How to Use a USB Key to Deal With Security Threats
The other day I was pacing the aisles of the Old Bridge, New Jersey branch of Target. For those who haven’t been to one before, they’re essentially a big-box retailer who sell literally everything — clothes, electronics, food. You name it, they have it. One of the things they had on offer was USB sticks. You could get two 8GB ones for less than ten dollars. If anyone remembers the early 2000’s, when USB sticks were first released, you’re probably thinking this is amazingly cheap.
But why would you need one in 2016? Aren’t USB flash drives redundant? Haven’t they been replaced with online storage services like Dropbox, Spideroak, and OneDrive, as well as uber-cheap USB hard drives which store way more stuff?
I don’t think so. There are many situations where a USB drive can still come in handy, including keeping your computer secure. Here’s how.
As A Portable Security Suite
Every family has that one person who is regarded as the resident computer expert. This person will inevitably be called upon to do anything from troubleshoot Internet connections (apparently ISP helpdesks aren’t a thing), to setting up brand new cell phones.
In my family, I’m that guy.
It’s startlingly common for me to be asked to purge a family member’s computer of viruses and other malware. I hate this particular task, because it’s usually a tedious and uphill battle. These machines have been neglected. Often, they’re running long-discontinued Windows XP . They have scarcely seen an update or a patch, and they seldom have any security software installed.
Here an USB drive can come in handy, as you can install a number of ‘portable apps’ to it. These are applications that have been configured to run enclosed on a removable storage device, rather than on a specific computer.
The mecca of these is PortableApps.com, which contains hundreds of packaged apps. Many of these are popular open-source programs, like LibreOffice. Others are commercial ones.
PortableApps.com has a ludicrous amount of security software. You’ve probably already guessed that it has ClamWin AV, which is one of the most widely known open-source antivirus programs. But you’ll also find of HijackThis, which is used to remove browser hijackers; Kaspersky TDDSKiller which removes rootkits; Spybot – Search and Destroy; and McAfee Stinger.
Hardly cutting edge, but good enough for quick-and-dirty jobs.
As A Linux-Powered Anti-Virus Stick
Malware designers aren’t stupid. Not by a long shot. When they design a virus, they make it as difficult to remove as possible. They’ll block AV programs from updating their definitions, or even prevent them from running entirely.
Other malware programs, like ransomware , are designed so that their effects live on, long after they’ve been removed from the system.
There’s not much you can do about the latter, but a USB stick can prove helpful when dealing with hard-to-remove viruses. Certain Linux-based distros essentially allow you to clean your Windows PC without actually switching it on.
Probably the best known one is AVG Rescue CD [no longer available]. As the name suggests, it comes in a CD-ready ISO, as well as a compressed version designed for USB sticks. Once installed, it will mount all found NTFS and FAT32 partitions and scan for viruses. The best part? It’s totally free.
Romanian computer security titan BitDefender has their own antivirus Linux distro. Given that BitDefender is regularly ranked amongst the most potent antivirus programs on the market, the BitDefender Rescue CD is worth consideration.
There’s an inherent problem with the current password-based system of authentication. Simply put, if someone knows your password to a given service, they can log on as you. This wouldn’t be as bad, if it weren’t for the unfortunate fact that most passwords are dreadfully simple, and many attackers are adept at social engineering tactics.
One way people get around that is by using two-factor authentication (2FA) .
You might already be using it. It’s already available for many online banking and email services , like Gmail. Essentially, you’ll log on with a password. But before you are granted access to your account, the service will require you to input a second one-time password. This will either be generated by a hardware device, as is often the case with online banking, or by the service and sent to the user’s cell phone.
The aim behind it is that an attacker can know your password, but unless they have physically gained access to your cell phone or security-key generating device, there is no way for them to compromise your account.
But you can also use a USB device as the second ‘factor‘ in two-factor authentication. This has been available with Google Apps for a long time, as well with a few other services that support the U2F protocol.
I should probably do a bit of throat-clearing here. Your bog-standard USB key won’t do. It has to be a specific kind of key, designed for use in two-factor authentication applications. The most widely known of these is the Yubikey, which we’ve written about previously .
These look like a USB drive, but are essentially security-key generating devices. They don’t contain any storage, and they don’t need any drivers to work, as the computer will recognize it as an input device, like a keyboard and mouse. At under $20, they’re also affordable.
Some Obvious (But Important) Advice
If you’re using your USB drive as a security device, it’s worth pointing out two things.
Firstly, one of the ways malware propagates itself is by infecting USB drives (and other removable, writable storage devices), and copying itself from computer to computer. When using a USB stick as a tool to stay secure, it’s worth keeping this in mind.
It’s also worth adding that these keys shouldn’t be used to store your important documents and files, as they’re inserted into some rather unsavory machines. If you’re going to create your own portable USB security suite, then you’re best keeping it for that purpose.
Before we wrap up, I want to point out that if you’re just looking for an encrypted USB drive, there are some awesome models which come with onboard-encryption. In my professional life, I’ve used (and consequently recommend) the Kingston IronKey.
Not only is it really easy to use and set-up, but also its build-quality is really impressive. The only caveat is that it’s ludicrously expensive, with the 8GB model costing just shy of $215.00.
If your budget can’t stretch that far, look at the alternatives. Microsoft’s BitLocker (available with the Professional version of Windows 10) can be used to encrypt standard USB drives. As consumer-oriented encryption goes, it’s pretty good, and fairly easy to set up.
Have you got any security-oriented strategies for using flash drives? Tell me about them in the comments below!