Before the ’Net, the primary vectors for spreading computer viruses were floppy disks. Nowadays, floppies are so rare that black hat hackers ignore them. As a result, we tend to focus our attention and defenses against malware threats from over the Internet. But a new portable storage medium has replaced floppies as a threat: USB flash (a.k.a. “thumb”) drives.
Cheap, with easy portability and far larger capacities, flash drives have become a favorite for carrying files around. The problem is anything that can carry and transmit data can also carry and transmit malware.
A few months ago a large UK company performed a corporate systems security check. They deliberately infected several flash drives with a benign virus and left these lying around company premises. Not surprisingly, several employees picked up the drives and plugged them into their computers’ USB ports. The program on the flash drives was triggered by the Windows auto- play function and reported when and which computers were infected to the IT security audit team.
The company subsequently conducted a full-scale, in-house educational campaign on the dangers of flash drives. Most of us could benefit from these lessons as well.
Flash Drive 101
Flash drives can be infected with malware, even new ones. A highly reputable computer company found that some of its USB devices had been infected at the factory. A good, simple rule of thumb is to reformat flash drives before using them.
But won’t anti-virus programs detect an infected flash drive? Maybe. Sometimes. Make sure your anti-virus definition data is up to date. Then it’s always a good idea to first do a virus scan on any flash drive plugged into your computer.
However, you may not have time to scan the drive if it automatically runs when you insert something into it. Though it may be a bit inconvenient if your audio CDs or DVDs don’t play automatically, for your peace of mind it’s definitely a good idea to disable auto-run or auto-play in Windows. You can right-click on the drive in Explorer and check the “Properties” and “Autoplay” tabs to disable this feature. You can find more detailed instructions by Googling “disable autoplay” or “disable autorun.”
When looking at the data on a flash drive, if you see a file named “autorun.inf” or any files ending in “.exe” or “.com” DELETE AT ONCE as there is usually no good reason to have executable programs on a removable drive.
Do you automatically boot into Windows without having to provide a user name and password? If so, then you are running Windows in “Administrator Mode,” which is very dangerous as it allows you or a virus to do real damage to your computer setup.
The best solution is to create an ordinary User (not Admin) account and do most of your work and surfing using this account. This way, even if a virus manages to penetrate your defenses, it will not be able to install itself successfully. You should use Admin Mode only if you are installing or removing software and hardware.
What if you’re fairly certain that your computer and removable drives are clean but your flash drives tend to get infected when you plug them into other computers? Some flash drives have a hardware switch that makes them “read only.”
Format In 6 Easy Steps
You can also make a flash drive “read only” by first reformatting as NTFS then setting security permissions. The default formatting on flash drives is the “FAT” file system used by DOS and Windows 95/98, which allows anyone to read and write to the drive. By formatting the flash drive as NTFS, you can then right-click on the drive and set “Security” options in “Properties.” Do the following:
1.First, log on in Administrator Mode and format the drive as NTFS;
2.Right-click on the newly formatted drive, in Properties > Security add a “user” and give this user “Full Control”;
3.Log out of Administrator Mode, and log in as the “user” you previously chose;
4.Right-click on the drive and in Properties/Security give the “user” ownership of the drive and all its folders;
5.Still in Properties/Security, remove (uncheck) the “Full Control,” “Modify,” and “Write” options for “Everyone”;
6.Optionally, you can also create a new folder on the drive and change its security permissions so that “Everyone” can write and modify only to that sub-folder.
Even if some of these security precautions may seem too technical, implementing as many of them as possible helps reduce the risk of malware infection. As always, staying informed and being aware is the first
line of proactive defense.
print ed: 06/09