USB or not USB

By Guy Clapperton on Nov 21st, 2008 11:51 pm

Interesting that the US Department of Defense has banned thumb drives. The problem is that they can carry viruses and infect computers - and if your nation's defense depends on these systems (and by extension in the case of the US so does the defense of the rest of the world) they need to be looked after. So no thumb drives, no CDs.

Umm...yes.

But if you're going to take this seriously let's have a look at other removable storage. Here's a list, top of my head, of potentially virus-carrying items I could lay my hands on in my office within 30 seconds:

'Flip' video camera
Still camera
Voice recorder
iPod
Phone

OK, it's only five and the voice recorder is really easily identifiable as storage. The media players and phones and particularly cameras are less so, though.

Tell you what. How about a new idea? Instead of all this stuff about singling out thumb drives and whatnot because they're a risk, how about ordering some new hardware - like PCs without a USB socket in the first place? We all know they're available, and if you really need a peripheral or something connected you could have a hub of some sort connected by WiFi. Then innocent people could carry their thumb drives, phones and cameras around with them without any need to worry - and malicious people with USB drives disguised as something else (I've seen pens, watches) wouldn't have anything to plug them into.

Someone's going to tell me why this idea sucks, I know they are. I just can't see the flaw in it from here.

3 Years Ago

Better still use appropriate security measures to prevent unauthorised devices from being connected in the first place, it is not rocket science. That way you still get the benefits of USB without the dangers. We do not want a return to the 'good old days' where IT Admins superglued USB ports to prevent them being used.

happygeek

Freelance Word Punk

Administrator

27,465 posts since Mar 2006

Reputation Points: 1,457

Solved Threads: 55

3 Years Ago

The main problem is that if people really want to get round whatever security measures you've put in place - they will. People have far more knowledge about various systems now than they did just a couple of years ago, need to email a report but it wont let you upload a file from an external source?

Someone in the office will always know how to get round it. Sure you could order a batch of shiny new base units with no USB ports. But they'll still have an internet connection, so you're pretty much back to square one.

Before any internal data theft occurs; someone somewhere believes they can do it. That's what companies need to work on - eliminating that thought. Once people believe they can; they'll most certainly try.

darrenw89

Posting Shark

903 posts since Jun 2006

Reputation Points: 137

Solved Threads: 13

3 Years Ago

Thanks for the comments. You're both right, and Darren in particular I agree the IR department shouldn't superglue USB ports, it deprives the rest of us of a brilliant pastime.

GuyClapperton

Staff Writer

379 posts since May 2008

Reputation Points: 22

Solved Threads: 0

1 Year Ago

today,i occurred a website which looks good...and it said they custom usb flash drive according to my own style.....after i browse your article...i am at a loss ..whether it's right...please help me.. http://www.usbcustomer.com

amileen

Newbie Poster

Banned

1 post since Jun 2010

Reputation Points: 10

Solved Threads: 0

1 Year Ago

Thanks for the comments. You're both right, and Darren in particular I agree the IR department shouldn't superglue USB ports, it deprives the rest of us of a brilliant pastime.

smart176

Newbie Poster

4 posts since Jun 2010

Reputation Points: 10

Solved Threads: 0

This article has been dead for over three months

You