Questions

How to add write-protection to flash drives?

+
2 Votes
Locked

How to add write-protection to flash drives?

TerriAlley
I volunteer with a educational not-for-profit organization. We are planning to start providing flash drives with content instead of paper-filled binders at our education events. I would like to write-protect the drives before distributing them to attendees so that they cannot add unapproved content or wipe the drive & convert it to personal use. I've found lots of web help to remove write-protection - not much about how to enable it. Any suggestions?
  • +
    0 Votes
    dritson

    Go to the DISK PARTITION utility - press start button and type "diskpart.exe" into search, open that file and click yes if prompted by the user account control,

    In the black command prompt window type "LIST DISK"
    now look for the drive you want to write protect (I use the sizes to identify the correct drive) and note the number it has to the left

    Now type "SELECT DISK 1"
    if 1 is the drive number you want to select

    Now type "ATTRIBUTES DISK SET READONLY"
    Should say it attributes set successfully

    Now close the black command prompt window and make sure it worked by trying to move something over to it and also trying to delete a file

    works great!

    +
    1 Votes

    it's a small utility to add and remove write protection to USB thumb drives,
    here's one download link, there are probably others
    http://www.softpedia.com/get/Security/Security-Related/USB-Write-Protect.shtml

    +
    1 Votes
    Adrian Watts

    How much data are you talking about?

    Physically some flash drives have a write protect switch, but unless you are planning to spend the time to set the switch to write only then break the switch...
    From the software side fat16/32 has no security in it, you can set a file to read-only to prevent accidental deletion but it is just as trivial to remove it. If you format it to ntfs you can modify permissions so that All Users has only read access, but all a user has to do is Take Ownership and they have full access again. And if set to ntfs the users have to remember to eject the drive, and how many do you think will remember. And then you have to consider mac (or linux) users. NB: and software solutions like above would require you to have access to install it on their personal computers.

    The easiest option is to provide them with cd-roms since by definition they are WORMs (Write Once Read Many), unless you are concerned about lack of cd-rom drives.

    The only potential option would be to find a way to create a read-only "partition" on the usb drive. The only two ways i can think of are either creating a type of volume like truecrypt does (although truecrypt is unsuitable) which can be opened with a bit of software but configured as read only without a password. Which adds a layer of complexity for the user.

    The last option is to create a cdfs partitition (virtual cd-rom) which would appear as a regular cd-rom when the usb drive is plugged in. Have a look at http://www.rmprepusb.com/tutorials/97---write-protect-or-make-a-cd-dvd-partition-on-a-flash-drive. This gets complicated very quickly as you have to match the software to the micro-controller on the usb drive. U3 flash drives used to do something like this.

    Have you considered just hosting the files on a web-site or a cyptlocker site or does this not match your marketing requirements.

    +
    0 Votes
    AnonyJew

    I would suggest ThumbScrew. It doesn't really make the thumb drive secure because it doesn't encrypt anything, but it is a great little tool for making a thumb drive read only. I use this all the time when doing system recovery and troubleshooting on systems that might have viruses. One thing to keep in mind thumb screw automatically undoes itself when you plug the thumb drive into the computer you used to screw it.
    http://www.irongeek.com/i.php?page=security/thumbscrew-software-usb-write-blocker

    +
    1 Votes
    dmritchie2

    Both of the suggestions are only workable on the particular machine that put the write-protection on them. (they flip a bit in that machine's registry).

    I find it interesting that the only correct answer is down-modded.
    I expect that this will be also.

    +
    0 Votes
    Krotow

    Here is no real read-only mode for standard flash drives today. You can try to screw up file system, trying to mimick CD file system, written above. But it is not a solution, because flash drive can be reformatted later by any, who has some basic technical IT skills. All changes, done by low-level tools from manufacturer, also is reversable. Only if you want to solder read-only switch into fixed position - but 99% today's flash drives has no read-only pin Of course, there is "secure" flask sticks, such as those http://www.samlogic.net/articles/usb-flash-drive-security-protect-contents.htm but i seriously doubt, if they fit into your demo drive budget. My recommendation - don't worry about the inevitable. Your demo content definitely isn't a world's classics whoch should remain for centuries. It will be obsolete sooner and later and better then those drives can be used for something more useful.

    +
    0 Votes
    Adrian Watts

    Then consider branded flash drives in the smallest capacity available (currently 256mb i believe), the smaller the better. The more piddly the capacity the less likely the people are to reformat them (they'll just throw them away instead.) If they keep them around at least they will have your company name on them. This is the reality of usb flash drives. Don't forget the expense/time required to copy the data onto them, some custom flash drive companies will pre-load the content for you along with the branding.

    +
    0 Votes
    TerriAlley

    And this is where I'm leaning. Some of the members in our organization are Flintstone-era tech-minded, so one of my concerns is them accidentially deleting the contents. I also have a concern that our branded drive could be used by their grandkids, passed around and eventually contain porn or malware that we wouldn't want associated with our name. We don't have a separate website - use a page hosted at our national site, which doesn't have the capacity to host downloads for members. I'm working with a company that has branded 64MB drive, so we'll just try to fill them up! Thanks for the help/suggestions.

  • +
    1 Votes

    it's a small utility to add and remove write protection to USB thumb drives,
    here's one download link, there are probably others
    http://www.softpedia.com/get/Security/Security-Related/USB-Write-Protect.shtml

    +
    1 Votes
    Adrian Watts

    How much data are you talking about?

    Physically some flash drives have a write protect switch, but unless you are planning to spend the time to set the switch to write only then break the switch...
    From the software side fat16/32 has no security in it, you can set a file to read-only to prevent accidental deletion but it is just as trivial to remove it. If you format it to ntfs you can modify permissions so that All Users has only read access, but all a user has to do is Take Ownership and they have full access again. And if set to ntfs the users have to remember to eject the drive, and how many do you think will remember. And then you have to consider mac (or linux) users. NB: and software solutions like above would require you to have access to install it on their personal computers.

    The easiest option is to provide them with cd-roms since by definition they are WORMs (Write Once Read Many), unless you are concerned about lack of cd-rom drives.

    The only potential option would be to find a way to create a read-only "partition" on the usb drive. The only two ways i can think of are either creating a type of volume like truecrypt does (although truecrypt is unsuitable) which can be opened with a bit of software but configured as read only without a password. Which adds a layer of complexity for the user.

    The last option is to create a cdfs partitition (virtual cd-rom) which would appear as a regular cd-rom when the usb drive is plugged in. Have a look at http://www.rmprepusb.com/tutorials/97---write-protect-or-make-a-cd-dvd-partition-on-a-flash-drive. This gets complicated very quickly as you have to match the software to the micro-controller on the usb drive. U3 flash drives used to do something like this.

    Have you considered just hosting the files on a web-site or a cyptlocker site or does this not match your marketing requirements.

    +
    0 Votes
    AnonyJew

    I would suggest ThumbScrew. It doesn't really make the thumb drive secure because it doesn't encrypt anything, but it is a great little tool for making a thumb drive read only. I use this all the time when doing system recovery and troubleshooting on systems that might have viruses. One thing to keep in mind thumb screw automatically undoes itself when you plug the thumb drive into the computer you used to screw it.
    http://www.irongeek.com/i.php?page=security/thumbscrew-software-usb-write-blocker

    +
    1 Votes
    dmritchie2

    Both of the suggestions are only workable on the particular machine that put the write-protection on them. (they flip a bit in that machine's registry).

    I find it interesting that the only correct answer is down-modded.
    I expect that this will be also.

    +
    0 Votes
    Krotow

    Here is no real read-only mode for standard flash drives today. You can try to screw up file system, trying to mimick CD file system, written above. But it is not a solution, because flash drive can be reformatted later by any, who has some basic technical IT skills. All changes, done by low-level tools from manufacturer, also is reversable. Only if you want to solder read-only switch into fixed position - but 99% today's flash drives has no read-only pin Of course, there is "secure" flask sticks, such as those http://www.samlogic.net/articles/usb-flash-drive-security-protect-contents.htm but i seriously doubt, if they fit into your demo drive budget. My recommendation - don't worry about the inevitable. Your demo content definitely isn't a world's classics whoch should remain for centuries. It will be obsolete sooner and later and better then those drives can be used for something more useful.

    +
    0 Votes
    Adrian Watts

    Then consider branded flash drives in the smallest capacity available (currently 256mb i believe), the smaller the better. The more piddly the capacity the less likely the people are to reformat them (they'll just throw them away instead.) If they keep them around at least they will have your company name on them. This is the reality of usb flash drives. Don't forget the expense/time required to copy the data onto them, some custom flash drive companies will pre-load the content for you along with the branding.

    +
    0 Votes
    TerriAlley

    And this is where I'm leaning. Some of the members in our organization are Flintstone-era tech-minded, so one of my concerns is them accidentially deleting the contents. I also have a concern that our branded drive could be used by their grandkids, passed around and eventually contain porn or malware that we wouldn't want associated with our name. We don't have a separate website - use a page hosted at our national site, which doesn't have the capacity to host downloads for members. I'm working with a company that has branded 64MB drive, so we'll just try to fill them up! Thanks for the help/suggestions.

    +
    0 Votes
    dritson

    Go to the DISK PARTITION utility - press start button and type "diskpart.exe" into search, open that file and click yes if prompted by the user account control,

    In the black command prompt window type "LIST DISK"
    now look for the drive you want to write protect (I use the sizes to identify the correct drive) and note the number it has to the left

    Now type "SELECT DISK 1"
    if 1 is the drive number you want to select

    Now type "ATTRIBUTES DISK SET READONLY"
    Should say it attributes set successfully

    Now close the black command prompt window and make sure it worked by trying to move something over to it and also trying to delete a file

    works great!