Mac’s Time Machine seems to work so slickly that we may be lulled into a false sense of security

Time Machine LogoI admit that I used to assume that, once it had backed up a file, Time Machine would keep it – at least until it had to remove some old backups to make way for newer ones.

A few days ago, though, one of my IT Support clients specifically asked me whether Time Machine still keeps files deleted from the main drive, so I started doing some digging. Apple don’t seem to offer any technical information at all on exactly what the software does – this is all I could find on the subject.

The nearest I’ve come to anything that sounds in any way authoritative on the subject is from Király’s comments on this Apple discussion page. In Király’s opinion, Time Machine appears arbitrarily to decide which daily backup to retain as a weekly backup and it appears that no attempt is made by Time Machine to ensure that all the different files created and amended during the week are preserved in the weekly backup. So, if you created a file on Monday and then worked on it on Tuesday and Wednesday, it would be in the daily backups for those days. But if you then deleted it and Time Machine chose to carry the Friday daily backup forward as the weekly backup then the backup of the file worked on earlier in the week would be lost. Presumably, the same would apply when deciding which weekly backup is retained to become the monthly backup.

I haven’t found anything else that precisely confirms this situation, but neither have I found anything that denies it. However, I did come across a more detailed critique of Time Machine at the Mac Observer. While not addressing my specific concern of deleted files not being kept in the backups, it does express other concerns about Time Machine.

So, assuming that (like me) you no longer have complete faith in Time Machine, what do you do?

Backup FolderWell, I don’t recommend abandoning Time Machine just because of this. It’s easy to set up and it seems to work well for most situations. Instead, I recommend taking manual backups of important files and folders as often as you feel it is worth it. So if, for example, you have a folder of important work that occupies, say, 10gb, and that folder contains files that are regularly changed and added to, then I would invest in 3 X 16gb USB flash drives (about £5 each from Ryman) and periodically copy the entire folder to one of those drives and rotate the drives that you use. It’s important when doing this to add the files to the USB drive without deleting the previous contents of the USB drive first. Otherwise, you are, once again, in danger of losing files that are no longer on the hard drive. If you are talking about large music or photo collections, then you might have to use external hard drives instead of USB flash drives.

Alternatively, you could “archive” huge chunks of the data that never change and only back up the more volatile files. Personally, I take “archive” copies of important folders periodically as well as my regular backups. Archive copies are ones that are never deleted or overwritten. So, if you take an archive copy onto DVDRs (not the rewritable DVDRWs) then you know you have a copy as long as the DVD is readable (we might expect this to be forever but see my blog on data retention). Many laptops nowadays do not have inbuilt CD/DVD players, but you can buy external ones that connect by USB cable when you need them (see my blog on external CD/DVD drives). Of course, DVDs can normally only contain about 4gb of data, so this strategy has its limitations.

Another possibility to consider is creating backups and/or archives onto SD cards. I currently take daily backups of my important folders onto a 128gb SD card (that I never bother removing from the machine). Since this is a separate drive from the internal (SSD) drive, it gives me some protection against SSD drive failure.

World Backup DayThe concept of backups is easy. It just means making copies of things so that you are not left bereft if something happens to the original. In practice, though, it can become very complicated. As a general principle, I would always recommend that backups of important things are taken in more than one way, onto more than one medium, at more than one time, and kept in more than one place. And it now appears to me that that principle holds good even if your primary backup method on a Mac is Time Machine.

By the way, did you know that 31st March is “World Backup Day“? I kid you not. Who decides these things? What happens if two different “causes” want the same day?

Yes, I know it’s a subject no-one likes to think about, let alone do something about

Backup Button

If only it were as simple as a key press ….

I feel that I walk a narrow line with a lot of my computer support clients between nagging them and ignoring something that I know is important – backups.

It’s easy enough for Mac users. Just set up the Time Machine and you can more-or-less forget about it (except that Time Machine won’t protect you against ransomware. Yes, that’s right, Macs are now vulnerable to ransomware – see this article from Malwarebytes on ransomware). For PC users, however, there is no simple, obvious way to “set and forget” a backup routine. The “File History” option in recent versions of Windows is a start, but it’s simplistic and very much a work-in-progress for anyone whose data filing is any more complicated than using the predefined libraries (Documents, Pictures, Music etc).

My own backup system has always been rather ad hoc, with lots of redundancy built in. The word “redundancy” in this sense means that there are different ways of achieving the same end. Any one method can fail without stopping the other methods from working. In this sense, redundancy is very definitely a good thing. It can help to give you cover, for instance, against those occasions when you try to open a backup drive and discover it’s dead (not a nice experience if you are trying to access your only source of backups).

A few months ago, though, I decided that it’s time to go on the hunt once more for a solution that’s good enough that I would trust it – both for myself and for my clients. The difficulty with backup solutions is that there is a constant tension between ease-of-use and flexibility. The more you have of one, the less you tend to have of the other.

Cobian logo

Cobian backup software logo

Anyway, I came across a name that seemed familiar – Cobian. I remember that this was a backup solution that I used to use for myself and my clients in the past (5, 10, 15 year ago?) but, for some reason that escapes me, have stopped using. I do remember that it was a bit of a pig to set up. That’s probably why I didn’t use it for all my clients. On the other hand, I can also distinctly remember at least one occasion when it definitely did save a client’s data. I’d set it up for her and she’d just left the external drive connected and let it do its thing for, I don’t know, a year or two I think. And then she had a hard drive crash and her data (and my reputation) were on the line. Cobian had been working perfectly all the time. I installed a new drive, then Windows and her programs, and then restored all of her data from the Cobian backup on the external drive. No problem.

When I re-acquainted myself with Cobian last year I found that it’s now got a much simpler interface – but still with all the flexibility that’s needed. I set it up doing different routines on two different machines and it has worked flawlessly for about three months. It even flawlessly backs up files that are open at the time the backup takes place (eg Outlook data file and Evernote database).

It still has a complexity in setting up that some users might find daunting, but my experience of the last few months has given me the confidence now to recommend it for any Windows user looking for a solution that needs more flexibility than the inbuilt File History. I would be happy, of course, to set it up and configure it to your needs (probably half an hour or so).

Ransomware Screen

You do not want to see this on your screen

If you think that your data is safe from disasters because you use cloud services – and especially if you think you are safe from ransomware because it’s “all in Dropbox” or “all on OneDrive” – then you should be aware that files encrypted by ransomware can over-write your (unencrypted) cloud copies. If you use free versions of cloud services there is every chance that previous (unencrypted) copies of files will not be available in a crisis. Peronally, I wouldn’t risk it: one of the things that Cobian backs up for me locally is a copy of my OneDrive and Dropbox folders. Some of those backups are then held “offline” (ie the drives are only connected to my system at the time that Cobian is doing the backup). Ransomware can not encrypt files on drives that are not connected to your system at the time of the attack.

I’m not one for new year resolutions, but if you are thinking of making one this month then sorting out a backup system would be a good one.

In these days of ransomware, isn’t it dangerous to leave backup drives connected all the time?

Backup Drive on a LaptopVery slowly, data backups are becoming easier to keep up to date. If you buy a Seagate external drive, for instance, it will probably include backup software that you can “set and forget”. Once you’ve made your initial decsions about what you want to back up, how many copies to keep and so on, the software just keeps doing it as long as the backup drive is connected to your computer (usually by USB cable). Yes, it can be a bit inconvenient having an external drive permanently hanging off the side of your machine – especially if it is a laptop that spends a lot of time on a desktop but some time on your lap. It’s just not good practice to forget the drive is attached and yank it around by the cable when moving the laptop! If it goes crashing to the floor then it could easily be “goodnight Vienna” and back to PC World for another one.

That aside, I think a lot of people have actually started to get used to the idea of having backups automatically taken and updated. This is especially true, of course, for Mac owners who just have to set the inbuilt “Time Machine” software to use an external drive and then forget all about it.

And then along comes ransomware. This is malware that encrypts data on your computer and demands a ransom to decrypt it for you. See this previous blog post on CryptoLocker, for instance. There is obviously a very strong argument that says you should never ever give in to blackmail, but if the only alternative is to lose invaluable data then it’s not difficult to see why people pay up. Now, the problem with ransomware is that it can encrypt data that’s on your external drive as well as your internal drive if the external drive is connected at the time that the malware attacks.

On the face of it, then, you are between a rock and a hard place. If you don’t keep your external drive connected you risk losing data that’s not backed up, and if you do keep it connected then the data is backed up but is vulnerable to being snatched away from you by ransomware.

Time Machine Settings

As you can see, I back up my MacBook Pro to a 750gb drive and also to a 1 terabyte drive. This dialog box shows me when I used the drives, so I know which one to use next.

If you’ve got a Mac then it’s actually quite easy to resolve this dilemma. Not only is the inbuilt Time Machine software easy to “set and forget” but it’s also flexible enough to let you use more than one backup drive. So, you simply alternate the drives as often as you wish. If one should fail or be compromised then the other – although probably not completely up to date – will take almost all of the pain out of the situation. This is actually a very good and simple practice. An external drive only costs £40-£60 these days. Just buy another one and alternate them. It’s a no-brainer. For the sake of completeness, I’m just going to mention one more practice that you can adopt if you really want to be responsible about your data backups. And that is to take a second backup onto an external drive and then remove it from the premises. Ask a friend or relative to keep it for you and periodically swap it for a later backup. This may sound like overkill, but it does provide a layer of protection against something disastrous happening not just to your computer, but to the entire location – eg fire, theft, or flood.

To be honest, I don’t know if swapping drives would work when taking continuous, incremental, backups using software such as Acronis or Seagate’s on a Windows PC. It’s just possible that files are marked to say that they’ve been backed up, so wouldn’t get backed up if a different backup drive were substituted. This is almost certainly one of those IT situations where the quickest way to find out is probably to “suck it and see”. In the meantime, you can ensure that a second backup will definitely work by doing a full backup instead of an ongoing incremental one.

Backup Strategy JokeWhether it’s worth bothering about the possibility of falling victim to ransomware is, of course, your own decision. And I should add that, as far as I know, Cryptolocker still only attacks Windows PCs. It’s very difficult to assess the chances of such disasters happening. I recommend that you imagine the situation you’d find yourself in if such a disaster did happen. Go on – really think about what you might lose and how inconvenient it would be. That should then give you some idea of how much effort you are prepared to put into creating and following contingency plans.

© 2011-2019 David Leonard
Computer Support in London
Privacy Policy Suffusion theme by Sayontan Sinha