Skip to content

Hardening Flash Drives

USB FLASH DRIVES are constantly getting smaller and cheaper. They’re a great convenience for an increasingly mobile work force. But they’ve also become another weak security link in the computing environment.

According to a recent Forrester Research study, 52 percent of organizations say they’ve suffered data loss via flash drives and other portable media. In February, Trend Micro’s free online virus scanner, HouseCall, detected about 35 million infections related to portable storage, primarily flash drives. That compares to under a million one year earlier.

One solution involves having a policy whereby drives must first be inserted in a “dummy” terminal, which scans them before they are connected to the networked computers. Trend Micro Senior Threat Researcher Ivan Macalintal says that he has seen this policy implemented effectively at several companies.

Technology can help combat this growing threat. Some thumb drive vendors have been tacking on new defenses, such as onboard antivirus (AV) scanning and virtual keyboards to thwart key loggers.

SanDisk of Milpitas, California, began offering the full McAfee scanning engine on some of its drives last year. “It allows employees to have access to data everywhere and yet be fully protected,” says Roy Ramati, vice president and general manager of SanDisk’s Enterprise division.

The SanDisk product automatically scans both the host computer and the contents of the flash drive. If malware is detected in the host, the device won’t permit data to be copied back to the drive.

Another major secure drive maker, Iron Key of Los Altos, California, recently partnered with McAfee. Iron Key also added a virtual keyboard to its device’s logon screen, after spending several years researching the behavior of key loggers before adding the feature, says Steve Ryan, senior vice president of business development.

Many key loggers can snap a photo during each mouse click; occasionally programs can videotape everything on the monitor. After each click, Iron Key’s keyboard turns white for a nearly imperceptible moment, which would inhibit the effectiveness of any key logger.

For drives without these new safeguards, there are some immediate steps IT administrators and home users can take to drastically cut their risk of infection.

One of the most common reasons malware has been spreading has to do with Windows’ Autorun feature, according to security researchers. Many new forms of malware copy themselves onto a USB drive and create a file called Autorun.inf. This file then instructs malware to automatically execute when it enters an Autorun-enabled computer.

This risk can be significantly reduced by turning computers’ Autorun feature off. This isn’t simple and involves placing a string of commands into a system’s command prompt. Two organizations, Symantec and United States Computer Emergency Readiness Team, have relatively simple instructions that IT administrators and individuals can follow to disable the function.

Another step is to run a regularly updated AV product on a computer, says Macalintal. Some of the better known AV-scanning engines also include behavior-based protection that should recognize and stop much of the malware coming from a USB drive, he says.