Fog Creek Software
Discussion Board




Read-only USB?

With the rash of stories like this one:

http://www.cnn.com/2004/TECH/internet/07/13/britain.mod.reut/index.html

Which talk about USB Devices, like the iPod, being banned from workplaces, I had a thought. Is there a way to use a policy to prevent users from writing to USB devices? In this way, people could bring in USB devices with songs or whatever, which would be read-only, similar to them bringing in the songs on CD. Is that even doable?

Cory

CF
Tuesday, July 13, 2004

http://www.reflex-magnetics.co.uk/products/disknetpro/page3

Not sure if it's what you want, but you might be interested.

S.C.
Tuesday, July 13, 2004

In a word, epoxy.

Googlefied PDF-> HTML @ http://216.239.39.104/search?q=cache:x7Rcbs4hNFIJ:cerberus.sourcefire.com/~jeff/papers/atstake/usb_hardware_token.pdf+usb+epoxy&hl=en

Greg Hurlman
Tuesday, July 13, 2004

Ummm how does read only stop what's being read being copied?

Simon Lucy
Tuesday, July 13, 2004

Simon:

The problem isn't generally them bringing in problems (although I guess that could be as well) it is that they don't want them taking information out. It is more of an issue for secured areas.

I'm not an administrator or even in the situation, but was more interested to see if that could be a solution to the issues they keep bringing up. Of course, the security folks also put out an alert about the winning Coke can for their summer promotion because it contained a Cell Phone and GPS receiver, and they wanted to make sure that someone didn't go into a Top Secret meeting with one and activate it and give everything away.

CF
Tuesday, July 13, 2004

Ok, gotcha.

My mindset is locked into DRM.

Simon Lucy
Tuesday, July 13, 2004

> Is there a way to use a policy to prevent users from writing to USB devices?

If you mean a software-implemented policy, then the general answer is "no": because I think that you generally need to send data to a USB device, to tell it what data you want to read from it.

Perhaps it's enforceable by allowing specific USB devices that you trust are logically read-only (although they're physically read/write).

Christopher Wells
Tuesday, July 13, 2004

""With USB devices, if you plug it straight into the computer you can bypass passwords and get right on the system," RAF Wing Commander Peter D'Ardenne told Reuters."

?

How?

Also, why not just plug or pull the USB ports in critical systems? Or disable them with system policies?

I mean, if you ban iPods, then people just hide them, and you've gained nothing.

Philo

Philo
Tuesday, July 13, 2004

I just heard a story about someone picking up a virus from on their camera's memory card, by taking it to a kiosk in a store to be printed.  At first it sounded implausible, but then I thought about it.  Wouldn't it just require copying an autorun.inf file to the card?  Stick the card into your PC, the autorun does its business, and wham! you have a virus.

This could be what was meant by not needing a password.  The user has already logged in, so the virus doesn't need one.

Mark Ransom
Tuesday, July 13, 2004

Or he could just be technologically ignorant, and misinformed.  Or deliberately misinforming people. 

muppet from forums.madebymonkeys.net
Tuesday, July 13, 2004

Yeah, if I had to assign probabilities, misinformed/misleading would be high on the list.

Still, in the days before the internet, the floppy disk was the easiest way to spread a virus.  And USB devices have become the modern-day equivalent of the floppy disk.

Mark Ransom
Tuesday, July 13, 2004

My USB dongle has a R/O switch kind of like the old floppy switch/notch. Also, couldn't you set up the OS to only give the user R/O rights to the device?

MilesArcher
Tuesday, July 13, 2004

CF,
that sounded like a great idea for a product.. unforunately it's already been done (dammit!!):

http://www.protect-me.com/dl/

Steve H
Tuesday, July 13, 2004

> if you ban iPods, then people just hide them, and you've gained nothing

Philo you have far too much common sense, hand in your management badge immediately.


Wednesday, July 14, 2004

*  Recent Topics

*  Fog Creek Home