how to protect my USB stick from Viruses

Since you don't want to change USB sticks to one with a write-protect switch (don't know why, they're cheap), perhaps you should look into getting yourself a USB write-blocker (aka a Forensic disk controller).

These are generally used by forensics experts when gathering data from a suspect's drive, where they're not ALLOWED to write back to the drive or it will spoil the validity of the evidence, so they have these devices to prevent the computer form writing back to the USB device.

Here's one for example.

The UltraBlock Forensic USB Bridge brings secure, hardware-based write blocking to the world of USB mass storage devices. The UltraBlock USB Write Blocker supports USB2.0 High-Speed (480 Mbit/s), USB 1.1 Full-Speed (12 Mbit/s) and Low-Speed (1.2 Mbit/s) devices conforming to the USB Mass Storage "Bulk-only" class specification. The UltraBlock USB Write Blocker works with USB thumb drives, external USB disk drives, even USB-based cameras with card-reader capability.


It is possible to get a USB drive that has a write enabled switch. If you flick it, no computer will be able to write to it, just read.

Here is a listing of makes and models that have such a switch.

EDIT: With regard to your update:

There is no way that a software only solution will work with any guarantees. Filling the drive for example can be bypassed by just overwriting content/deleting files that are already there. Encryption generally does not prevent data from being written to the drive but not read, so if you use that, then one you allow the computer to read the files it can also write to them.

With regard to the SD card switch. This is NOT actually a write disable switch. It simply sends a signal to the OS that it should treat the device as read only (see the link above for more details). The SD card has no way of enforcing this.


As @techie007 has pointed out, there exist various commercial forensic write-blockers on the market. Forensics Wiki has an article listing several examples. However, these are all (AFAIK) closed-source in some or all respects.

If you are willing to trust a proprietary solution, that's fine. However, if you wish to audit the write-blocker's firmware, then you will need an open-source solution. These seem to be limited to DIY options at present, but include:

  • Philip A. Polstra, Sr.'s solution for making USB mass storage devices read-only. (Code is here.)
  • The FIREBrick, which is less portable than Polstra's devices and acts as a write-blocking FireWire-SATA bridge IIUC, although I guess it could perhaps be extended to support USB write-blocking.

Tags:

Virus

Recent Posts