Freeware to prevent deletion from security software?

Message

Zingadeski · #1 Post by **Zingadeski** » Wed Dec 19, 2007 1:43 pm

The other day I went over to a friend's place to work on her PC. I plugged in my drive to get to CClean/SIW and a couple other programs, when some damn second rate spyware-removal tool unapoligetically decided to erase a password recovery tool and a packet-monitoring tool from my thumb drive(I think it was called McAfee). I had backups of the programs on a CDRW with me, but I still found this infuriatingly annoying, and it could prove to be a huge inconvenience in the future if I don't deal with it now.

So, is there a program you can put on the thumbdrive to prevent unauthorized deletion/modification of ze data?

FlightGeek · #2 Post by **FlightGeek** » Wed Dec 19, 2007 2:26 pm

Get truecrypt. Put it on your thumb drive in "traveller mode".

Put your utilities in an encrypted container on your thumb drive.

When you use it, have truecrypt mount it in read-only mode.

Or buy a thumb drive with a read-only switch if you can find one.

Or buy a SD card (which often have read-only switches) and put it in a USB adapter.

All of the above assumes that you don't need to save your settings.

Even if the second-rate spyware remover can't nuke it, it may not let you run it.

Queue · #3 Post by **Queue** » Wed Dec 19, 2007 4:29 pm

A flash drive with a read-only switch has saved me countless headaches at this point.

For most programs you can have the settings saved beforehand (when the drive is writable) then switch it to read-only after you have things configured how you want. I've only encountered a few now that just can't run properly on a read-only drive.

Queue

Zingadeski · #4 Post by **Zingadeski** » Wed Dec 19, 2007 4:44 pm

What does a read-only switch do exactly? Does it just disconnect one of the data lines from the rest of the system? If so, you could do that by modifying a USB extension cable.

Zingadeski · #5 Post by **Zingadeski** » Wed Dec 19, 2007 4:48 pm

Btw, the solution Im using in the meantime is to keep a self-extracting SFX archive of the program files in the application directory.

Queue · #6 Post by **Queue** » Wed Dec 19, 2007 6:02 pm

I'm not clear exactly how it works, but it's a hardware level read-only switch and no software can circumvent it. On mine I can see the switch clearly affixed to the flash drive's circuit board, but it doesn't seem to be simply cutting one of the (4?) USB wires.

You could theorhetically try using an executable packer to obfuscate your program(s) so signature-based anti-malware scanners won't find it. That's what I did when Angry IP Scanner kept tripping various scanners.

Some of the nefarious packers will set off any scanner regardless, and UPX is so easily unpacked most malware scanner unpack them to scan anyway, but it's still another option.

Queue

FlightGeek · #7 Post by **FlightGeek** » Thu Dec 20, 2007 5:19 am

Zingadeski wrote:What does a read-only switch do exactly? Does it just disconnect one of the data lines from the rest of the system? If so, you could do that by modifying a USB extension cable.

The read-only switch disconnects the write-enable line between the USB flash controller and the flash chip. In the case that the controller and flash are integrated, the read-only switch drives the write-enable input to the false state.

Cutting any of the four wires in a USB extention cable would render it unusable. USB uses one wire to transmit and another to receive. The others are for power and shielding. To read the flash the computer must transmit the address of the wanted data to the flash driver and then receive the data. Consequently, data must flow both ways even for a read operation.