Pen drive write protection (software)

[Craig321]

I've got a pen drive which will travel with me everywhere containing spyware/virus removal tools etc. - over time it'll no doubt be plugged into a lot of machines with viruses and other problems.

I don't want the pen drive to be infected by these machines and potentially infect my computer. Is there any way to write protect the pen drive with some software?

Need to be easy to remove the write proection as well so I can update and add tools.

I've looked into the Windows registry edit, but that's a bit long winded and required you to modify the PC you're using the drive on.

Craig.

 

[Craig321]

Only problem with that is it's per-machine, so I'd need to remember to make that registry edit before I plugged the pen drive into the machine

 

[Craig321]

That's a hassle

DVD-R are big and inconvenient

 

[Craig321]

Mini DVD-R?

Nahh, rule out optical media all together. These utilities need to be updated at least weekly, if not daily. I can't afford that many DVDs/CDs.

In that case, the low effort version is a usb to sd card adapter, and use an sd card which has a write protection switch

I think that's ugly though...

Too ugly!

Surely there's a way to write protect a hard drive that doesn't involve that registry edit?

 

[Craig321]

About all I can think of is telling the computer not to write to the drive before plugging it in or booting from the drive. The drive itself doesn't have any software on it, if you force something through autorun there's always a risk that the computer will refuse to run the software.

How do you feel about booting ubuntu from the stick, copying utilities across, then rebooting? Windows isn't going to write anything to ext3 without considerable effort. Can probably do some maintenance from ubuntu as well, though I'm yet to work out how to run a virus scanner through wine

Thanks for all the suggestions by the way everyone

@JonJ678
Bit of a hassle really, especially if I'm just sticking the pen drive in to remove something simple (or maybe just installing some software).

 

[Craig321]

I fear you may have to compromise between security and effort, I'm just about out of ideas.

You could maintain an md5sum of each utility, when the drive gets home compare to see if any were compromised, and delete anything that isn't on the list of md5sums. Plus zero the remainder of the drive. Could script this in ubuntu, no idea how to do it in windows.

Easiest is probably reformat when finished with computer and put the files back on when you get home, tricky if dealing with several computers though.

I could do I guess, however if I'm going to multiple locations in one day I might not be able to re-format the drive and put the clean software back on. I can't risk carrying infections from one customer to another.

 

[Craig321]

could you just carry 2 pen drives ,use one, reformat it
then reinstall from your back up

There's still the problem of either not having time to restore the pen drive, or not having anywhere to do it. I'd need to have a PC to perform the restoration, and I might not have a laptop with me.

 

[Craig321]

I may have found a solution, and it'll be perfect if I can automate it (which shouldn't be too difficult).

Basically you create a file that completely fills up your pen drive (find out the remaining bytes and create a file of that size). The creation of the file is pretty much instant, in my case it's currently 13.9GB. This means nothing else can write to the drive because it's 100% full. I should be able to make this file read only quite easily just to make sure nothing removes it.

To automate this process I simply need a batch script that finds out the exact remaining bytes on the drive and creates a file that big.

For anyone that's interested the command is:

fsutil file createnew FILENAME filesize

e.g. fsutil file createnew big.txt 14930450944

Unfortunately that's not going to stop viruses deleting my files so it's not 100% protected, but it should stop your average virus modifying autorun and adding files to the pen drive.

 

[Craig321]

That doesn't prevent modification, only creation. The read only flag is more of a request these days too. If it's not done in hardware it can be bypassed, not that malware would ever bypass protections

It's not a perfect solution, but it's better than nothing. My pen drive doesn't have autorun.inf, so if something tries to create it it won't be able to.

Yes executables, documents etc. can still be modified, but at least I'm not going to go around infecting other machines due to viruses launching automatically.

If anyone's interested, I've made the script:

@echo off

for /f "tokens=3 delims= " %%a in ('dir /s/-c ^|find "bytes free"') do (set free=%%a)

fsutil file createnew dummyFile %free%

@pause

For some reason when I launch it from a batch file it says not enough disk space, I guess Windows does something when launching from batch. Works perfectly if you launch the batch file from command prompt.

I still need to test it properly

 

[Craig321]

I claim credit for the idea

for device /dev/sda, on /mnt/sda

dd if=/dev/zero of=/mnt/sda bs=4k conv=sync,noerror

will achieve much the same thing. It shouldn't be instant though, are you confident you aren't creating a sparse file?

md5sums might be worth considering as a means of checking whether the other files have been modified. I agree that this will make it difficult to write to the drive

Yes, I was wondering why it was instant as well, I guess it is creating a sparse file. I'll give the above command a go in some distro of Linux under VMWare

 

[Craig321]

Is there a progra that will take a list of MD5s and allow you to compare that set of files later?

 

[Craig321]

Manufacturers are beginning to bring write protected with a switch pen drives back to the market again.
Look for the PQI U339 Pro, it's a 16gb drive with a built in read only protect switch.

Good good. Is there any reason why they took the write protection switches out in the first place?

I've got a 16GB pen drive at the moment, so I don't really want to be buying another just yet, but I'll keep it in mind for next time.