Jump to content



Photo

USB Write Blocker : Makes any USB drive Write protected.

hardware

  • Please log in to reply
51 replies to this topic

#31 OP +warwagon

warwagon

    Only you can prevent forest fires.

  • Tech Issues Solved: 3
  • Joined: 30-November 01
  • Location: Iowa

Posted 12 August 2012 - 19:35

I bought too much computer crap like this to know that you actually don't need these. They become dust-collectors after a few uses.


Hmm... Darn, so much for that then. Well maybe i'll find some use for it. On the plus side, it's deductible :D


#32 +goretsky

goretsky

    Neowinian Senior

  • Tech Issues Solved: 3
  • Joined: 12-March 04
  • Location: Southern California

Posted 13 August 2012 - 10:12

Hello,

It will be interesting to read your review on the device when it arrives. Do you think you could test it with a variety of file system formats and capacities of rewriteable media?

Regards,

Aryeh Goretsky

#33 n_K

n_K

    Neowinian Senior

  • Tech Issues Solved: 3
  • Joined: 19-March 06
  • Location: here.
  • OS: FreeDOS
  • Phone: Nokia 3315

Posted 13 August 2012 - 10:41

The filesystem doesn't make a difference, it detects generic codes to write data to the device which can be overcame by sending spoof codes and whatnot inbetween valid codes.

#34 Simon-

Simon-

    Neowinian Senior

  • Joined: 04-November 02

Posted 13 August 2012 - 12:30

$160 is too much, for that price I could get 32 USB sticks prepared for potentially malware-infested systems and after 32 uses go and re-wipe and re-copy the software.

Or get a U3 device with a virtual CD drive and use a utility to write an ISO file to the USB drive which is read only

#35 virtorio

virtorio

    Neowinian Senior

  • Tech Issues Solved: 15
  • Joined: 28-April 03
  • Location: New Zealand
  • OS: OSX 10.10, Windows 8.1
  • Phone: LG G3

Posted 13 August 2012 - 12:44

I tried finding some USB sticks with the write protect switch to use for installing our software on peoples (often virus filled) laptops in our training sessions. Optical discs are no good as the data it uses can be up to 20 GB. I found only one and it cost a fortune, so in the end we just went with SD cards (which do have write protect switches on them) with a USB card reader.

This thing would be interesting if it were, say, $140 cheaper.

#36 nkaHnt

nkaHnt

    Neowinian

  • Joined: 26-July 09

Posted 13 August 2012 - 12:55

Most SDCard has write protection.

So a USB SDCard reader + SDCard with WProtection for me

#37 OP +warwagon

warwagon

    Only you can prevent forest fires.

  • Tech Issues Solved: 3
  • Joined: 30-November 01
  • Location: Iowa

Posted 13 August 2012 - 23:18

Does anyone know of some software I can use to test the device which does unusual writes?

#38 +goretsky

goretsky

    Neowinian Senior

  • Tech Issues Solved: 3
  • Joined: 12-March 04
  • Location: Southern California

Posted 14 August 2012 - 06:57

Hello,

I would think of starting with a variety of internal commands and applications (DISKPART, FORMAT, DISKMGMT, Windows Explorer, the various Office applications, file archiving utilities, file management programs, etc.) just to see if there was any common programs behave differently. I'd also be interested to see if things like FAT12, FAT16, FAT32, NTFS, ExFAT make a difference. USB-wise, lots of USB flash drives (including older, smaller capacity ones, if possible), optical drives and even a floppy diskette drive, if you have one.

I know, it's a lot of work, but, it's an interesting subject!

Regards,

Aryeh Goretsky



Does anyone know of some software I can use to test the device which does unusual writes?



#39 n_K

n_K

    Neowinian Senior

  • Tech Issues Solved: 3
  • Joined: 19-March 06
  • Location: here.
  • OS: FreeDOS
  • Phone: Nokia 3315

Posted 14 August 2012 - 07:55

Does anyone know of some software I can use to test the device which does unusual writes?

Nope, you'd have to make your own or find malware that does it, normal everyday software isn't made to send spoof commands to bypass write protection bloks.

#40 +Karl L.

Karl L.

    xorangekiller

  • Tech Issues Solved: 15
  • Joined: 24-January 09
  • Location: Virginia, USA
  • OS: Debian Testing

Posted 14 August 2012 - 23:17

Nope, you'd have to make your own or find malware that does it, normal everyday software isn't made to send spoof commands to bypass write protection bloks.


I'm very curious as to what that would look like. Could you provide a code snipet that does what you are talking about? I did a quick Google search and couldn't find anything of the sort.

#41 OP +warwagon

warwagon

    Only you can prevent forest fires.

  • Tech Issues Solved: 3
  • Joined: 30-November 01
  • Location: Iowa

Posted 14 August 2012 - 23:25

I'm very curious as to what that would look like. Could you provide a code snipet that does what you are talking about? I did a quick Google search and couldn't find anything of the sort.


ya me too

#42 n_K

n_K

    Neowinian Senior

  • Tech Issues Solved: 3
  • Joined: 19-March 06
  • Location: here.
  • OS: FreeDOS
  • Phone: Nokia 3315

Posted 15 August 2012 - 00:51

As said I'm no longer at the university so don't have any of the stuff and it's not likely to be just randomly around on the net. Look up spec sheets on USB specs and whatnot for things like 'null' data that the device ignores and if you've got the time and skill, put them into programs and try them.

#43 OP +warwagon

warwagon

    Only you can prevent forest fires.

  • Tech Issues Solved: 3
  • Joined: 30-November 01
  • Location: Iowa

Posted 17 March 2013 - 17:17

http://www.neowin.ne...-security-patch

and people wonder why I don't plug in USB drives into my system which are not write protected (Physical switch, and by write protected I mean write protected while inserted into a customers machine) and that I don't have control over. In this case it's modified USB descriptors, which I don't think malware can alter, this has been in windows for quite some time. What else don't we know about.

#44 +goretsky

goretsky

    Neowinian Senior

  • Tech Issues Solved: 3
  • Joined: 12-March 04
  • Location: Southern California

Posted 17 March 2013 - 21:42

Hello,

From my reading of the article, it appears this vulnerability occurs at the a USB flash drive is enumerated, e.g., identified by the system. I do not think protecting against writes to USB flash drives would, in this case, have any effect, since the operation occurs when the drive is read from and not written to. What this attack actually reminds me of are similar exploits which were (or are) used against FireWire.

Your point about trusting external media is quite valid, and users with earlier versions of Microsoft Windows should verify AutoRun is turned off and fully patched. While that certainly won't stop all attacks, it will, at least, improve security.

Regards,

Aryeh Goretsky

http://www.neowin.ne...-security-patch

and people wonder why I don't plug in USB drives into my system which are not write protected (Physical switch, and by write protected I mean write protected while inserted into a customers machine) and that I don't have control over. In this case it's modified USB descriptors, which I don't think malware can alter, this has been in windows for quite some time. What else don't we know about.



#45 The_Decryptor

The_Decryptor

    STEAL THE DECLARATION OF INDEPENDENCE

  • Tech Issues Solved: 5
  • Joined: 28-September 02
  • Location: Sol System
  • OS: iSymbian 9.2 SP24.8 Mars Bar

Posted 17 March 2013 - 22:47

It's a bit of a call back, but this caught my eye.

lolwut... optical drives? it hurts my brain just thinking about it.
slow burn time... no/slow rewrite... not to mention that many machines now have no optical drives.


That's basically a point, with a CD-R you can't change the disk contents, i.e. malware can never attack it. Get a USB optical drive (I got one for like $20 months back to replace the dead drive in my Mac Mini) and a burnt CD with rescue tools/a live Linux install and work on just about anything (Y)