on local backup, I have to select an existing disk for the backup destination, meaning that this disk is accessible by anyone else: humans or cryptolockers viruses. So those viruses can also crypt my backup and make it unavailable.
Is there a way to back up on a disk not mounted on the OS, like for example the Acronis Secure Zone mechanism? (I’m on Windows 10).
I was thinking of mounting the drive on pre-script, and unmount it in post-script, but the security risk is the same: if I have a crypto, this one could access the files when the drive is mounted, and crypt by backup.
To my mind, the best method would be to have a raw disk, used by Duplicati to store the data on a way only him can read them (crypted filesystem or whatever?)
So, is there a method to bak up my data on a local disk, that would not be visible for other executables / potential viruses?
There are no special hooks provided. BTW, ASZ is just a FAT32 variant and easily undone, per its forum.
It would be a bit harder to spot, especially if you hide the partition and mount it as a path, not a drive letter.
I think in general you can impede some malware, but anything you can set up “might” be circumvented by malware that knows the hiding game you are playing. You can set ACLs to hide from most things, but the malware can undo that (especially if can get SYSTEM level access). On some Windows (but not Home) encrypting file system can be set up so that a file can be decrypted by only one account, so this might be safe even from SYSTEM (but maybe not if SYSTEM knows the game and is able to access as that user).
Counting on your cleverness to exceed the malware’s is risky. Safest bet is to set remote destination that malware can’t destroy. There are some forum threads on that, but sometimes setup can be complicated.
A bigger risk to your data is probably simple failure of a drive, if you put backup on same drive as originals.
Using a separate drive can reduce that risk, but you can lose both at once from lightning or other disaster.