Why USB Sticks Are Dangerous & How To Protect Yourself

Dangerous USB Sticks Intro   Why USB Sticks Are Dangerous & How To Protect YourselfUSB drives are so pervasive in today’s world of technology, but when they first debuted, they revolutionized data exchange. The first USB flash drives had an 8MB capacity, which isn’t much by today’s standards, but a far cry better than the alternatives – the 1.44MB floppy or the CD that required permanent burning. Nowadays we have USB drives that are larger than traditional hard drives.  But for all the convenience and power of the USB drive, there are some serious USB drive danger to be wary of.

The ubiquity of the USB drive has made us overly trusting of the technology. We plug them in, pull them out, and plug them in again without a second thought to issues of security and protection. And I’m not just talking about “safe ejection” to prevent data corruption. I’m talking about viruses, malware, and all of those pesky nuisances that love to infect every corner of our systems.

Unfortunately for us all, we need to be diligent about USB security just as much as we are about hard drive and network security. Keep reading to learn more about this problem and how you can adequately guard yourself against it.

USB Drives Are Like Mosquitoes

When we hear about network and computer safety, we often hear tips and tricks that are somehow related to the Internet. Don’t click random email links. Don’t visit shady websites. Keep your firewalls up and your antivirus databases updated. Use safe passwords and stay vigilant against keylogger infections.

Now consider this scenario: a high-security headquarters where lots of confidential work with sensitive data is being done. Places like this are often isolated from the Internet, instead relying on a closed-circuit intranet for data sharing and communication. And when you consider a place that’s completely severed from the malice of Internet hackers, you’d think the security would be top-notch.

usb danger 0   Why USB Sticks Are Dangerous & How To Protect Yourself

And in reality, the security is good. It’s near impossible to hack or corrupt an internal network like that without performing the kind of impressive stunts that you’d see in the next Mission Impossible. Yet even so, hackers were clever enough to find ways to infiltrate secure compounds from a distance: by infecting the very USB drives that employees would use to transfer files from outside to inside the building.

There are plenty of cases where viruses piggybacked onto USB devices in order to spread like wildfire across the world. Remember the dreaded Conficker worm? The United States military ended up having some trouble with the agent.btz worm that was brought in through an infected USB drive. And more recently, there was the cyber-weapon Stuxnet worm.

And so, USB drives are like mosquitoes. They have the potential to pick up infections when plugged into an infected computer and they can spread those infections almost instantaneously as they’re plugged into other devices. This is why it’s so important that you keep not only your computers clean but your USB devices as well using regular scans and antivirus programs.

USB Disk Security

usb danger 1   Why USB Sticks Are Dangerous & How To Protect Yourself

USB Disk Security is a tool from Zbshareware Lab that is as close to an all-in-one USB protection suite as you can get. It provides a whole host of features and safety options to keep you as protected as you can be in all things related to USB drives. Most USB security tools will focus on the USB drives themselves, but USB Disk Security goes way beyond that.

USB Disk Security has the following features:

  • USB Shield, which protects you in real-time against connected USB devices.
  • USB Scan, which scans connected USB devices for malicious software.
  • USB Access Control, which prevents your computer data from being copied to USB devices.
  • USB Drive Control, which prevents USB devices from even connecting to your computer in the first place.

USB Disk Security supports Windows XP, 2003, 2008, Vista, and 7, but it may interfere with other antivirus programs already installed on your system. It’s free with limited features. A lifetime license will cost you $55 USD which unlocks all features and includes all future updates to the software.

BitDefender USB Immunizer

usb danger 2   Why USB Sticks Are Dangerous & How To Protect Yourself

As you might have surmised from the description of USB’s dangers, most viruses depend on automatically running when the USB drive is plugged into a computer. This is in large part determined by the presence of an autorun.inf file which, as the name suggestions, automatically runs upon connection.

BitDefender, a security software company that I’ve praised in the past, has a free tool called the USB Immunizer that immunizes your chosen USB device against malicious autorun.inf files by creating its own special autorun.inf file that cannot be deleted or replaced.

BitDefender USB Immunizer works on Windows XP, Vista, and 7 on USB devices that are formatted with FAT, FAT32, and NTFS file systems.

USB Dummy Protect

usb danger 3   Why USB Sticks Are Dangerous & How To Protect Yourself

The USB Dummy Protect program has an interesting theory behind the way it protects your USB devices. Long story short: viruses and malware require available memory space in order to exist on a USB drive, therefore, if you fill up a USB drive entirely and leave no space whatsoever, then viruses and malware can’t get on no matter what.

So that’s what USB Dummy Protect does. It creates a dummy.file file on your USB device that takes up every last bit of free space. When you want to remove that protection, you just delete the file. Easy. If you tend to transfer files to and from your USB drive frequently, this may not be the most elegant solution, but if you have a USB drive whose contents rarely ever change then this could be fantastic for you.

However, due to the way that FAT file systems are designed, this method will not work if your USB device has more than 4GB of free space (since file sizes in FAT systems have a maximum of 4GB). For NTFS drives, you shouldn’t experience any problems.

Conclusion

USB drive dangers require constant vigilance. You might use the same USB drive for years without a hitch, then one day you could grab a file off of your friend’s computer and end up infecting your home network with something serious. USB security is not often on the minds of computer users, even the tech-savvy ones, but as long as you are aware and take proactive steps against the potential spread of viruses that piggyback on USB devices, you’ll be all right.

If you have any other suggestions for software aimed at USB-related security, please share them with us in the comments.

Image Credits: Virus USB Via Shutterstock, Secure USB Via Shutterstock

The comments were closed because the article is more than 180 days old.

If you have any questions related to what's mentioned in the article or need help with any computer issue, ask it on MakeUseOf Answers—We and our community will be more than happy to help.

33 Comments -

MikeFromMarkham

Roboscan Internet Security Suite and Kingsoft Antivirus Free are perhaps two newer
and less well known security products, but both of them automatically scan USB devices whenever they are connected. I’ve tested both products myself and can report that this feature does work as advertised. I would not be surprised to see similar capabilities included in big name security products in the future.

Jonathan C

Some rather good ideas, but I’m a little confused as to why USB Dummy Protect is prevented from working on FAT partitions. If the partition is FAT, surely the program could not simply just detect that it is FAT and split the file into 4gb chunks, and still take up all the rest of the space on the USB stick?

Bro

If I’m thinking correctly FAT is the least secure file format for windows, so doesn’t using FAT kinda defeat the purpose of using USB Dummy if a virus doesn’t need permission to delete or alter its contents? Sure some viruses can change permissions, but any slight advantage could be the difference of being infected or not. I think that’s what the creator was going for, but I could be wrong.

Eric Jay P

many people should read this, as I always encounter people asking to help with their infected flash drives.

Keith Swartz

Good article, Joel. Many out there have nevefr considered not even one of the things you have put forth for thought & action. Thank you for writing this.

Joel Lee

Thanks! Glad you could benefit from it. :)

Gjergji Kokushta

DIY security measurement: create a folder named “autorun.inf”, put inside a dummy text file “readme.txt” – put a short text in it, usu. explain the reason why of this file and advise not to delete it.

Now you have a small package. Copy it in every USB drive, harddisk partition. Change folders attributes to hidden, read-only in every drive you put it in.

Usually USB viruses spread when USB is inserted and system runs USB using infected autorun.inf file which makes the virus to copy itself into your harddrive and also copies the infected autorun.inf.

By following the above instructions, the virus files may copy itself into your computer but it won’t run, because in your harddrive, you have a folder named autorun.inf and we know a folder is higher level from a file with the same name. The read-only attrib. makes it harder to delete the folder. Extra measurement is putting a file inside the folder. As we know, it’s harder to delete not empty folders.

Tom Potter

Where I work, there was a large problem of everyone’s flash drives getting infected. Our IT department would clean the computers, but since the USB’s all had the virus on them, all the computers would keep getting infected again, causing an endless cycle… I never saw what the virus did, but just the fact that it was infesting everything made me want to get rid of it. After investigating it, I became aware or what Gjergji Kokushta mentioned above, and made a batch file to check for, delete, and create the files Gjergji mentioned above, including read and write protecting them and also placing a detailed ReadMe.txt, as well as a copy of the batch file into the new READ ONLY and HIDDEN autorun.ini folder.

I will post the text of this batch file in the next post. Just copy and paste it into a new NOTEPAD document, and save it with the name KillAutorun.bat

Tom Potter

@echo off

REM WHAT DOES THIS BATCH FILE DO?
REM —————————–
REM There is a virus that transfers itself to flash drives, so it can attempt
REM to infect every computer you insert the infected flash drive into. The
REM virus uses a FOLDER named RECYCLER, and a TEXT FILE named autorun.inf
REM
REM KILLAUTORUN.BAT attempts to remove both the above mentioned folder and
REM text file. If it can successfully delete them, it then replaces them in a
REM way that prevents the virus from reinfecting the flash drive.
REM
REM To do this, a FOLDER with the name autorun.inf (instead of a TEXT FILE
REM of the same name, as before) is created. Likewise, a TEXT FILE named
REM RECYCLER (instead of a FOLDER of the same name, as before) is also
REM created. Since there can’t be a file and a folder of the exact same name
REM in the same folder, this stops the virus from being able to do what it
REM tries to do. This does not get rid of the virus if it is on your main
REM system though. It just prevents the virus from transferring to your flash
REM drives again, as long as you do the below to all of your flash drives.
REM
REM INSTRUCTIONS:
REM ————-
REM Put this file ( KillAutorun.bat ) into the root of the flash drive (not in
REM a folder), then double click it to run it. If either the autorun.inf file,
REM or the RECYCLER folder will not allow access, you need to first backup all
REM the files on the flash drive, format the flash drive, then put your files
REM back on after the format is complete. If you have to format the flash drive,
REM make sure to RUN THIS BATCH FILE FROM THE ROOT of the flash drive RIGHT
REM AFTER FORMATTING IT, so you don’t give the virus a chance to infect the
REM flash drive again.
REM
REM Last Updated: September 24, 2012
REM
REM Tom ( tpotter@pobox.com )

cls
echo.
if “%1″==”reset” goto RESET
if not exist RECYCLER goto MAKE_RECYCLER_FILE

:DEL_RECYCLER_FOLDER
echo Deleting the RECYCLER folder (if it exists)…
attrib -r -s -h RECYCLER /s /d
rd RECYCLER /s /q

:MAKE_RECYCLER_FILE
echo.
echo Creating the RECYCLER file, and making it read only and hidden…
echo > RECYCLER
attrib +r +h RECYCLER

:DEL_AUTORUN_FILE
if not exist autorun.inf goto MAKE_AUTORUN_FOLDER
echo.
echo Deleting the AUTORUN.INF file…
attrib -r -s -h autorun.inf
del autorun.inf /q

:MAKE_AUTORUN_FOLDER
if exist AUTORUN.INF\*. goto MOVE_BATCH_FILE
echo.
echo Creating the AUTORUN.INF folder, and making it read only and hidden…
md autorun.inf
attrib +r +s +h autorun.inf

:MOVE_BATCH_FILE
echo.
echo Moving KillAutorun.bat & KAReadMe.txt to the newly created autorun.inf folder…
@ copy KillAutorun.bat \autorun.inf\ >> NUL
@ copy KAReadMe.txt \autorun.inf\ >> NUL
goto END

:RESET
attrib -r -s -h autorun.inf
rd autorun.inf /S /Q
echo > autorun.inf
attrib -r -s -h RECYCLER
del RECYCLER
md RECYCLER
goto END

:END
echo.
echo Finished!
echo.
pause
echo.
echo If a message appears below, ignore it. Either way, no worries :)
echo.
if “%1″==”” del KillAutorun.bat >> NUL

Kirby

Aside from scanning USB drives using antivirus programs, I also tend to check the USB myself for infections. Viruses / malwares usually infect the computer once you open your USB via explorer so what I do is I open the USB using Winrar / 7 zip / Winzip. I then check on the existing files making sure that all hidden and system files are shown.

For example, I know I have file A, B and C on my USB drive then decide to copy file D from my friend’s computer. Once I check the USB on my computer using 7zip, I notice there was an additional file E. You can almost certainly guarantee that this is a virus and you can delete this file instantly using the 7zip without it infecting your computer.

The problem with this method is if
a) you don’t know what files are and should be in your USB drive .
b) your USB drive has so much content that you become lazy to check each and every directory.
c) a virus \ malware manages to infect your computer even though your using those archiving apps I mentioned. I never encountered such viruses so far though.

ken aquino

BItdefender usb immunizer is the best tool for flash drives.

null

Actually, the first flash drives were much smaller than that. I still have a 512K one around somewhere.

Maner

I’m using SecuSimple Protect My Disk. A good tool which does the job.

Lim3Fru1t

I never really thought about usb security. So thanks for making this article and make me realize something !

Muz RC

USB Dummy Protect hmm nice apps to give a test dude.. XD

Zhong J

As long as you don’t put any files you have no knowledge about in your USB then it should be fine.

Grr

nice article, but the name gives the impression that [all] usb drives are dangerous- as if they would attack us- so wear a protective gear.

Instead the article should read Use of usb drives could be dangerous, and ways to protect ……

midwest guy

My best defense? Sandboxie. Implement the forced folder feature in the paid version.

Manide

I have an 8GB USB drive with Trustport USB Antivirus. I bought the usb drive, but the antivirus came with it, with 1 year free license. Very good till now…

Chris Marcoe

Wow…what great info. the most important way to keep my home computers safe from bad bugs on a USB is to keep my son’s friends off the computer. I’m thinking the best way to do that is to use the access and drive control…

thanks for a great article.

Joel Lee

Kids can be reckless with technology. God only knows how many viruses and malware I unknowingly brought onto my old computers back in the day. Keep those USBs scanned and protected!

Chris Marcoe

My son’s friend thinks he is a hacker. But its mostly using cheat codes from various sites on the web. I have told my son,l those sites,l by definition, are full of hacks and cheats. its really not what I want on my computer.

Guy McDowell

In the late 90’s I read an article where a security company salted the parking lot with USB flash drives. The drives would automatically ‘phone home’ when plugged in. Something like over 40% of them got plugged into company hardware, despite a NO USB Drive policy.

If you’re a Sys Admin, you need to be aware of this.

Joel Lee

LOL. I’ve never heard of that but it’s hilarious… in a facepalm sort of way. It’s amazing how many people act without really thinking about the repercussions.

Clyde Atwood

I have Avira Antivirus Premium which automatically blocks all autorun.inf files.

Do you think this is enough protection?

Joel Lee

Autorun protection is good to protect against a lot of USB-related malware, but I’m hesitant to say that it’s “enough” simply because you never know when someone will devise a new type of virus that doesn’t use autorun. I suppose for everyday use, autorun protection is great.

munkyBeatz

Will add that the viruses/etc that generally add themselves to a USB device tend to piggy back on moves that you make; meaning when you move say a zip it incorporates writing to the drive when you access it. Also, your antivirus is only as good as it’s definitions, viruses are ever evolving and if you don’t update your virus software regularly, preferably daily, it can’t protect you.

Nick

It’s so true that USB drives are inherently (and increasingly) prone to spreading viruses.

Scanning is nice, but there’s a simple, foolproof measure that works even better: a physical write-protect switch. Most of the time you’re plugging in just to transfer from your drive to the computer, not vice versa. So just flip the switch unless you need to write.

It’s amazing that it’s only gotten harder to find a drive with such a switch, though. I only know of a few companies, like Kanguru, that still offer it.

Joel Lee

I’ve actually never seen a USB drive with a write-protect switch. That brings me back to the old days with floppy disks that had similar switches. I would like to see more of that, yeah.

Steve Stallings

Why no mention of Windows 8?

TysonChamberlin

Thanks, this is very helpful :)