Recap on Mozy Online Backup
IT Chapters April 15th, 2007After deciding to use Mozy as my preferred online backup solution, I thought it would be only fair to have a recap on how it is performing on my current system. I decided to scrap the initial backup I did (10GB of files) and restart using my own symmetric key to have more peace of mind on the safety of my files. Since I already use asymmetric keys generated by puttygen, I decided to simply generate a set of keys and only use the public key as my key for Mozy. A weird way to do it, but at least the key is nice and random.
I started uploading my files again, and let Mozy run for around a week. This process ran at mostly 45KB/s on my limited 60KB/s upload speed which isn’t too bad. One thing you will notice is that the interface for the Mozy backup application is pretty limited and could use a lot of work with regards to the UX. During the backup I came to the realisation that there may be a limitation with Mozy. Since your backup sets are linked to your computer and not your account, having your computer crash would cause Mozy to think upon reinstall of Windows that your computer is a new machine and subsequently your backups would be removed. Cue much reading of the documentation (again, pretty limited) and finally chatting to a support tech on their live chat system who kindly said there is a procedure for this such use case although it requires you to download your entire set of backups which is just madness.
Now me not being the forward thinking guy I normally am, I ran the entire 29GB backup without testing a restore. With the Pro version of Mozy there are three ways of restoring files. One is via a contextual explorer window which allows you to right click on a file or folder on your drive and restoring directly. The other two methods require logging into your Mozy account in a browser and chosing the files you want to restore. From there you have two options, one of which is to receive a DVD set of the backup you want to restore (currently unavailable and pretty expensive) or to have a web restore which generates zip files for you to download. The zip files contain the encrypted versions of your files; in the case of your own symmetric key; and are broken up into 1.9GB.
In my tests, the explorer contextual menu restores worked like a charm. A little slow for my liking but none the less it worked. Watching filemon, Mozy does not ever touch your symmetric key on the harddrive but constantly reads from its state files which would mean that they store the symmetric key for you. With regards to the web restore method, I’ve come up with a blank. Downloading the zip file, extracting the files to a temporary location, I then have to run a decryptor tool on the files as they can’t seem to do the automatic decryption for you. Once you’ve started the tool, which looks like it was written in VB6 by a monkey with no fingers, you get to chose your symmetric key and the location of your encrypted files.
And this is where I scream and curse Mozy. Not because of the horrible decryption tool but because my symmetric key is not recognised. And yes, my symmetric key has not changed, moved or otherwise been touched other than by Mozy itself. I simply cannot decrypt the files using the key that I used to encrypt the files with. In other words, I have 29GB of useless data and no backups to speak of. Contacting their live support team, I was presented with the following question: “Can I please have a copy of your key and some of the encrypted zip files.” Yes, jokes aside, Mozy themselves asked for a copy of my key. It’s like giving my PIN number to my bank and once given means your key is completely insecure. They’ve promised an email once they’ve looked into the problem but I’m not expecting anything from them.
I’m at a bit of a juncture now with regards to my off site backup solution. Mozy has proven itself untrustworthy and currently no other vendor provides the same sort of options that Mozy does itself. What are my options for safe and secure (and cost effective) backups? I have a server in the US that I can use, however I would prefer to store my files at a company whose primary business concern is the backup business.
Next I have an article in the works regarding Mozy’s state and config files. Interesting little nuggets of information in there.
April 16th, 2007 at 12:58 am
Hi,
We hear complaints like this from many of our clients who switch to us after trying the “Cheap” backup services. If you have business data that is valuable to you, take a look at our service. You can try it absolutely free for 30 days.
www.dataprotection.com
I think you will find that our service and support are outstanding.
Give us a try.
Jeff Danos
CEO, Data Protection Services, LLC
April 16th, 2007 at 11:42 am
Hi Jeff
Thanks for the offer. How much would your service cost a month for a 30GB backup?
April 16th, 2007 at 5:59 pm
I had the exact same experience with Mozy. They claimed they have a bug if you switch from public key to private key, even if you re upload all your data. Took me half dozen emails to tech support to get my private key working, but I had to re-upload everything TWICE. If you start off with private key from the getgo, supposedly all will be well. Just dont change your mind!!!
April 16th, 2007 at 6:20 pm
ray,
i’m sorry you’ve had a difficult time decrypting with your private key.
there are three reasons why you are having this problem:
1 - you aren’t using the most up-to-date decrypt utility (ver 1.6.0.4)
2 - you aren’t entering your key correctly to the decrypt utility.
3 - you found an obscure bug that tens of thousands of other customers haven’t found over the last year.
so i hate to say this (because you seem like a very intelligent person) but every time we get support calls with this problem it’s reason #1 or #2 - but usually #2, operator error - folks just get confused on how to handle keys (every bit counts, including line-feeds…!)
typically when a private key user can’t figure out how to decrypt, we kindly ask if it’s okay for us to demonstrate to them that it’s a user error by decrypting one of their files for them, and so we have to ask for their key. in your case, the support person didn’t give you the regular “by giving us your private you are diminishing the security of your backed up data, yadda yadda.”
so when we show folks that it actually works fine, they feel a little dumb, but are happy to see that mozy does indeed work as advertised.
in your specific case - i don’t know what the problem is. perhaps there is something odd about using putty to generate the key, or how you are storing your copy of the key. perhaps you have found a genuine bug. we’ll do some testing and let you know what we find. if it’s a bug on our end, i’ll happily eat crow and thank you for helping us identify a bug.
oh, two more things - yes, the decrypt utility is crude, but it works (and it’s not written in VB btw) and also, your private key gets encrypted and stored in the registry - which is why you won’t detect our access to it using filemon. (try regmon.)
feel free to correspond directly with me so we can resolve this.
-josh
Josh Coates
Founder, CEO
Berkeley Data Systems, Inc (Mozy)
April 16th, 2007 at 9:10 pm
Hi Josh
I’ve confirmed that I’m using the same file for my decryption as I used in the beginning for the encryption. The only difference is that originally I used the Mozy standard encryption key and then restarted using my own key after realising I wanted to use my own key.
The mozy key I generated using puttygen is never used, never touched by any application other than mozy itself. Which is annoying in itself since the obvious problem is that the file was modified after I originally generated it. Which is unfortunately not the case.
Looking forward to the response from your tech team. Thanks for the interest in my problem.
April 16th, 2007 at 11:41 pm
ray,
mozy only reads your key file during install - it never modifies it or accesses it ever again.
so if i’m understanding you correctly, your puttygen file has been modified after you created it? if this is true, then it was modified by something other than mozy. again - mozy encrypts and stores your private key in the registry. it actually could care less where your private key originally came from (eg. a file or stdin) as it simply makes a copy of it, encrypts it and puts it in the registry during the inital mozy setup.
-josh
Josh Coates
Founder, CEO
Berkeley Data Systems, Inc (Mozy)
April 17th, 2007 at 7:59 am
Hi Josh
The file has NEVER been touched other than by Mozy. The file was generated specifically generated for Mozy and nothing has touched it at all.
Thanks!
Ray
April 18th, 2007 at 4:54 pm
Hey Ray,
You might want to check out BackupRight - http://www.backupright.com - I have used them for about a year now and obviously we think alike because I did extensive restore testing before selecting them.
I have used their client to restore several gigs of data over the wire, including MySQL dbs and some Exchange mailboxes. The web restore is handy for just a folder or two.
I also understand that if you have >50 gb of data that they will send you a USB drive with you data if you need to do a restore.
So far I have only seen great service with BackupRight, thanks for the warnings about Mozy. If that was my offices’ data I would be out of a job right now from the sounds of things.
Steve
April 18th, 2007 at 5:34 pm
Hi Steve
Thanks for the hint! To be fair, Mozy are really trying hard to sort everything out so I’m going to see how it pans out first.
BackupRight looks pretty expensive though.
April 24th, 2007 at 4:17 am
Keep us updated.
Mozy is certainly less expensive, a big plus.
Cheers boetie!
April 27th, 2007 at 2:02 pm
Use this registration code “WMA5BB” when you sign up and the referrer and the referee both get an extra 256 MB of free space. Not a bad deal.
May 3rd, 2007 at 9:23 pm
Try CrashPlan (http://www.crashplan.com). It’s slightly more expensive than Mozy but still cheap. That being said, I’m trying Mozy out right now to compare the two before I make a final decision.
October 13th, 2007 at 2:13 pm
I use an online backup solution from http://www.perfectbackup.co.uk reason being is I can automatically backup my linux and windows PCs as well as my mac (bit of a techy geek)to the same account.
More importantly, I can squeeze over 3GB of my data to a free 1GB account and they even offer a £1,000,000 data restore guarantee. Check them out.
December 30th, 2007 at 7:39 am
Hi,
What’s up with you and Mozy now? Are you now using Mozy to backup? or have you moved to a new backup service?
Tom
January 2nd, 2008 at 6:02 pm
Hi Tom
Bought myself a large hard drive and put it into a server that I have in the US. I now just rsync to it once a week.