U-Who? What your colleague's flash drive might be hiding

Last time, I provided some methods and motives for disabling Windows' AutoRun capability. That post was prompted by my recent exposure to a device which exploits that system feature: a U3-enabled USB flash drive. Every helpdesk pro should be aware of these products, and the implications they have for making the business of computer support even more difficult.

It all began innocuously enough. One of our contract vendors had run out of the model of USB flash drives that I ordered for my office, and instead sent along some SanDisk USB keys of equal capacity. I didn't really notice the substitution when I unpacked the USB keys, but the difference became clear when I eventually popped one into my office computer. AutoRun fired up a flashy application from the new USB drive, offering me the chance to customize my new purchase with additional software and utilities. I'd heard about the U3 product before, but my experience with it really got me thinking about the implications of devices like this for the helpdesk.

U3 is a middleware product that is showing up on USB thumb drives as a value-added feature. When a U3 drive is connected to a Windows computer, AutoRun activates the U3 launcher software, which puts a special menu in the system tray. From that menu, the operator can access and modify the software preinstalled on the flash drive. The idea is that one can use a U3 flash drive to carry applications and program settings in addition to the usual documents and other files. The applications stored on the U3 drive can be used without having to run an installer application or save anything to the host computer's C:\ drive.

The marketing for these U3 drives aims them at anyone who might have to use more than one computer on a regular basis. Just imagine, with his U3 flash device, a user can carry his favorite programs and all his data with him...ready for use on any Windows computer he might come across. This idea should raise any support pro's eyebrows. All of a sudden, you might not be able to predict what programs your users are using on your network.

Recently on TechRepublic Jason Hiner discussed a Wall Street Journal article which provided tips for circumventing the controls that might have been put in place by corporate IT departments. That original article mentions that users can install and run applications from removable USB devices, without necessarily having to have administrative access on their machine. These "portable" applications have been available on the Internet for quite a while; they're not new. Tracking down the proper apps and installing them, though, once took a small amount of industry. What's news is that your users can go to their local computer store and buy a U3 flash drive that has several portable apps and device management software preinstalled. No muss, no fuss, no special knowledge required. Now it's not just the computer savvy users that you have to worry about carrying and using a drive full of unapproved applications, but everyone.

The repercussions of this for technology personnel are far-reaching. One thing support pros rely on when we're supporting a network of computers is that the suite of applications in use is a known quantity. In many cases, techs have restricted users to a tested suite of applications that are stable and compliant with the organization's security policies. This narrows the field of inquiry when troubleshooting a problem. By running unauthorized applications from USB devices, users are undermining the efforts that their IT pros have made to provide a consistently supportable environment, and U3 is facilitating that.

Fundamentally, if the information on your network is too valuable to risk the troubles that removable devices might bring, then it's your responsibility to disable USB mass storage on your company's machines. And I'll admit, in the right setting, devices like this could be useful. Support techs on-call could carry a suite of troubleshooting tools on their own USB devices, for example. Let's be realistic, though. This "feature" is an attempt on the part of U3 and flash memory manufacturers to head off the ever-falling prices on solid-state products. They can offer U3 software as a premium feature and charge higher prices for their devices. I don't know about you, but I don't want flash drive manufacturers making the decision to install bundle-wear for me, or using the storage space I paid for to advertise their partners' products. In the future, I'll "look for the U3 label"...

...and steer clear.