experience which will result in unparalleled service and features. Unfortunately, during this process, some of our customers have experienced difficulty while using Xdrive’s services. Xdrive is aware of these issues and is working diligently to resolve them in a timely manner. We ask for our subscriber’s continued patience. For any questions or concerns, please do not hesitate to contact customer support either by email at support@xdrive.com or via phone at 866-GO-Xdrive. –Jose Martinez, Xdrive Customer Support Manager.

These upgrades should be finished any day now, Xdrive says. This comment doesn’t differ hugely from their previous one of more than two months ago, but it’s at least something. One can’t help wondering, though, whether the damage is already done. Why stick with an online storage service that offers such unreliable service for nearly three months? Isn’t the whole point of online backup to be, well, a backup?