←back to thread

Testing DVD-R and CD-R 25 years later: optical disks from Japan

(goughlui.com)
176 points csdvrx | 1 comments | 01 Apr 25 21:46 UTC | HN request time: 0s | source
Show context
quantadev ◴[02 Apr 25 00:57 UTC] No.43552780[source]
IMO the only way to perfectly protect yourself against Ransomware Attacks is with CD-Rs, because it's something not even hardware can alter. A skilled take over of the root level of a machine can be encrypting everything and you'd never know it, until the day it denies your access, by deleting an encryption key until you pay up to get it back...you hope.
replies(6): >>43552844 #>>43552932 #>>43553040 #>>43553071 #>>43553804 #>>43554384 #
theamk ◴[02 Apr 25 02:07 UTC] No.43553071[source]
Modern backup systems use reference counting mechanisms, which means you can set up any old versions policy you want. Something like "last 3 annual backups + last 12 monthly ones + last 8 weekly ones + last 30 daily ones" will help a lot against slow encryptors.

You'll want to ensure the malware can't destroy your backup, but that is possible too. A traditional way is to have a separate backup machine that runs backup program and pulls files remotely. Some backup apps can store directly to cloud storage and can work with "append only" permissions, to ensure that client can't delete existing backups. In this configuration, a separate trusted machine must run pruning periodically.

replies(2): >>43553253 #>>43553345 #
freosam ◴[02 Apr 25 02:47 UTC] No.43553253[source]
That's all true, and probably a better system overall, but burning an optical disk, labelling it, and putting it on a shelf does feel like a more accessible backup regime for many people. :-)
replies(1): >>43553521 #
1. theamk ◴[02 Apr 25 03:54 UTC] No.43553521{3}[source]
Fair enough! The danger with disks however is that it's an entirely manual operation which is easy to forget. Something setup-once-and-forget - local server or a cloud-based one like backblaze - is more likely to actually have the latest data when you need it.

(Another reason is that the disks do bit rot however, and you'll never know until it's too late. Meanwhile, my ZFS fileserver sends me a email every weekend that it's scrubbed all the disks and found no errors - this warms my heart :) )