Veazer Posted April 7, 2007 Share Posted April 7, 2007 Anyone have any good ideas for protecting a USB flashdrive from malicious behavior like viruses when it's used in other PCs? My GF was always bringing home viruses everytime she goes to the internet cafe (!@#$ Godzilla virus!!!). She's also had problems where sometimes a script on the cafe PC erases all her stuff. I know some thumbdrives have a write protect feature but this is just a cheapo model that doesn't have that. It's generally just an annoyance since NOD32 catches them but she's also transferred viruses to friend's PCs before. My solution was to format the drive as NTFS and create a blank autorun.inf that only allow administrators from my PC can modify (using NTFS security and ownership). I created a single folder with write access and this is the only folder that can be written to or changed on the drive from PCs other than mine. Of course any reasonably smart script could just re-claim ownership of the other files and folders if the cafe lets people login as admin but so far it seems to work. NTFS also slows down the drive tremendously, literally half the speed of FAT32 on my drive. And it means i can't swap files with Mac friends. Anyone have a more elegant solution? On a side note, why is NTFS so <deleted> slow on flashdrives? Link to comment Share on other sites More sharing options...
A_Traveller Posted April 7, 2007 Share Posted April 7, 2007 On a side note, why is NTFS so <deleted> slow on flashdrives? Because it's semi-journaled Regards Link to comment Share on other sites More sharing options...
A_Traveller Posted April 7, 2007 Share Posted April 7, 2007 Might be worth going to the link below and reviewing software, such as ClamWin. Regards http://portableapps.com/ Link to comment Share on other sites More sharing options...
Simmo Posted April 7, 2007 Share Posted April 7, 2007 My solution was to format the drive as NTFS and create a blank autorun.inf that only allow administrators from my PC can modify (using NTFS security and ownership). Hold down shift when you insert a cd-rom or flash drive. Turns off autorun. Link to comment Share on other sites More sharing options...
lmponder Posted April 7, 2007 Share Posted April 7, 2007 My solution was to format the drive as NTFS and create a blank autorun.inf that only allow administrators from my PC can modify (using NTFS security and ownership). Hold down shift when you insert a cd-rom or flash drive. Turns off autorun. You can turn off autorun on your PC through the local security policy as well. Especially if you don't know where the USB drive has been. That is what I do. I don't want any USBs or CDS starting by themselves when I stick them into my PC. I use USB for data only so there is no chance of getting a virus that way. Liam Link to comment Share on other sites More sharing options...
Veazer Posted April 8, 2007 Author Share Posted April 8, 2007 My solution was to format the drive as NTFS and create a blank autorun.inf that only allow administrators from my PC can modify (using NTFS security and ownership). Hold down shift when you insert a cd-rom or flash drive. Turns off autorun. You can turn off autorun on your PC through the local security policy as well. Especially if you don't know where the USB drive has been. That is what I do. I don't want any USBs or CDS starting by themselves when I stick them into my PC. I use USB for data only so there is no chance of getting a virus that way. Liam It's disabled on my machine using TweakUI because I don't like autorun (or autoplay) either. The reason I was aiming to create a 'locked' autorun.inf is to protect the other PCs she uses the drive with. I wanted to prevent infected machines from changing the flashdrive to be an "autorun virus spreader". I've been investigating NTFS a bit more and it appears like journaling is disabled by default for external drives. Here's an example from my machine. Drive C is internal of course, drive G is a thumbdrive and drive Z is an external 200gb drive on a USB interface: C:\>fsutil usn queryjournal c: Usn Journal ID : 0x01c6a6585ac0e844 First Usn : 0x000000007f600000 Next Usn : 0x0000000085a00f38 Lowest Valid Usn : 0x0000000000000000 Max Usn : 0x00000fffffff0000 Maximum Size : 0x0000000006400000 Allocation Delta : 0x0000000000040000 C:\>fsutil usn queryjournal g: Error: The volume change journal is not active. C:\>fsutil usn queryjournal z: Error: The volume change journal is not active. I can enable journaling on the externals if I really wanted: C:\>fsutil usn createjournal m=1000 a=100 g: C:\>fsutil usn queryjournal g: Usn Journal ID : 0x01c7799ba295d56e First Usn : 0x0000000000000000 Next Usn : 0x0000000000000000 Lowest Valid Usn : 0x0000000000000000 Max Usn : 0x00000fffffff0000 Maximum Size : 0x0000000000100000 Allocation Delta : 0x0000000000040000 So if journaling is not the cause of the performance hit, i wonder what is... and btw i do have NtfsDisableLastAccessUpdate enabled to speed up NTFS a little. Link to comment Share on other sites More sharing options...
A_Traveller Posted April 8, 2007 Share Posted April 8, 2007 All journaling elements within NTFS cannot be switched of even at the registry level, so though it may not be the only reason there will be a performance impact. Don't see what your asking here now, the original question was how to secure a USB stick if used, presumably as a sneaker net between computers, and I would have thought that portable apps would be a probable solution, alternatively buy a read only device. Regards Link to comment Share on other sites More sharing options...
Veazer Posted April 10, 2007 Author Share Posted April 10, 2007 All journaling elements within NTFS cannot be switched of even at the registry level, so though it may not be the only reason there will be a performance impact. Don't see what your asking here now, the original question was how to secure a USB stick if used, presumably as a sneaker net between computers, and I would have thought that portable apps would be a probable solution, alternatively buy a read only device. Regards Can u point me to some info about not being able to turn journaling off? I'm trying to find more info about this and the little bits I can find seem to suggest that it can be. I know it's possible on OSX, but of course that's a whole different file system. I guess at this point I'm stuck trying to see what can be done to speed up NTFS on Flash RAM devices at this point, none of the other options really suit the bill. Clamwin and other portables apps might help prevent the viruses from being transmitted to the stick but existing scripts could still erase her data off the drive. As I mentioned before, I know reducing the ownership & permissions of a folder to only the user&pc it was created on isn't a perfect solution since a smartly written script could just change ownership before doing its damage. At the moment, it's far better than having no security with FAT32. The best FAT32 can offer is "read only" status which achieves almost nothing. I agree that I could buy a device with a write-lock, i'm just trying to do the most with what i have. Link to comment Share on other sites More sharing options...
andrewbkk Posted April 10, 2007 Share Posted April 10, 2007 (edited) Might be worth going to the link below and reviewing software, such as ClamWin.Regards http://portableapps.com/ Clamwin is irritating junk. You best bet is either to buy a new thumb drive with a lock (which will cost a few hundred baht at most), or simply to accept that viruses will creep into your drive and then clean them when you get back home. Edited April 10, 2007 by andrewbkk Link to comment Share on other sites More sharing options...
A_Traveller Posted April 10, 2007 Share Posted April 10, 2007 Can u point me to some info about not being able to turn journaling off? The file system itself is journaled, this is why there is a performance hit Clamwin and other portables apps might help prevent the viruses from being transmitted to the stick but existing scripts could still erase her data off the drive. Suggestion made on the basis that it would be easy to graft onto the situation but it's not an app I've used. I agree that I could buy a device with a write-lock, i'm just trying to do the most with what i have. Understand but given the wheel-spin being caused a small purchase would reduce your risk and to be frank that is what I advise in this situation Link to comment Share on other sites More sharing options...
Firefoxx Posted April 11, 2007 Share Posted April 11, 2007 Turning off autorun would work, but only at home. The computers at cafes/etc, which are already infected, will still transfer the virus to the thumbdrive if it's not write-protected. A write protected thumbdrive would also be useless for actually transferring files from the cafes/etc. I see these thumbdrive virii a lot more often than any other kind these days, probably because of the fact that they are so hard to prevent spreading. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now