Everybody likes Mozy--except me. Part 2
This is a continuation of Tuesday's posting (Everybody likes Mozy--except me. Part 1), which introduced the Mozy online backup service and software and where I started offering my opinions. Since Tuesday, I came across two more positive Mozy reviews.
In April, Serdar Yegulalp, writing for InformationWeek, reviewed Online Vault, Carbonite, eSureIT, iBackup and Mozy (Five Online Backup Services Keep Your Data Safe, April 9, 2007). He concluded that "The all-around winner for regular users and small business from this bunch was definitely Mozy, both for its plan structure and its unobtrusive client."
Also in April, BusinessWeek had a short article by Arik Hesseldahl about the beta release of Mozy for the Mac where he said "I've used Mozy on the Windows machine at the office, and actually came to like it a great deal" (Mozy Comes To Mac Today! April 25, 2007).
Encryption
Anyone considering backing up sensitive files has to be concerned with security and encryption. Walter Mossberg barely mentioned security, but David Pogue warned:
"Then there's the security thing. All four companies insist that your files are encrypted before they even leave your computer. But if you still can't shake the image of backup-company employees rooting through your files and laughing their heads off, then this may not be the backup method for you."
Note: He was referring to the idea of off-site backups, not specifically to Mozy.
At first glance, Mozy security sounds impressive--files are encrypted on your PC using 448-bit Blowfish encryption and then transferred over the Internet to Mozy using 128-bit Secure Socket Layer (SSL) encryption. But let's take a step back.
- Mozy software encrypts the files on your computer
- To do this, the Mozy software needs to know the encryption key (basically a password)
- Mozy stores your files on Mozy's computers
The problem here is that Mozy is doing everything. In effect, Mozy makes the key, the lock and the safe.
How files are transferred between the PC and Mozy has nothing to do with the real security issue, as I see it. The SSL encryption used during the transfer offers protection from interception while the files are in transit, but no protection from Mozy.
There are two ways the Mozy software learns the encryption key/password--either you pick one and type it into the program, or the program will chose a password on its own. As they explain:
"You have the option of using a Mozy key, or your own private key to encrypt your data. Note, that if you use your own private key, you must be very careful about not losing it, because if you do, we won't be able to help ... Most users opt to use the Mozy key, but it's up to you."
Note: "key" can be thought of as a password and "private key" can be thought of as you're choosing the password.
Using a key/password generated by the Mozy software may not sound so bad, but it means your sensitive files are not secure.
In Part 1, I quoted Walter Mossberg as saying "Both companies encrypt the backed-up files and say they don't view them." Not that they can't view them, but that they don't view them. And the Mozy warning--do not lose your key/password or they can't help you--implies that when their software chooses the password, they can help you. They must know the password.
Even if you choose the encryption password, you are trusting the Mozy software not to externalize it, either on purpose or by accident. When it comes to backing up sensitive files, there is no place for trust in the equation.
This situation is not at all unique to Mozy. Other online storage companies also provide software that encrypts your files. I suggest using a backup scheme where software from one company does the encryption while an unrelated company stores the files.
Restoring Files
When it comes to restoring files, Mozy can be slow. You can't simply go to their Web site, navigate to your needed files and download them. Instead, you have to request all the files you need up front (don't forget any) and wait. In Mozy's own words:
"Depending on how large the restore is, it could take a few minutes or a few hours for Mozy to prepare the data for you. When it's ready, you will be emailed letting you know you can download it. When you get the email, go to your Account page and from there you can download the restored data."
If you can imagine a situation where you need to access your off-site backup files quickly, Mozy might not be an optimal fit. Joe Hruska at Ars Technica described his experience restoring files using the Web-based interface: "When I requested a restore build as a free user, it took Mozy 36 hours to make my restore file available versus only 18 minutes when I requested the same service as a paying customer."
Only 18 minutes? With the nothing-special backup service I use, it takes less than 18 seconds to start downloading files, and e-mail is not involved at all. And 36 hours seems excessive, even for a free service.
More Gripes
There are a couple things I don't like about the way Mozy backs up files.
For one, their software copies open and locked files. No thanks, I prefer my files closed and unlocked when they are backed up. Why they do this, I don't know. What problem are they solving? Since the Mozy software runs all the time, there should be very little delay between when a file is closed and when it's sent off-site. I prefer backup software that issues a warning when it tries to copy an open or locked file.
Part 1 of this blog had a discussion of why Mozy is motivated to store as little data as possible. This may explain why Mozy doesn't always back up entire files. They try to be smart about it and only back up the pieces of a file that changed, a feature they call "block level incremental backups". I'm a pessimist, and this strikes me as just something else that can go wrong. I prefer my backups simple, and backing up pieces of files and later putting all the pieces together, is complicated.
The Ars Technica review had this gripe: "Unlike several of the other programs we tested, Mozy doesn't offer a 'Backup this file' option when an item is right-clicked inside Windows Explorer."
Being a computer nerd, I'm comfortable using FTP to transfer files. Mozy does not allow uploads or downloads via FTP.
Warranty
Ed Foster writes The Gripe Line column for InfoWorld. Back in February, he wrote a memorable article called Backup Service EULAs Warrant a Closer Look (alternate link). A reader of his column reviewed the terms of service for Mozy, Iron Mountain, Carbonite, Xdrive, and SOSonlinebackup. According to Ed, "All disavowed that the product had to actually function at all except Iron Mountain, which in its warranty promises to at least try to fix bugs..."
The unnamed Gripe Line reader said it well: "The availability of data, in essence, completely defines the service itself. Yet, all of the online backup companies I surveyed expressly disclaim any responsibility for actually delivering on the service they claim to offer." Three of the companies, Mozy being one of them, disavow damages for their own negligence.
And here's an analogy that really puts it in perspective: "Who would buy life insurance if the carrier's terms of service has a clause that says that if you die, they have no real obligation to pay the claim?"
Finally, on a (much) lighter note, some people may have a hard time complying with parts of Mozy's End User License Agreement. In the LIMITATION OF LIABILITY section it says:
"FURTHERMORE, YOU AGREE TO USE THE SOFTWARE OR SERVICE
EXCLUSIVELY FOR GOOD AND FOR AWESOME."
Talk about restrictive. And then there is this, in the next paragraph:
"DO NOT TAUNT HAPPY FUN BALL."
Wikipedia has an explanation of Happy Fun Ball. As lawyer jokes go, this one is pretty good.
To end on a legal note, that's my case.
Michael Horowitz is an independent computer consultant and the author of several classes on Defensive Computing. He is a member of the CNET Blog Network, and is not an employee of CNET. Disclosure.
The features you mentioned in your comparison to 'the product you use' were interesting. Realizing this isn't an ad, how might we come by the name of that product?
I agree totally about the backup utility in Windows XP. To call it disgraceful would be kind. Haven't used the one in Vista. If I had to pick one backup program for general use, I would chose the free Replicator by Karen Kenworthy, available at www.karenware.com. As backup software goes, it mid-level, with the features needed by most people most of the time. I plan on writing many postings about backing up a computer.
---------------
To pizzafoundry:
Go to my personal website, michaelhorowitz.com where my email address is and send me a note. My point in these two articles wasn't that I have the one great solution, there is no such thing. Everyone's needs are different. It was to show how the many recommendations for Mozy don't necessarily make it the right choice for you.
--------------------------
To eilmark: 9GB is on the high side for online backup. Almost all broadband connections are MUCH slower uploading than downloading. Send me an email if you'd like to discuss this more.
A main thing with mozy is it syncs the local directory with a remote one.
with regular ftp . if you amend a file, you'd have to know what files you amended, and just ftp them. or you'd have to wipe your backup and ftp the lot.
BUT
What should a small business use?
Say less than 50GB of data ( in reality <10GB)
I get info from journalist / mag reviews but I am cynical
what do they really know and do they live and breath a business persons needs/ worries/ frustrations.
Your comments on mozy were very worrying- another reason to do NOTHING ! ?
Thanks
Frank
United Kingdom
Do not use software from the company that is storing your files. Doing so makes it harder to switch file storage companies and is always going to be suspect in terms of security.
Make sure your files are compressed and encrypted before they are sent over the Internet.
Check that the file storage company makes backups of your files, preferable at a different location.
Off-site backups have their place, but so to do local backups.
Michael Horowitz
It has a lot of foolish opinions such as "I don't like backup services that run constantly in the background." That's exactly the reason why Mozy offers more protection than traditional backup, because it backs up your files much more frequently. The backup strategy in this industry is moving in this direction, including backup for datacenters and corporate servers.
Let's see the other opinions:
1) "I don't like my computer doing stuff without me knowing about it". - Well, your computer is doing a LOT of stuff you don't know ALL the time, believe me.
2) "...my preference would be for a mature product. Something that's at version 11 and has been around for years" - How can the software industry thrive if everybody believes that only products with many years old are good. You can find lots of new products which are very good. And also you can find old products, with many versions, that are bad. I think everybody knows what I am talking about! :)
3) "Mr. Mossberg's description of the Web-based interface failed to point out that it can't be used for making backups, only for restoring files" - How are you going to use the web interface to make backups, if the files are in your computer and the web is interfacing you with the Mozy servers??
4) "If you delete a file by accident and don't notice it, Mozy will delete the backups of the file too" - The purpose of a backup service is not to save your old files, but to protect the current files. Every backup software does the same thing. This is how backup software should work. That's why you have versions. This is the same strategy that corporations use for their backups. The only difference is that they can keep versions forever. But, let me repeat myself, the purpose of a backup service is not to save your old files, but to protect the current ones.
5) "Even if you choose the encryption password, you are trusting the Mozy software not to externalize it, either on purpose or by accident. When it comes to backing up sensitive files, there is no place for trust in the equation." - Of course trust is part of the equation. Are you going to backup your precious files with a company that you don't trust? Anyway you can use their encryption key or you can generate your own, using their software. This looks fine for me. How are the other companies doing this? Are they different? But if you really need to encrypt your files without Mozy software, you can use a a product from another company. You encrypt them first, and then backup the encrypted files. I can suggest TrueCrypt, for example (http://www.truecrypt.org/).
6) "When it comes to restoring files, Mozy can be slow" - In my experience, using the Mozy desktop software, I can start recovering the files right away. Only when I use the web interface I have to wait for the files to be ready to restore.
7) "There are a couple things I don't like about the way Mozy backs up files. For one, their software copies open and locked files. No thanks, I prefer my files closed and unlocked when they are backed up." - This is one of the most absurd opinion I?ve ever seen in my life about backup software. This is a feature that used to exist only on advanced backup software. In the past you had to pay high to have this feature. This is SO useful, that only someone that knows nothing about backups can say such a foolish thing.
8) "They try to be smart about it and only back up the pieces of a file that changed, a feature they call 'block level incremental backups'. I'm a pessimist, and this strikes me as just something else that can go wrong. I prefer my backups simple, and backing up pieces of files and later putting all the pieces together, is complicated." - The previous opinion was one of the most absurd opinions. Well, this one is the same! It is *so* absurd that I had to read it many times to believe my eyes! Sorry, but the guy simply doesn't understand how software works. This is also an advanced feature, so useful that keeps the bandwidth low and makes backups faster. And it's not complicated at all to put all the pieces together.
It is really incredible that CNET has a blog at his level, so amateurish. It lacks a lot of computer science knowledge and helps nothing their users.
The DVD finally did arrive on Tuesday, however, I paid for 16.9 GB of data and they only sent me 8 GB of data. They forgot the biggest file, the Outlook file and this is what I wanted! I called them and I was on hold for 20 minutes, only to be disconnected. Called back and 10 more minutes on hold. Finally I went to live support and Rex tried helping me. He was doing a good job and he had someone from Mozy call me which they did. They claim they have the file I am looking for an will burn another DVD and send it to me. However, they said they missed the UPS pickup and it would not go out until Wed and I would not receive it until Thurs. When they called me, it was 4:30 their time. I informed her that the CD ws sent via Fed Ex not UPS and that UPS is available until 8:00 to drop off shipments. Mozy told me that they are in the middle of nowhere and could not call Fed Ex to pick it up. I asked if someone there had a car and could drive it to a Fed Ex drop off box and she told me no. Now I will not get my DVD until Thursday and our employee who needs the data, will be out of town for a few days come Thursday and he will not have the information he needs thanks to Mozy.
We pay between $75 - $100 per month for backup only to be charged $75 for a restore DVD which they take a week to send. Wish we would have done with Carbonite.
Comments like this are simply mind bloggling.
""There are a couple things I don't like about the way Mozy backs up files. For one, their software copies open and locked files. No thanks, I prefer my files closed and unlocked when they are backed up.""
are you kidding me?
Unfortunately, the author has little or no insight about backup. I am using Mozy before the posting date of this article and many of the service problems illustrated here is far from the reality.
Mozy is designed to automate the backup and to attack the "lazy user" problem. That's why it insists running on the background. But any poweruser (obviously the author is not one) can put Mozy into a manual mode with little environment and configuration changes.
Criticizing the deleted data retention policy of Mozy, clearly shows that the author has no idea about what "backup" means. Mozy is not a remote storage service, neither an archive. It's a simple synchronization policy based "backup" service.
BTW, author never talks about the binary delta capability of Mozy. This is a very advanced backup methodology which can dramatically reduce the required bandwidth between the client and server. For example if you just change a 128kbyte of your big 2GB file. Only 128Kbyte plus some overhead will be sent to server as "delta". Won't resend the whole 2GB file. Mozy stores that "deltas" or "patches" and thus let's you to reach a previous versions of any file within a 30-day time frame. And this exactly why restore operation is not real-time and you've to wait.
C'mon C|Net. Your reader base deserves much more educated and expert authors. Publishing rants about services with litte-to-no knowledge is for crappy personal blogs. That shouldn't be the style of C|Net.
Possibly this service works well if you don't have much to back up. But what's the point of subscribing to a service offering unlimited backup space if that backup space simply cannot be used due to poor software design? Perhaps it was naive of me to expect to be able to back up 90 gb of files, but if that's the case, shouldn't Mozy be honest about its limitations rather than advertising itself as offering unlimited space, when in fact it does not?
The RAM usage is another problem that has been mentioned here. Why Mozy eats up huge amounts of RAM and slows everything else to a crawl is beyond me. But it does. So even if a big backup works perfectly, you might be losing a fair amount of productivity to it.
However, I am quite amazed that CNET allows content like this to be published. Its full of mis-information.
If back up software waited for files to be "closed and unlocked" it would be waiting for a very long time. Operating system files are locked by nature. It wouldn't be able to back up everything and would be an inferior product.
As far as criticising the block level backup.... Are you completely insane?
Lets say you have a 2.8GB (average size) PST file for outlook. Get one new email, and mozy needs to backup on the .2kb and its done. If it followed your ridiculous example it would have to upload and entire 2.8gb file every, single, time.
This isn't a complaint about your criticism of Mozy, its a rant about your completely uninformed, misleading reporting. This is a great shame as being posted on a reputable site people will read it and take it as Gospel. Go find another job I say Ed Foster.
I saw that I can get 250 GB of storage space for $60 per MONTH. GIven the discount coupon I have for Mozy, that's more than I'd pay for a YEAR of Mozy for UNLIMITED storage space!
In other words, oh sure, there may be Mozy alternatives that are superior in some ways, even some substantial ways, but shall we mention affordability? Dare I mention it? Not everyone is independently wealthy. Do you people criticize Kia automobiles and tell everyone they should just use BMWs instead?
-
by jensantg
July 23, 2008 9:24 PM PDT
- I agree that the original post shows that the writter does not have enough knowledge on online backup solutions. However, the point that "encryption is not adequate if the users let Mozy to choose the key" is correct.
-
Reply to this comment
-
See all 31 Comments >>When it says Mozy can "help", that means it can decrypt your data any time.
Some software do not offer this "help", just because it is non-sense on security.