Protecting Your USB – 5 : Enabling Write-Protect on your USB
Scenario : You carry your USB drive around with you that contains a lot of portable tools but you are afraid that if you connect it to someone else’s PC or a public computer, a virus will infect your drive. You would like it if you could implement a write-protect switch for it.
Solution : The best solution to this problem would be to get a pendrive with a built-in write protect switch :P. That is the hardware approach but if you want to implement it via software…that is a different story.
But first, a little perspective…..you already know how viruses spread via autorun.inf but that is from an infected pen drive to your PC. what if you connect YOUR pen drive(henceforth called as PD) to an infected PC ?? then none of the methods previously discussed(Write-Protect, USB Vaccine, etc) will help you prevent the PD from being infected and getting transferred to other’s PC and not just yours. They may stop it from propagating to your PC, but they cant stop your executable files inside the PD from being corrupted.
Understand first of all, how those executable’s get infected….whenever you plug in your PD to an infected PC, the malware will scan your PD for executables and attach itself to them individually….as a result not only the file size changes but also the amount of free space decreases.
Light a bulb ?? Yes…..As long as you have free space, the malware will write itself to your PD….i mean come on..for the malware to write itself to your PD, it needs some space to write in…. So if you could just make the amount of free space available zero, the malware will not be able to write itself to your PD….ALRIGHT!!!! High- Five!!!!
so what….everytime we have to fill the PD to the brim with unwanted stuff just so it is not infected ?? Well….that is one way or you could simply create a dummy/fake file occupying all the free space available. and the best part is that you do not have to rely on any external tools for that cos Windows provides you the necessary tool…or in this case…command to do so.
The command to use is “FSUTIL“. To quote the microsoft knowledge base : ” Fsutil is a command-line utility that you can use to perform many FAT and NTFS file system related tasks, such as managing reparse points, managing sparse files, dismounting a volume, or extending a volume”. Fsutil has many subcommands, the specific subcommand we are going to use is “file”. The syntax of the command is :
fsutil file createnew filename size(in bytes)
e.g. fsutil file createnew K:\fakefile 1300594688
In the above e.g., K: is the drive letter of my PD, “fakefile” is the name of the dummy file and “1300594688” is the free space available on the PD. The file will be created in the root of the drive (and can be deleted manually), also the available free space will become zero in properties.
This method is quite useful to me cos i carry a PD with a lot of portable and useful tools which i use to troubleshoot people’s infected PC. I would not be copying anything from their PC and would not want anything to write itself to my PD, so this little trick works quite great for me…..Hope it does so for you too….Stay Sharp!!!!
P.S. : If anyone needs a script to automate this, do let me know in the comments.