Recoveries and backups
NOTE: This blogpost is a revised version of an article requested from the author by Lenovo. This version has been updated with additional information specific to ESET software, as well as more general information about other computer manufacturers.
Click here to view the original article.
What is the most valuable part of your computer? Many people might say the hardware itself, while for others it may be the cost of the software that’s installed on it. But the truth of the matter is, these are things that can always be replaced. Maybe not very easily – or inexpensively, for that matter – but it is doable. Now, let me rephrase that question and ask it in a slightly different fashion:
What’s the most irreplaceable part of your computer?
If you think about it in that sense, then it is probably all of the data stored on your computer that would be the hardest to replace, and that’s if any of it could be replaced at all. So, with all of that in mind, let’s conduct a little thought experiment:
What would happen if the drive inside your computer suddenly vanished into thin air?
And by vanished, I don’t mean it stopped working; I mean the drive was no longer physically in the computer. However this may have happened doesn’t really matter, since this is a thought experiment: let’s just say it was there one day, and then all of a sudden, the next day it wasn't. The machine is otherwise intact.
Now, if you work for an enterprise, hopefully the IT department has been backing up your files, and can send you a replacement drive with the operating system, the applications you use, and some (or even all) of your files on it – although, perhaps the help desk might first try to troubleshoot the issue with you over the phone.
If you work for a much smaller organization, or are a home user, perhaps you are using a service like Microsoft OneDrive or Google Drive to back up all of your data to the cloud. In that case, your data is probably still there. Hopefully in a secure fashion, and also hopefully in a way that you can regain access to it without too much trouble. It may still take some time to get a new drive installed and the computer configured for you to use, though, especially if you have to download the operating system, device drivers, and computer-specific software all over again.
Recovery media and more
It used to be that if you had a problem like this you would have to order recovery media from the computer manufacturer. Sometimes for free, but sometimes paying for shipping and handling, in order to get a handful of CDs or DVDs. As deployment tools and technology for Windows improved, manufacturers got better about letting you make your own recovery media. And as hard drive capacities increased, a section of the drive could be reserved to hold a special recovery partition for restoring the system. Eventually, Microsoft added the capability to make recovery media directly from within Windows, as well as to download installation media, although the latter would not have any of the machine-specific drivers, software, or customizations the computer manufacturer made to the system.
Of course, if recovery media was never made or the drive went missing, you would still need to order recovery media from the manufacturer. With improvements to internet speeds, the latest evolution is to allow people to download and create recovery media at their leisure.
Top-tier computer manufacturers like Dell, Hewlett-Packard, Lenovo, and Microsoft provide tools that allow you to download and create recovery media at any time from any device. Here is a listing of these tools, as well as their respective web pages:
Service or Tool
Dell OS Recovery Tool/Dell Support Assist OS Recovery (depends on Windows version)
HP Cloud Recovery Tool
Digital Download Recovery Service
Surface Recovery Image Download
Other computer manufacturers offer programs that come with the computer that can be used to make its recovery media. Here is a list of some of those manufacturers as well as the instruction pages for using their tools.
Service or Tool
Acer Recovery Media
MyAsus Cloud Recovery
Dynabook How To; Understanding System Recovery Options, Create and Restore
Image backup and recovery procedures for Windows 10
How to use MSI BurnRecovery
Recover, Restore or Reset your Samsung PC
Toshiba rebranded its PC business as Dynabook in 2018.
While listing all computer manufacturers and their means of obtaining recovery media is beyond the scope of this article, the links above cover ten of the largest vendors. If none of these are options for you, you may still be able to contact your computer manufacturer to order recovery media or, failing that, download generic installation media from Microsoft here.
Over the years, I have used the tools to download and create recovery media from most of the manufacturers mentioned above and can attest they all pretty much work as intended. In case you are wondering how I know this, it is because creating recovery media is the first thing I have done for every ThinkPad I’ve owned over the past decade or so, even before the computer has arrived. That way, when it does arrive, I use the recovery media to wipe its drive(s) and restore the operating system. Now, this may sound a little counterintuitive at first; however, there’s a very good reason for doing this:
Normally, you would never use the recovery media unless there was some kind of catastrophic failure, or you were giving the computer away and needed to restore it to its original state to remove any personally identifiable information (PII) from it. Doing so is outside the scope of this blog post, but see How to get rid of your old devices safely for information on how to wipe a computer. In the case of failures, though, they often seem to happen at the worst times possible, and getting the computer back up and running is urgent and time sensitive. Over the years, there have been a couple of times where I had to rebuild my computer in a hotel room before a conference. It is certainly not a frequent occurrence, but it caused me to think about what steps I would need to take if it happened in the future.
What I learned from the experience was that it was best to verify that the recovery media worked perfectly before I ever had an emergency. That way, if I ever did need to use it in that emergency situation, I could be confident that the whole process worked. What I found was it was far better to test the recovery media’s ability to wipe and restore the operating system before I invested any of my time in updating, configuring, or otherwise making changes to the laptop.
For me, that small investment of time up front would have saved me a lot of time in the future if I had been stuck with recovery media that didn’t work.
As far as the capacity of USB flash drive to use, some of the latest preinstalls of Windows are just over 16 GB, so a 32 GB drive is best. A USB 3.0 (or faster) USB flash drive will certainly speed the process. My preference is for USB flash drives from reputable brand-name companies. If you are unsure of what size USB flash drive you might need, ask your computer manufacturer’s technical support. Remember, your recovery media is a kind of insurance for recovering your computer when something catastrophic happens; you should not try to skimp on it when a few dollars might make the difference between a successful and a failed recovery.
You may also want to consider carrying a second USB flash drive that just contains installation programs for any “mission critical” productivity software. While the software you need may be available online for download you may be in a situation where there is no internet access, or it may be very slow or expensive to access, such as a hotel Wi-Fi connection. Having the full “offline” installers for essential productivity software might be the difference between getting up and running over the course of an evening, rather than taking up much of the next day as well. Storing these programs on a separate USB flash drive allows you to keep them updated without having to worry about accidentally deleting an important file on your recovery media, corrupting it, or running out of space.
If you ever do make use of your recovery media, be sure to run the manufacturer’s update tool after Windows has finished installing. These tools download model-specific drivers and software for your computer that may work better or contain additional customizations beyond what is available through Microsoft’s Windows Update service. Typically, these programs are installed when the manufacturer’s recovery media is used. If they weren’t, or you used Microsoft’s generic media, here is a list of where you can download or go to get more information about your manufacturer’s update tool:
Acer Control Center S
AsRock App Shop
SupportAssist for Home PCs/Dell Command Update (for businesses)
GIGABYTE Control Center
Hp Support Assistant
Lenovo Vantage (for consumers) / Lenovo Commercial Vantage (for businesses)
MSI Center (for consumers) / MSI Center Pro (for businesses)
Note that some of the update tools offered by vendors are Windows Store apps. If you have a Long-Term Servicing Channel (LTSC, and formerly known as Long-Term Servicing Branch, or LTSB for short) edition of Windows, then these tools may not work for you. Check with your vendor to see if they offer a version of their tool that can be side-loaded or used without needing to access the Windows Store.
Data backup strategies
With the operating system portion of your computer’s backup in place, it’s now time to talk about strategies for backing up your data. These days, there are lots of options available for doing this, but they all fall into two broad categories: In the cloud, or locally stored on your premises. I will note that this is not an either-or proposition. You can use both methods in whatever combination you prefer. Regardless of which option(s) you choose, though, it is crucial to remember that having only a single backup of your files does not provide a great margin of safety in the event you lose access to that backup.
In 2012, US-CERT released a paper suggesting the adoption of a 3-2-1 backup strategy. This strategy states that you should have three (3) copies of important data, that those backups should be on two (2) different types of media, and that one (1) of those backups should be stored offsite. While that is a good starting point, it can be extended. You could consider using multiple cloud providers, and/or having your backups stored in a different geographic region. For physical backups, it may make sense to store a copy not just offsite, but off-region as well. If a disaster, natural or otherwise, happens in your local region, you would be able to travel far enough away and have access to your backups. From a practical point of view, the distance is up to you; it could be a day of travel by plane, half a day’s travel by car, or however far enough that your backups (and you) won’t be affected by a significant local disaster. Earlier in 2023, Cameron Camp and I discussed what could happen if you were caught in such a digital vacuum, and what impact this might have on backups and business continuity.
Backups to the cloud
Cloud backup services are available from a variety of companies, whether it be the Microsoft OneDrive space you got with your Microsoft account, Google Drive with your Gmail address, or from a company that specializes in storing your data in the cloud like Box, Dropbox, MediaFire, SugarSync and so forth. These services are useful because they allow you to access your data from anywhere that has an internet connection. And, as they are stored across many servers connected to the internet, a single point of failure should not impact the integrity of your backed-up data at all, although it may be inaccessible if the service has an outage.
Cloud backups are file-based, and can store multiple versions of the same file, which can be handy if you need to recover an older version of a file. However, cloud backups are also limited by the speed of your internet connection. When a cloud outage occurs, it may take hours before service is restored. Similarly, if you are in a location with poor internet connectivity, it could take a very long time to upload or to restore your data from the backup provider’s cloud.
Another consideration is cost: While some cloud storage providers may provide an initial amount of storage for free, larger amounts of storage can require purchasing more capacity on a monthly or yearly basis, and over time that can add up.
Staying grounded with local backups
Local (aka on-premises) backups can take several forms and use different types of media, but they come in two basic forms: image backups, which store an exact copy of a drive’s file system; and file backups, which store copies of individual files.
There are variations of these local backup technologies that combine the two approaches, and both have ways to perform incremental or differential backups, which backup only files that are either new or have changed since the last backup was performed.
Local backups can be performed to all sorts of media: The most popular today are external USB drives, which includes hard disk drives, solid-state drives, and thumb drives. Optical media such as DVD±R or Blu-ray discs are another option. Although less commonly used today, some people prefer optical discs due to concerns about media longevity.
The speed at which local backups can be performed (and restored) can make them more attractive than cloud backups; however, they can also represent a single point of failure: What happens if only one local backup is made, and that backup gets lost or destroyed? And, of course, in the event that you need to vacate your home or office in an emergency, grabbing your backups should have the same priority as important documents such as passports, birth certificates, tax records, and the like.
If you would like to know more about local backup options, a paper I wrote, Options for backing up your computer, may be of interest. Although it is a little dated in terms of prices and capacities, since it was published in 2011, the points it brings up and suggestions it makes are still quite valid.
Choosing an approach
Cloud and on-premises backups are not an either-or solution. Ideally, you can choose a methodology that lets you use both types of systems for backups. That way, in the event of an emergency, you will have multiple opportunities for retaining access to your data. The trick is in figuring out what works best for your data. Since everyone’s data is different, though, there’s no single type of backup that works for everyone.
For your more critical and irreplaceable data, multiple backups are key. Whether that’s using multiple cloud providers, having multiple external drives, or mixing cloud and local storage, choose an approach that works best for you and your budget.
If you have any questions or comments about backing up or restoring your data, feel free to ask in the ESET Security Forum. Your local ESET reseller, distributor, or office may be able to provide some tips as well. Aryeh Goretsky
Distinguished Researcher, ESET