A flash drive, smaller than a package of chewing gum, has made it much easier to move computer files around. These inexpensive drives can hold dozens of gigabytes of data, more capacity than a standard computer hard drive a decade ago.
But with this convenience comes risk. Because these drives are so small, and are normally carried in a pocket or purse, they can be easily lost. If they happen to contain sensitive files – personnel information, for example – they can pose a data breach.
Flash drives can also be infected with malware, and evidence suggests many are. Paul Ducklin, of Sophos Security, reports his firm recently purchased the USB flash drives sold at a rail company's lost property auction. Two-thirds, Ducklin reports, contained Windows malware.
“Not one file on any of the keys was encrypted, even though many of the files contained personal or business information,” Duckin wrote in his blog.
There are a number of free encyption tools to allow consumers to encrypt the files on their flash drives, protecting them in the event the drive is lost or stolen.
A drive with a virus, or malware, is a problem because they tend to get used on a number of different computers, passing the virus along to each one. One way in which it does this is with the autorun feature.
You may have noticed that when you plug a flash drive into a PC's USB port, you get the autorun prompt. Autorun resides in the flash drive's root director and contains a reference to programs and files that should be run as soon as the drive is installed.
Spreading the virus
A number of bugs exploit this file. As soon as the device is installed in an infected PC, the malware is copied to the flash drive. When the now-infected flash drive is plugged into a clean PC, it runs the script and infects the once-clean computer.
Security experts suggest installing an anti-spyware portable scanner on your flash drives as a way to keep them free of malware. The program resides on the portable drive and can be run from time to time to find and elminate malware they may have picked up.