informa
Commentary

Simple USB Flash-Drive Protection

Sneakernet-borne viruses seemed like a thing of the past until we started having Conficker outbreaks. There has been other malware that targeted USB storage devices before Conficker, but for some reason none had been as effective at spreading...something that's likely attributable to the multipronged attack capability.
Sneakernet-borne viruses seemed like a thing of the past until we started having Conficker outbreaks. There has been other malware that targeted USB storage devices before Conficker, but for some reason none had been as effective at spreading...something that's likely attributable to the multipronged attack capability.Dealing with Conficker infections on USB flash drives became quite a pain for organizations of all sizes last year. I wrote about a few methods to help stop the spread of malware via USB flash drives back in February (see "Fight Malware With Software Restriction Policies"). Even with those safety measures in place, it didn't prevent USB flash drives from getting infected when they were used at a local print shop, stuck into a hotel kiosk, or used in some other poorly managed computer system.

It's amusing to see the faces of attendees in my Cyber Self Defense class when I start telling them about the insecurities around USB flash drives and the use of pay-by-the-minute Internet kiosks at hotels. The majority of them have never thought about the possibility that a virus could spread by one of those handy little "memory sticks" they carry around with them. Those who had thought about it did so only because they'd been victims in the past.

And Internet kiosks...forget about it. They don't like being told not to use their company e-mail from those things because who knows what keylogger or malware has been installed on it. We'll save that discussion for another day.

The reason I bring up USB flash drives is because there are some really simple methods of protecting those devices from infection in the first place. The most obvious is to not use them in machines you don't control, but that's not always easy.

The second is to use a "throwaway" flash drive that's not very big and most likely came free at a conference. If you don't want to throw it away after using it in someone else's machine, then use a Linux machine to wipe it and reformat it before using it again. The problem here is users don't have Linux machines just lying around, so they'd have to rely on their IT department to handle it, which may not be that reasonable.

The final solution is the easiest and most practical. Buy a USB flash drive with a write-protect switch and flip it to write-protect mode before sticking it in an untrusted computer. The last few times I've mentioned this to users, you'd think they'd been slapped: Most had never seen a flash drive with that feature, and because the concept was so simple. Heck, it's a throwback to the floppy disk protection days with tabs and switches.

Not sure where to find USB flash drives with write-protect switches? Just do a quick search on Froogle and you'll find plenty of all sizes. They're handy for more than just transferring files (i.e., incident response).

John H. Sawyer is a senior security engineer on the IT Security Team at the University of Florida. The views and opinions expressed in this blog are his own and do not represent the views and opinions of the UF IT Security Team or the University of Florida. When John's not fighting flaming, malware-infested machines or performing autopsies on blitzed boxes, he can usually be found hanging with his family, bouncing a baby on one knee and balancing a laptop on the other. Special to Dark Reading.

Recommended Reading: