I have been using Qubes OS for just over a year and half now and have not done any backups at all due to all the articles I have read about BadUSB as well as my lack of confidence as I don’t think I’ve done enough to avoid malware on my other devices and, if I’m understanding the articles right, I wouldn’t even be able to tell. I haven’t connected any external storage devices except for the USB I bought to install QubesOS. Now with 4.1 reaching EOL I need to quickly make a decision on how to I should backup before the upgrade. I have since used the install USB on other devices. Would it be worth buying a new USB drive just for the purpose of backing up before the upgrade? I haven’t setup a USB qube yet and don’t want to risk it without a backup as my only keyboard and mouse inputs are USB. I also have a NAS that has no internet access (occasionally connected for updates) though all my other less secure devices have already accessed and written to it. I also have blank DVDs I could use but no internal drive. Would have to be through either a USB optical drive or the NAS optical drive via iSCSI. Can the firmware of an external optical drive also be affected by BadUSB? What are the security implications of all these methods?
What are the security implications of not having backups of your data?
You need to balance the risks here.
If you are worried about USB, buy a new drive just for backup,
create a sys-usb, and use that drive only for backups as you suggest.
Creating encrypted backups and writing them to the NAS should be fine.
The fact that other devices have written to it should not be of concern
for the backups. Its unlikely that connecting to the NAS will
compromise your system, and since you’ll do this from a qube, the risks
are limited. Qubes will check the backup before using it on restore.
Using a USB optical drive gives the same risks as badUSB. Using the NAS
drive should be fine, with limited risk, I would have thought
It strikes me that almost any of these are better than running your
system without any backups. Personally, I would use the NAS, and write
secondary backups to a remote server or to the DVD.
I never presume to speak for the Qubes team.
When I comment in the Forum I speak for myself.