Protecting A Usb Handydrive (internet Cafe's, Etc.)

[Veazer]

Anyone have any good ideas for protecting a USB flashdrive from malicious behavior like viruses when it's used in other PCs?

My GF was always bringing home viruses everytime she goes to the internet cafe (!@#$ Godzilla virus!!!). She's also had problems where sometimes a script on the cafe PC erases all her stuff. I know some thumbdrives have a write protect feature but this is just a cheapo model that doesn't have that. It's generally just an annoyance since NOD32 catches them but she's also transferred viruses to friend's PCs before.

My solution was to format the drive as NTFS and create a blank autorun.inf that only allow administrators from my PC can modify (using NTFS security and ownership). I created a single folder with write access and this is the only folder that can be written to or changed on the drive from PCs other than mine. Of course any reasonably smart script could just re-claim ownership of the other files and folders if the cafe lets people login as admin but so far it seems to work.

NTFS also slows down the drive tremendously, literally half the speed of FAT32 on my drive. And it means i can't swap files with Mac friends. Anyone have a more elegant solution?

On a side note, why is NTFS so <deleted> slow on flashdrives?

[A_Traveller]

On a side note, why is NTFS so <deleted> slow on flashdrives?

Because it's semi-journaled

Regards

[A_Traveller]

Might be worth going to the link below and reviewing software, such as ClamWin.

Regards

http://portableapps.com/

[Simmo]

My solution was to format the drive as NTFS and create a blank autorun.inf that only allow administrators from my PC can modify (using NTFS security and ownership).

Hold down shift when you insert a cd-rom or flash drive. Turns off autorun.

[lmponder]

My solution was to format the drive as NTFS and create a blank autorun.inf that only allow administrators from my PC can modify (using NTFS security and ownership).

Hold down shift when you insert a cd-rom or flash drive. Turns off autorun.

You can turn off autorun on your PC through the local security policy as well. Especially if you don't know where the USB drive has been. That is what I do. I don't want any USBs or CDS starting by themselves when I stick them into my PC. I use USB for data only so there is no chance of getting a virus that way.

Liam

[Veazer]

My solution was to format the drive as NTFS and create a blank autorun.inf that only allow administrators from my PC can modify (using NTFS security and ownership).

Hold down shift when you insert a cd-rom or flash drive. Turns off autorun.

You can turn off autorun on your PC through the local security policy as well. Especially if you don't know where the USB drive has been. That is what I do. I don't want any USBs or CDS starting by themselves when I stick them into my PC. I use USB for data only so there is no chance of getting a virus that way.

Liam

It's disabled on my machine using TweakUI because I don't like autorun (or autoplay) either. The reason I was aiming to create a 'locked' autorun.inf is to protect the other PCs she uses the drive with. I wanted to prevent infected machines from changing the flashdrive to be an "autorun virus spreader".

I've been investigating NTFS a bit more and it appears like journaling is disabled by default for external drives. Here's an example from my machine. Drive C is internal of course, drive G is a thumbdrive and drive Z is an external 200gb drive on a USB interface:

C:\>fsutil usn queryjournal c:
Usn Journal ID   : 0x01c6a6585ac0e844
First Usn		: 0x000000007f600000
Next Usn		 : 0x0000000085a00f38
Lowest Valid Usn : 0x0000000000000000
Max Usn		  : 0x00000fffffff0000
Maximum Size	 : 0x0000000006400000
Allocation Delta : 0x0000000000040000

C:\>fsutil usn queryjournal g:
Error:  The volume change journal is not active.

C:\>fsutil usn queryjournal z:
Error:  The volume change journal is not active.

I can enable journaling on the externals if I really wanted:

C:\>fsutil usn createjournal m=1000 a=100 g:

C:\>fsutil usn queryjournal g:
Usn Journal ID   : 0x01c7799ba295d56e
First Usn		: 0x0000000000000000
Next Usn		 : 0x0000000000000000
Lowest Valid Usn : 0x0000000000000000
Max Usn		  : 0x00000fffffff0000
Maximum Size	 : 0x0000000000100000
Allocation Delta : 0x0000000000040000

So if journaling is not the cause of the performance hit, i wonder what is... and btw i do have NtfsDisableLastAccessUpdate enabled to speed up NTFS a little.

[A_Traveller]

All journaling elements within NTFS cannot be switched of even at the registry level, so though it may not be the only reason there will be a performance impact.

Don't see what your asking here now, the original question was how to secure a USB stick if used, presumably as a sneaker net between computers, and I would have thought that portable apps would be a probable solution, alternatively buy a read only device.

Regards

[Veazer]

All journaling elements within NTFS cannot be switched of even at the registry level, so though it may not be the only reason there will be a performance impact.

Don't see what your asking here now, the original question was how to secure a USB stick if used, presumably as a sneaker net between computers, and I would have thought that portable apps would be a probable solution, alternatively buy a read only device.

Regards

Can u point me to some info about not being able to turn journaling off? I'm trying to find more info about this and the little bits I can find seem to suggest that it can be. I know it's possible on OSX, but of course that's a whole different file system.

I guess at this point I'm stuck trying to see what can be done to speed up NTFS on Flash RAM devices at this point, none of the other options really suit the bill. Clamwin and other portables apps might help prevent the viruses from being transmitted to the stick but existing scripts could still erase her data off the drive.

As I mentioned before, I know reducing the ownership & permissions of a folder to only the user&pc it was created on isn't a perfect solution since a smartly written script could just change ownership before doing its damage. At the moment, it's far better than having no security with FAT32. The best FAT32 can offer is "read only" status which achieves almost nothing.

I agree that I could buy a device with a write-lock, i'm just trying to do the most with what i have.

[andrewbkk]

Might be worth going to the link below and reviewing software, such as ClamWin.

Regards

http://portableapps.com/

Clamwin is irritating junk.

You best bet is either to buy a new thumb drive with a lock (which will cost a few hundred baht at most), or simply to accept that viruses will creep into your drive and then clean them when you get back home.

Edited April 10, 2007 by andrewbkk

[A_Traveller]

Can u point me to some info about not being able to turn journaling off?

The file system itself is journaled, this is why there is a performance hit

Clamwin and other portables apps might help prevent the viruses from being transmitted to the stick but existing scripts could still erase her data off the drive. Suggestion made on the basis that it would be easy to graft onto the situation but it's not an app I've used.

I agree that I could buy a device with a write-lock, i'm just trying to do the most with what i have. Understand but given the wheel-spin being caused a small purchase would reduce your risk and to be frank that is what I advise in this situation

[Firefoxx]

Turning off autorun would work, but only at home. The computers at cafes/etc, which are already infected, will still transfer the virus to the thumbdrive if it's not write-protected. A write protected thumbdrive would also be useless for actually transferring files from the cafes/etc.

I see these thumbdrive virii a lot more often than any other kind these days, probably because of the fact that they are so hard to prevent spreading.