Why USB Sticks Are Dangerous & How To Protect Yourself
Whatsapp Pinterest

usb drive dangerUSB drives are so pervasive in today’s world of technology, but when they first debuted, they revolutionized data exchange. The first USB flash drives had an 8MB capacity, which isn’t much by today’s standards, but a far cry better than the alternatives – the 1.44MB floppy or the CD that required permanent burning. Nowadays we have USB drives that are larger than traditional hard drives.  But for all the convenience and power of the USB drive, there are some serious USB drive danger to be wary of.

The ubiquity of the USB drive has made us overly trusting of the technology. We plug them in, pull them out, and plug them in again without a second thought to issues of security and protection. And I’m not just talking about “safe ejection” to prevent data corruption. I’m talking about viruses, malware, and all of those pesky nuisances that love to infect every corner of our systems.

Unfortunately for us all, we need to be diligent about USB security just as much as we are about hard drive and network security. Keep reading to learn more about this problem and how you can adequately guard yourself against it.

USB Drives Are Like Mosquitoes

When we hear about network and computer safety, we often hear tips and tricks that are somehow related to the Internet. Don’t click random email links. Don’t visit shady websites. Keep your firewalls up and your antivirus databases updated. Use safe passwords 5 Common Security Mistakes That Can Put Your Privacy & Money At Risk 5 Common Security Mistakes That Can Put Your Privacy & Money At Risk How vulnerable are you? Ask any person who’s been robbed if it came as a surprise - I guarantee you it did. As the saying goes, the thief always comes in the night when you’re... Read More and stay vigilant against keylogger infections Don't Fall Victim to Keyloggers: Use These Important Anti-Keylogger Tools Don't Fall Victim to Keyloggers: Use These Important Anti-Keylogger Tools In cases of online identity theft, keyloggers play one of the most important roles in the actual act of stealing. If you’ve ever had an online account stolen from you - whether it was for... Read More .

Now consider this scenario: a high-security headquarters where lots of confidential work with sensitive data is being done. Places like this are often isolated from the Internet, instead relying on a closed-circuit intranet for data sharing and communication. And when you consider a place that’s completely severed from the malice of Internet hackers, you’d think the security would be top-notch.

usb drive danger

And in reality, the security is good. It’s near impossible to hack or corrupt an internal network like that without performing the kind of impressive stunts that you’d see in the next Mission Impossible. Yet even so, hackers were clever enough to find ways to infiltrate secure compounds from a distance: by infecting the very USB drives that employees would use to transfer files from outside to inside the building.

There are plenty of cases where viruses piggybacked onto USB devices in order to spread like wildfire across the world. Remember the dreaded Conficker worm? The United States military ended up having some trouble with the agent.btz worm that was brought in through an infected USB drive. And more recently, there was the cyber-weapon Stuxnet worm.

And so, USB drives are like mosquitoes. They have the potential to pick up infections when plugged into an infected computer and they can spread those infections almost instantaneously as they’re plugged into other devices. This is why it’s so important that you keep not only your computers clean but your USB devices as well using regular scans and antivirus programs Free Anti-Virus Comparison: 5 Popular Choices Go Toe-To-Toe Free Anti-Virus Comparison: 5 Popular Choices Go Toe-To-Toe What is the best free antivirus? This is among the most common questions we receive at MakeUseOf. People want to be protected, but they don’t want to have to pay a yearly fee or use... Read More .

USB Disk Security

usb stick security

USB Disk Security is a tool from Zbshareware Lab that is as close to an all-in-one USB protection How to Password Protect and Encrypt a Flash Drive: 5 Easy Methods How to Password Protect and Encrypt a Flash Drive: 5 Easy Methods Need to create an encrypted USB flash drive? Here are the best free tools to password protect and encrypt your USB flash drive. Read More suite as you can get. It provides a whole host of features and safety options to keep you as protected as you can be in all things related to USB drives. Most USB security tools will focus on the USB drives themselves, but USB Disk Security goes way beyond that.

USB Disk Security has the following features:

  • USB Shield, which protects you in real-time against connected USB devices.
  • USB Scan, which scans connected USB devices for malicious software.
  • USB Access Control, which prevents your computer data from being copied to USB devices.
  • USB Drive Control, which prevents USB devices from even connecting to your computer in the first place.

USB Disk Security supports Windows XP, 2003, 2008, Vista, and 7, but it may interfere with other antivirus programs already installed on your system. It’s free with limited features. A lifetime license will cost you $55 USD which unlocks all features and includes all future updates to the software.

BitDefender USB Immunizer

usb stick security

As you might have surmised from the description of USB’s dangers, most viruses depend on automatically running when the USB drive is plugged into a computer. This is in large part determined by the presence of an autorun.inf file which, as the name suggestions, automatically runs upon connection.

BitDefender Stay Safe Online with the New Bitdefender Total Security 2013 [Giveaway] Stay Safe Online with the New Bitdefender Total Security 2013 [Giveaway] Bitdefender Total Security 2013 is packed full of features without the impossible learning curve. This thing is a gargantuan software package that has everything you’ll ever need when it comes to computer security. This week,... Read More , a security software company that I’ve praised in the past, has a free tool called the USB Immunizer that immunizes your chosen USB device against malicious autorun.inf files by creating its own special autorun.inf file that cannot be deleted or replaced.

BitDefender USB Immunizer works on Windows XP, Vista, and 7 on USB devices that are formatted with FAT, FAT32, and NTFS file systems.

USB Dummy Protect

usb drive danger

The USB Dummy Protect program has an interesting theory behind the way it protects your USB devices. Long story short: viruses and malware require available memory space in order to exist on a USB drive, therefore, if you fill up a USB drive entirely and leave no space whatsoever, then viruses and malware can’t get on no matter what.

So that’s what USB Dummy Protect does. It creates a dummy.file file on your USB device that takes up every last bit of free space. When you want to remove that protection, you just delete the file. Easy. If you tend to transfer files to and from your USB drive frequently, this may not be the most elegant solution, but if you have a USB drive whose contents rarely ever change then this could be fantastic for you.

However, due to the way that FAT file systems are designed, this method will not work if your USB device has more than 4GB of free space (since file sizes in FAT systems have a maximum of 4GB). For NTFS drives, you shouldn’t experience any problems.


USB drive dangers require constant vigilance. You might use the same USB drive for years without a hitch, then one day you could grab a file off of your friend’s computer and end up infecting your home network with something serious. USB security is not often on the minds of computer users, even the tech-savvy ones, but as long as you are aware and take proactive steps against the potential spread of viruses that piggyback on USB devices, you’ll be all right.

If you have any other suggestions for software aimed at USB-related security, please share them with us in the comments.

Image Credits: Virus USB Via Shutterstock, Secure USB Via Shutterstock

Explore more about: Anti-Malware, USB, USB Drive.

Enjoyed this article? Stay informed by joining our newsletter!

Enter your Email

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. TysonChamberlin
    April 9, 2013 at 9:36 am

    Thanks, this is very helpful :)

  2. Steve Stallings
    April 9, 2013 at 6:24 am

    Why no mention of Windows 8?

  3. Nick
    April 8, 2013 at 5:37 pm

    It's so true that USB drives are inherently (and increasingly) prone to spreading viruses.

    Scanning is nice, but there's a simple, foolproof measure that works even better: a physical write-protect switch. Most of the time you're plugging in just to transfer from your drive to the computer, not vice versa. So just flip the switch unless you need to write.

    It's amazing that it's only gotten harder to find a drive with such a switch, though. I only know of a few companies, like Kanguru, that still offer it.

    • Joel Lee
      April 10, 2013 at 5:30 am

      I've actually never seen a USB drive with a write-protect switch. That brings me back to the old days with floppy disks that had similar switches. I would like to see more of that, yeah.

  4. munkyBeatz
    April 8, 2013 at 5:11 pm

    Will add that the viruses/etc that generally add themselves to a USB device tend to piggy back on moves that you make; meaning when you move say a zip it incorporates writing to the drive when you access it. Also, your antivirus is only as good as it's definitions, viruses are ever evolving and if you don't update your virus software regularly, preferably daily, it can't protect you.

  5. Clyde Atwood
    April 7, 2013 at 10:28 pm

    I have Avira Antivirus Premium which automatically blocks all autorun.inf files.

    Do you think this is enough protection?

    • Joel Lee
      April 10, 2013 at 5:29 am

      Autorun protection is good to protect against a lot of USB-related malware, but I'm hesitant to say that it's "enough" simply because you never know when someone will devise a new type of virus that doesn't use autorun. I suppose for everyday use, autorun protection is great.

  6. Guy McDowell
    April 6, 2013 at 12:19 pm

    In the late 90's I read an article where a security company salted the parking lot with USB flash drives. The drives would automatically 'phone home' when plugged in. Something like over 40% of them got plugged into company hardware, despite a NO USB Drive policy.

    If you're a Sys Admin, you need to be aware of this.

    • Joel Lee
      April 6, 2013 at 3:11 pm

      LOL. I've never heard of that but it's hilarious... in a facepalm sort of way. It's amazing how many people act without really thinking about the repercussions.

  7. Chris Marcoe
    April 6, 2013 at 7:32 am

    Wow...what great info. the most important way to keep my home computers safe from bad bugs on a USB is to keep my son's friends off the computer. I'm thinking the best way to do that is to use the access and drive control...

    thanks for a great article.

    • Joel Lee
      April 6, 2013 at 3:10 pm

      Kids can be reckless with technology. God only knows how many viruses and malware I unknowingly brought onto my old computers back in the day. Keep those USBs scanned and protected!

      • Chris Marcoe
        April 7, 2013 at 7:08 pm

        My son's friend thinks he is a hacker. But its mostly using cheat codes from various sites on the web. I have told my son,l those sites,l by definition, are full of hacks and cheats. its really not what I want on my computer.

  8. Manide
    April 4, 2013 at 8:39 pm

    I have an 8GB USB drive with Trustport USB Antivirus. I bought the usb drive, but the antivirus came with it, with 1 year free license. Very good till now...

  9. midwest guy
    April 4, 2013 at 5:39 pm

    My best defense? Sandboxie. Implement the forced folder feature in the paid version.

  10. Grr
    April 4, 2013 at 5:26 pm

    nice article, but the name gives the impression that [all] usb drives are dangerous- as if they would attack us- so wear a protective gear.

    Instead the article should read Use of usb drives could be dangerous, and ways to protect ......

  11. Zhong J
    April 4, 2013 at 3:49 pm

    As long as you don't put any files you have no knowledge about in your USB then it should be fine.

  12. Muz RC
    April 4, 2013 at 9:42 am

    USB Dummy Protect hmm nice apps to give a test dude.. XD

  13. Lim3Fru1t
    April 4, 2013 at 6:51 am

    I never really thought about usb security. So thanks for making this article and make me realize something !

  14. Maner
    April 4, 2013 at 6:26 am

    I'm using SecuSimple Protect My Disk. A good tool which does the job.

  15. null
    April 4, 2013 at 3:21 am

    Actually, the first flash drives were much smaller than that. I still have a 512K one around somewhere.

  16. ken aquino
    April 4, 2013 at 2:46 am

    BItdefender usb immunizer is the best tool for flash drives.

  17. Kirby
    April 4, 2013 at 2:29 am

    Aside from scanning USB drives using antivirus programs, I also tend to check the USB myself for infections. Viruses / malwares usually infect the computer once you open your USB via explorer so what I do is I open the USB using Winrar / 7 zip / Winzip. I then check on the existing files making sure that all hidden and system files are shown.

    For example, I know I have file A, B and C on my USB drive then decide to copy file D from my friend's computer. Once I check the USB on my computer using 7zip, I notice there was an additional file E. You can almost certainly guarantee that this is a virus and you can delete this file instantly using the 7zip without it infecting your computer.

    The problem with this method is if
    a) you don't know what files are and should be in your USB drive .
    b) your USB drive has so much content that you become lazy to check each and every directory.
    c) a virus \ malware manages to infect your computer even though your using those archiving apps I mentioned. I never encountered such viruses so far though.

  18. Gjergji Kokushta
    April 4, 2013 at 2:16 am

    DIY security measurement: create a folder named "autorun.inf", put inside a dummy text file "readme.txt" - put a short text in it, usu. explain the reason why of this file and advise not to delete it.

    Now you have a small package. Copy it in every USB drive, harddisk partition. Change folders attributes to hidden, read-only in every drive you put it in.

    Usually USB viruses spread when USB is inserted and system runs USB using infected autorun.inf file which makes the virus to copy itself into your harddrive and also copies the infected autorun.inf.

    By following the above instructions, the virus files may copy itself into your computer but it won't run, because in your harddrive, you have a folder named autorun.inf and we know a folder is higher level from a file with the same name. The read-only attrib. makes it harder to delete the folder. Extra measurement is putting a file inside the folder. As we know, it's harder to delete not empty folders.

    • Tom Potter
      April 8, 2013 at 5:12 pm

      Where I work, there was a large problem of everyone's flash drives getting infected. Our IT department would clean the computers, but since the USB's all had the virus on them, all the computers would keep getting infected again, causing an endless cycle... I never saw what the virus did, but just the fact that it was infesting everything made me want to get rid of it. After investigating it, I became aware or what Gjergji Kokushta mentioned above, and made a batch file to check for, delete, and create the files Gjergji mentioned above, including read and write protecting them and also placing a detailed ReadMe.txt, as well as a copy of the batch file into the new READ ONLY and HIDDEN autorun.ini folder.

      I will post the text of this batch file in the next post. Just copy and paste it into a new NOTEPAD document, and save it with the name KillAutorun.bat

    • Tom Potter
      April 8, 2013 at 5:12 pm

      @echo off

      REM -----------------------------
      REM There is a virus that transfers itself to flash drives, so it can attempt
      REM to infect every computer you insert the infected flash drive into. The
      REM virus uses a FOLDER named RECYCLER, and a TEXT FILE named autorun.inf
      REM KILLAUTORUN.BAT attempts to remove both the above mentioned folder and
      REM text file. If it can successfully delete them, it then replaces them in a
      REM way that prevents the virus from reinfecting the flash drive.
      REM To do this, a FOLDER with the name autorun.inf (instead of a TEXT FILE
      REM of the same name, as before) is created. Likewise, a TEXT FILE named
      REM RECYCLER (instead of a FOLDER of the same name, as before) is also
      REM created. Since there can't be a file and a folder of the exact same name
      REM in the same folder, this stops the virus from being able to do what it
      REM tries to do. This does not get rid of the virus if it is on your main
      REM system though. It just prevents the virus from transferring to your flash
      REM drives again, as long as you do the below to all of your flash drives.
      REM -------------
      REM Put this file ( KillAutorun.bat ) into the root of the flash drive (not in
      REM a folder), then double click it to run it. If either the autorun.inf file,
      REM or the RECYCLER folder will not allow access, you need to first backup all
      REM the files on the flash drive, format the flash drive, then put your files
      REM back on after the format is complete. If you have to format the flash drive,
      REM make sure to RUN THIS BATCH FILE FROM THE ROOT of the flash drive RIGHT
      REM AFTER FORMATTING IT, so you don't give the virus a chance to infect the
      REM flash drive again.
      REM Last Updated: September 24, 2012
      REM Tom ( tpotter@pobox.com )

      if "%1"=="reset" goto RESET
      if not exist RECYCLER goto MAKE_RECYCLER_FILE

      echo Deleting the RECYCLER folder (if it exists)...
      attrib -r -s -h RECYCLER /s /d
      rd RECYCLER /s /q

      echo Creating the RECYCLER file, and making it read only and hidden...
      echo > RECYCLER
      attrib +r +h RECYCLER

      if not exist autorun.inf goto MAKE_AUTORUN_FOLDER
      echo Deleting the AUTORUN.INF file...
      attrib -r -s -h autorun.inf
      del autorun.inf /q

      if exist AUTORUN.INF\*. goto MOVE_BATCH_FILE
      echo Creating the AUTORUN.INF folder, and making it read only and hidden...
      md autorun.inf
      attrib +r +s +h autorun.inf

      echo Moving KillAutorun.bat & KAReadMe.txt to the newly created autorun.inf folder...
      @ copy KillAutorun.bat \autorun.inf\ >> NUL
      @ copy KAReadMe.txt \autorun.inf\ >> NUL
      goto END

      attrib -r -s -h autorun.inf
      rd autorun.inf /S /Q
      echo > autorun.inf
      attrib -r -s -h RECYCLER
      del RECYCLER
      md RECYCLER
      goto END

      echo Finished!
      echo If a message appears below, ignore it. Either way, no worries :)
      if "%1"=="" del KillAutorun.bat >> NUL

    • Tom Potter
      April 8, 2013 at 5:23 pm

      I'm not sure why the line breaks got stripped away, but here is the URL for the text file / batch file:


    • Tom Potter
      April 8, 2013 at 5:27 pm

      And here is the ReadMe file:


  19. Keith Swartz
    April 4, 2013 at 1:53 am

    Good article, Joel. Many out there have nevefr considered not even one of the things you have put forth for thought & action. Thank you for writing this.

    • Joel Lee
      April 6, 2013 at 3:07 pm

      Thanks! Glad you could benefit from it. :)

  20. Eric Jay P
    April 4, 2013 at 12:18 am

    many people should read this, as I always encounter people asking to help with their infected flash drives.

  21. Jonathan C
    April 4, 2013 at 12:14 am

    Some rather good ideas, but I'm a little confused as to why USB Dummy Protect is prevented from working on FAT partitions. If the partition is FAT, surely the program could not simply just detect that it is FAT and split the file into 4gb chunks, and still take up all the rest of the space on the USB stick?

    • Bro
      April 4, 2013 at 3:35 pm

      If I'm thinking correctly FAT is the least secure file format for windows, so doesn't using FAT kinda defeat the purpose of using USB Dummy if a virus doesn't need permission to delete or alter its contents? Sure some viruses can change permissions, but any slight advantage could be the difference of being infected or not. I think that's what the creator was going for, but I could be wrong.

  22. MikeFromMarkham
    April 4, 2013 at 12:04 am

    Roboscan Internet Security Suite and Kingsoft Antivirus Free are perhaps two newer
    and less well known security products, but both of them automatically scan USB devices whenever they are connected. I've tested both products myself and can report that this feature does work as advertised. I would not be surprised to see similar capabilities included in big name security products in the future.