Pre-backup file scanning for anomalies prevents overwriting your precious backups with ransomware garbage.
If a program such as Retrospect Backup hangs around for decades, as it has, you know it must work–a good thing. The latest version, 18.5, implements pre-backup file-system scanning that will prevent you from overwriting your previous backups with ransomed (encrypted without your knowledge) files–an even better thing.
Ransomware is real, Retrospect will detect it
I once found the notion of ransomware amusing–until, I got hit by it. I noticed a flood of newly encrypted files on Dropbox (synced from my own network) in place of the ones that should have been there. Sure enough….
There was no permanent damage thanks to a daily local backup (hint, hint) but it was a chilling, infuriating experience. If the perpetrators had been in the same room, I’d be in the hoosegow now.
A couple pieces of advice gleaned from the experience:
- Don’t host your website on your NAS box using an outdated version of WordPress. (Yes, I know….). If you do, make sure it’s on its own dedicated box without important data on it.
- Limit internet access to your LAN and/or computer or take steps to secure your home Wi-Fi network and router.
Retrospect’s local anti-ransom features aren’t real-time like a true background anti-malware application. Instead, when Retrospect 18.5 starts a backup, it simply checks to see how much data has changed. If the number of new or altered files exceeds a user-definable percentage, it cries foul and alerts you; meanwhile not overwriting anything in an existing backup. This is referred to as anomaly detection.
Of course, the efficacy of the whole deal depends on your backing up frequently so you can restore the un-ransomed, unencrypted versions of your files. I suggest daily (again).
Retrospect also interfaces with the immutable data feature offered by services such as Backblaze, Wasabi, S3, etc. Immutable data being data that the service won’t allow to be altered or deleted for a set period of time.
There are two versions of Retrospect aimed at end users: the $49 Solo and $159 Desktop. Both include licenses for two computers. The upgrade for users of Solo 18, or users of Solo 17 with an active support contract are free. Otherwise, upgrades are $29. Note that support contracts for Solo are $60.
What the extra $110 buys in Desktop is support for bare metal restore (driver installation, etc. during a full restore); backup from NAS or network location sources (oddly called “NAS source protection” by Retrospect); the ability to back up using tape drives (not carousels–that’s even pricier); and the ability to run four rather than two execution units (concurrent operations/threads). That’s the gist of it, but if you want a more detailed comparison, check the Retrospect site.
Retrospect functions a bit differently from most backup programs. It stores the catalogs for backups locally, and the data resides in a container file on whatever media you back up to. This has a great advantage in speed, especially when retrieving data from a slow medium such as tape. You can, of course, rebuild the catalog from a backup should you somehow lose the original.
The program’s venacular is also a bit odd. Data locations to be backed up are referred to as “volumes,” destinations are “backup sets,” and “selecting” is where you find the filters that skip or include various types of files. It’s simple enough once you’re used to it, but not immediately intuitive to users of other backup programs.
The Retrospect interface has changed little from back in the ’90s when I first used it. It’s a tad old-school in appearance, but extremely efficient. Given the number of options available, the expandable/collapsible tree to the left is a fantastic way to provide quick access to them. Some times the old ways are best.
Personally, I wouldn’t mind a facelift, but Retrospect is big in the enterprise and the IT crowd is risk/change averse. “If it ain’t broke, don’t fix it,” as it were. It’s an attitude born of experience. Historically, companies have spent small fortunes recovering from buggy “upgrades.” I’ve seen it, and I’ve charged for fixing it.
The plethora of options I spoke of includes: compression and encryption; extremely granular scheduling; pre- and post-backup operations; password protection; filtering (including a copious helping of presets for common file types); media rotation and spanning (not with the end user versions); differential, incremental, full, and block-level (only changed portions of a file) backups; deduplication (not backing up copies of the same file); and a host of others. If a backup maven has thought of it, Retrospect offers it.
Solo as mentioned, lacks disaster recovery or boot media for such. For that, I recommend R-Drive Image.
If you read our review of version 17, you’ll know that backups of PCWorld were once performed using Retrospect (and 8mm tape). We used it because Retrospect was reliable, and truth be known, it was by far the most powerful backup program available for the Mac. And yup, PCWorld was once published using Apple products. As PC actually stands simply for personal computer, we considered it kosher. Mostly.
To make sure Retrospect’s backup engine hasn’t all of sudden gone AWOL after 30 years, I executed several backups on a busy data drive: a full, a differential, and several incrementals, targeting a 10Gbps USB SSD. I also backed up to a network location (you can back up to, but not from–see above).
As expected, Retrospect purred along like a finely tuned power plant during those backups and the subsequent restores. Even with two backups going at once. Indeed, the only times I’ve ever had an issue with a Retrospect backup, it was a problem with the media.
I also tested the anomaly detection with various percentages of altered and renamed files and it functioned as advertised. It’s a nice safety net to have, though regular, rotated backups are the real key to recovering from a ransomware attack. Assuming you discover said attack that is. It’s kind of hard to miss most of the time.
Put simply, Retrospect Solo is a great backup program for users that require more control than the native backup in Windows or macOS provide. The new anomaly detection is a nice hedge against ransomware and, if you use one of the online storage services that support it, immutable data support is another sweet perq.