How to protect file on USB from being copied?

CasperChua80

Member
Joined
Aug 29, 2011
Messages
6
Here I am again trying to reach out for help from the many computer savvy guys/gals on this board.
I have a scenario that I'm looking for solution.

How can I prevent file on USB flashdrive to being copy and paste either via right click or drag and drop copy to other device that is hookup to it like a PC or laptop? The file will be PDF, document file, JPG or some other image file, and some movie file etc?

The scenario is the file will be needed to be just viewable to show people but they cannot copy any part of it out from it other than admin level that create/authorize full control of it.
Example is like a person on a field trip is bring some presentation stored on USB flashdrive and show it on field premise to showcase company stuff like brochure, powerpoint, concept drawing, sales figure etc but we do not allowed them to have those file on the USB drive to being able to copied off to client's PC or even their own home without authorization. Not even a phrase or JPG image from a particular document etc. Pretty much just view only mode. Print screen function might be hard to work around that but hopefully something that will able prevent it or come out blank is there anything like that out there?
Only manage to find how to write protect the drive but not in my intended scenario.

The internet search provides a lots of solution but it's on PC/laptop but not on USB flashdrive that I could find.

Thanks and appreciate any info/input from you guys/gals.
 

LEDAdd1ct

Well-known member
Joined
Jul 4, 2007
Messages
3,542
The second link Markus posted looks really interesting, and they appear to offer a version you can download to test. I am curious about it as well. If you decide to try it, please share with us your experience.
 

Toohotruk

Well-known member
Joined
Feb 16, 2007
Messages
2,685
I use Folder-lock, and it seems like when I first got it it was well reviewed. I've used it for a few years now, and it has worked as promised. You can use it on USB drives, and I think on CDs and DVDs, as well as on your hard drive.

Edit: I re-read the OP a little more carefully...obviously my suggestion would not work in this scenario. I need to avoid posting so early while tired and still a little drunk. :eek:hgeez:
 
Last edited:

Lynx_Arc

Well-known member
Joined
Oct 1, 2004
Messages
10,637
What you are asking for is not possible with a default operating system installation. Almost all operating systems I know of by default ALLOW copying of most if not all files and to prevent that a program must be run to change the operating system from that. Either you have to install a program to disallow copying from external media or you have to install a program by autorun from the media itself which I don't recommend for security reasons (viruses and malware etc). The alternative is to incorporate the data files into a program data such that they are no longer viewable without the program being run so copying them doesn't help at all.
 

Sub_Umbra

Well-known member
Joined
Mar 6, 2004
Messages
4,749
I think you don't have much of a chance of hanging on to anything you let an attacker see.

What if someone brings their own device and copies the whole flash drive to it so they may work on it later? Then he may just go home, boot a LiveCD, mount your thumb drive and have at any file or resource there. In this scenario you will have no control over even what OS the attacker arms himself with.

For the most part, if an attacker can 'see' a file 'in the clear' you probably can't stop him from taking it.

Also, because of the Wear Leveling technology built into virtually all flash memory devices safely encrypting or removing a file is more complex than it is with magnetic media.
 
Last edited:

Lynx_Arc

Well-known member
Joined
Oct 1, 2004
Messages
10,637
I think you don't have much of a chance of hanging on to anything you let an attacker see.
In windows there is this little key on the keyboard called Print Scrn that if you hit it once while nobody is looking it captures a screen shot to the clipboard and it can later be pasted into any picture editing program so a program would have to disable screen captures too.
 

HotWire

Well-known member
Joined
Mar 9, 2011
Messages
1,651
I've used USB thumb drives with content I created and believe me.... keep it in your pocket! Leave it in the computer, someone will swipe it. Also I found that thumb drives seem to fail and if you don't have backup.... you are dead in the water. I've created original content instructive CDs and loaned them to people to use. I found out later they had been copied! Grrr..... I've created lots of instructional media and... people who copy don't get use use my stuff any more! I don't know about any way to view it but not copy it.
 

Lynx_Arc

Well-known member
Joined
Oct 1, 2004
Messages
10,637
I've used USB thumb drives with content I created and believe me.... keep it in your pocket! Leave it in the computer, someone will swipe it. Also I found that thumb drives seem to fail and if you don't have backup.... you are dead in the water. I've created original content instructive CDs and loaned them to people to use. I found out later they had been copied! Grrr..... I've created lots of instructional media and... people who copy don't get use use my stuff any more! I don't know about any way to view it but not copy it.
About the only way to limit copying is to show it to them on your machine only because there are programs you can download for free to copy nearly anything on a computer, be it files or media if you can see or hear it then copying it is possible even if you have to get out a digital camera and take a picture of your monitor screen and then download it into a computer it is copied.
 

EZO

Well-known member
Joined
Jul 15, 2010
Messages
1,433
While it may be difficult to ultimately prevent the copying of your files from a USB flash drive or someone taking a screen shot you can limit access to and functionality of various files by relying on PDFs. Using Adobe Acrobat X Pro you can create and share highly secure files that can only be opened and viewed by designated individuals or a group of designated individuals. Acrobat software provides an entire enhanced security suite that includes several methods of 128 bit private key encryption via certificate or via encrypted password, trusted identities, security envelopes, various signature methods and more. You can designate specific settings for each file, including attachments or these security methods can be applied to a whole portfolio or folder. For example, you can allow a file to be viewed but you can prevent the file from being edited or printed and you can prevent users from selecting, copying or pasting text, images or other content. If you do allow printing, you can restrict print resolutions. You can manage trusted identities and require signed and verified signatures. There are numerous other security, editing and notational functionalities available in Acrobat. The software is designed around the idea of securely distributing and editing simple or complex PDF files among or within workgroups. For example, an attorney and financial professional I work with sends me certain documents in this PDF form via email that only I or colleagues in his office can open.

Using this method, even if you should lose your USB drive, only the individuals you specifically grant access to can open specific files and work with them in ways that only you designate and you can do so on a granular level.
 
Last edited:

Sub_Umbra

Well-known member
Joined
Mar 6, 2004
Messages
4,749
While it may be difficult to ultimately prevent the copying of your files from a USB flash drive or someone taking a screen shot you can limit access to and functionality of various files by relying on PDFs. Using Adobe Acrobat X Pro you can create and share highly secure files that can only be opened and viewed by designated individuals or a group of designated individuals. Acrobat software provides an entire security suite that includes several methods of 128 bit private key encryption via certificate or via encrypted password, trusted identities, security envelopes, various signature methods and more. You can designate specific settings for each file or these security methods can be applied to a whole portfolio or folder. For example, you can allow a file to be viewed but you can prevent the file from being edited or printed and you can prevent users from selecting, copying or pasting text, images or other content. If you do allow printing, you can restrict print resolutions. You can manage trusted identities and require signed and verified signatures. There are numerous other security, editing and notational functionalities available in Acrobat. The software is designed around the idea of securely distributing and editing files among or within workgroups. For example, an attorney and financial professional I work with sends me certain documents in this PDF form via email that only I or his colleagues can open.

Using this method, even if you lose your USB drive, only the individuals you specifically grant access to can open specific files and work with them in ways only you designate and you can do so on a granular level.
That's what Adobe says, too. I don't believe them. Adobe has hundreds and hundreds of thousands of lines of code supported out there, (if not millions.) It's important to remember that Adobe has always claimed that their products are secure. That's what everybody says. In truth all new software must be considered insecure until it's been hammered on for a while. Adobe's product line is changing all the time. they are always rolling out product and policy changes. Often times they must roll back claims and even initial setting defaults because later they would be found unsafe.


Adobe products usually install with many threats enabled by default. Adobe has convinced many that they need something as dangerous as javascript in their documents and that it is worth all the threats they open up to themselves by using it.

By adding Java and Flash to Acrobat they enabled cross platform venue possibilities for any malware, known or unknown. This is a serious business. Adobe has tons of legacy code out there that has been hammered on by malware writers for years and years and years. In today's environment we never even find out about what malware is out there until the crooks/spooks make a mistake and it's detected. Unknown exploits are valuable and are kept close to the vest.

Unfortunately, the inclusion of these languages has greatly increased Acrobat's attack surface area. It used to be that Microsoft had the most code exploits, but If I'm understanding Steve Gibson Adobe actually had more code exploits than Microsoft did last year...

IMO, Acrobat probably violates three or four sound security practices:

----Any new complexity in any software always poses unknown security threats until it's been seriously hammered on.

----Any new code at all poses the same problem.

----Bringing out new code that contains boucoups legacy code is also a threat.

In contrast the most secure solutions often involve a combination of:

----Finding the simplest program that will do the job.

----Finding the oldest program that will do the job.

----Choosing an Open Source solution will enable the company to hire someone to look at the code for you.

In conclusion, whenever one buys a software 'solution' that is the newest, biggest, most versatile proprietary software out there one is setting oneself up for the problems listed. You won't be able to hire anyone to audit or fix the code. Once you fork over your money you'll still have to take the company at it's word for everything they tell you. YMMV
 
Last edited:

EZO

Well-known member
Joined
Jul 15, 2010
Messages
1,433
That's what Adobe says, too. I don't believe them. Adobe has hundreds and hundreds of thousands of lines of code supported out there, (if not millions.) It's important to remember that Adobe has always claimed that their products are secure. That's what everybody says. In truth all new software must be considered insecure until it's been hammered on for a while. Adobe's product line is changing all the time. they are always rolling out product and policy changes. Often times they must roll back claims and even initial setting defaults because later they would be found unsafe.


Adobe products usually install with many threats enabled by default. Adobe has convinced many that they need something as dangerous as javascript and that it is worth all the threats they open up to themselves by using it.

By adding Java and Flash to Acrobat they enabled cross platform venue possibilities for any malware, known or unknown. This is a serious business. Adobe has tons of legacy code out there that has been hammered on by malware writers for years and years and years. In today's environment we never even find out about what malware is out there until they crooks/spooks make a mistake.

Unfortunately, the inclusion of these languages has greatly increased Acrobat's attack surface area. It used to be that Microsoft had the most code exploits, but If I'm understanding Steve Gibson Adobe actually had more code exploits last year...

IMO, Acrobat probably violates three or four sound security practices:

----Any new complexity in any software always poses unknown security threats until it's been seriously hammered on.

----Any new code at all poses the same problem.

----Bringing out new code that contains boucoups legacy code is also a threat.

In contrast the most secure solutions often involve a combination of:

----Finding the simplest program that will do the job.

----Finding the oldest program that will do the job.

----Choosing an Open Source solution will enable the company to hire someone to look at the code for you.

In conclusion, whenever one buys a software 'solution' that is the newest, biggest, most versatile proprietary software out there one is setting oneself up for the problems listed. You won't be able to hire anyone to audit or fix the code. Once you fork over your money you'll still have to take the company at it's word for everything they tell you. YMMV


While I would agree with some of what you say about Adobe software in your reply, it is clear (or at least likely) that you have zero personal experience using with this software and I would respectfully submit that you would not be able to open these encrypted files.
 

Sub_Umbra

Well-known member
Joined
Mar 6, 2004
Messages
4,749
The issue is not about whether or not I may open the encrypted file. Threat assessment should be part of any security plan. If the OP only had to defeat me as an attacker he'd have it made. That is not the world the OP lives in.

Instead, he lives in a world of script kiddies who have never written a line of code in their lives. They don't have to understand how the script works to use it. They mostly attack Windows mono-cultures where the same lines of code produce the same exploits across nearly every MS OS since win98. It is not unlike the bic pen trick a few years ago that worked on some models of Kryptonite locks. All it takes is five minutes of practice and an idiot could break into any of those model locks -- of which there were millions. Many are still vulnerable.

There are so many exploits to choose from that script kiddies just study a few and then start hitting machines. You don't really have to know much.

I've listened to all seven years of Steve Gibson's Security Now podcasts, and it is amazing how much time Adobe spends fixing problems they always claimed didn't exist. Below is a link to a google search of all of Gibson's Security Now podcast transcripts for the word acrobat. The results would seem to be popping up in the security discussion throughout most the podcast's seven year run

http://preview.tinyurl.com/6mrzm4u

Lots and lots of security patches spreading from well into the past on into the future. Actually Adobe's patch frequency is increasing. As I said earlier many Adobe products are now cross platform vectors for malware and as such it is attacked more than Windows itself.
 
Last edited:

blasterman

Well-known member
Joined
Jul 17, 2008
Messages
1,802
That's what Adobe says, too. I don't believe them.

To sum up what EZO said politely.....'so what'?

Unless you're dealing with some pretty sophisticated NSA certified encryption any data file on a thumbdrive is going to be accesible if somebody wants it bad enough. If you can read it, and view it, the entire point of keeping it protected is pointless. You then need the cooperation of the reading software to prevent you from copying it or doing what you want with it. The format of the file is irrelevant because it's just passive data. Data doesn't attack computers. Microsoft's DOCX format is full of all kinds of problems, but it requires an executable on the local OS to open the file and do the damage, typically .DLL shenanigans.

Again, if you can translate and decrypt the source file it's up to the actual application it's opened with to prevent the information from being copied and passed around via API restrictions. Or, the underlying OS or hardware is also cooperating, as is the case with DRM. I'm sure the Adobe encryption algorithms have already been cracked by some motivated student at MIT trying to impress his dorm-mates, and likely by Chinese industrialists 5-minutes after it was sold on the market. However, the Adobe software is designed to discourage pedestrian copying and manipulation of PDF files, not provide a data exchange format for the CIA.

I agree with Sum Umbra about Acrobat and it's related suite being a big pain in the neck from a security standapoint. Trying to support Acrobat on Citrix or Terminal Server type environment is rapidly devolving into a big headache because of the constant patching and the PDF format turning into just another portable web page format that does everything HTML does (JAVA, etc) while claiming it's different. If you try to sandbox Acrobat so that it can't stick it's fingers in some place it shouldn't it frequently breaks forcing an Admin to run around and kill Acrobat executables all over the place. Also, while Adobe products are an increasing security headache because of the reasons above I've yet to see any security notice go out rating the potential problems as needing immediate attention. I'm far more concerned about Cisco firmware exploits and virtualization cracks than application layer problems that can be locked down with common sense.

Last, and with all due respect, Steve Gibson (and his site) is the most lampooned tech guy in the universe.
 

EZO

Well-known member
Joined
Jul 15, 2010
Messages
1,433
While I would agree with much of what blasterman and Sub-Umbra have posted, especially about Adobe, the fact is that the kind of attacks and breaches you are speculating about are highly unlikely when considering the OP's needs and requirements. I mentioned this thread to a good friend of mine who is head of IT and chief security officer at a major hospital in charge of enforcing the HIPA requirements among many other duties involving all systems and hospital controlled mobile devices. While he acknowledges and bemoans what a security morass has evolved with computers systems over his career and it is a 24/7 battle but he finds discussions like this silly. He calls it "Chat room bravado". (He also made a less kind remark, I won't repeat here.) Obviously, anyone dedicated enough can break into almost anything, even "script kiddies", but one needs to consider the particular scenario. The OP simply asked for a method to prevent copying and pasting of media presentations from a USB drive. Nowhere, does he mention the need to protect against corporate espionage, dedicated attacks or even casual algorithm cracking. In all likelihood a properly set up security envelope using the latest version of Acrobat would be more than enough to meet the OP's needs here because it does basically what he asks. To quote from blasterman's post. "Adobe software is designed to discourage pedestrian copying and manipulation of PDF files, not provide a data exchange format for the CIA."
 

eh4

Well-known member
Joined
Oct 18, 2011
Messages
2,002
KeePass is a nice little password manager that is also cross platform.

Maybe a password manager and some Cloud service would satisfy some of the requirements, open a Google Drive account with limited permissions? -allowing viewing but no modifications or copying?
 
Last edited:

27ragbag

New member
Joined
Mar 8, 2013
Messages
2
I think the thread has gotten a little off the primary subject. I don't believe the original post was about encryption, you know...scrambling data so a password must be entered to decrypt the file. What the user wants is a way to share the document (on a flash drive) without the User being able to save the file. Clearly encryption is involved, but also copy protection where the ability to Save or Save As is eliminated. And also the ability to Print is eliminated. I've seen many solutions where the term "copy protection" is used, but the truth is the files are only encrypted. Once the password is entered, the User can do anything they want with the file. Again, I don't think THAT was the original intent of the poster. I have only found two solutions. Nexcopy.com for Copy Secure drives and Trus Cont.com and their TSFD drive. The TSFD does require the User to install a piece of software on the computer - thus a User must have Admin rights. The Nexcopy solution does not require installation (so no Admin rights) and runs right from the flash drive. Both put the data in a write protected partition so the info cannot be deleted or formatted off the drive. Both restrict the Print Screen function as well. Nexcopy solution supports the Mac computer but don't know if that is a concern or not for the poster. The newsoftwares.net listed above is only encryption...and for encryption only just use truecrypt.org - it's free.
 

kaichu dento

Well-known member
Joined
Apr 5, 2008
Messages
6,055
I think the thread has gotten a little off the primary subject. I don't believe the original post was about encryption, you know...scrambling data so a password must be entered to decrypt the file.

What the user wants is a way to share the document (on a flash drive) without the User being able to save the file. Clearly encryption is involved, but also copy protection where the ability to Save or Save As is eliminated. And also the ability to Print is eliminated.

I've seen many solutions where the term "copy protection" is used, but the truth is the files are only encrypted. Once the password is entered, the User can do anything they want with the file. Again, I don't think THAT was the original intent of the poster. I have only found two solutions. Nexcopy.com for Copy Secure drives and Trus Cont.com and their TSFD drive.

The TSFD does require the User to install a piece of software on the computer - thus a User must have Admin rights. The Nexcopy solution does not require installation (so no Admin rights) and runs right from the flash drive. Both put the data in a write protected partition so the info cannot be deleted or formatted off the drive. Both restrict the Print Screen function as well. Nexcopy solution supports the Mac computer but don't know if that is a concern or not for the poster. The newsoftwares.net listed above is only encryption...and for encryption only just use truecrypt.org - it's free.
It's been a long time since the OP was here, but this may be of help to some of the rest of us.
 

fisk-king

Well-known member
Joined
Apr 24, 2009
Messages
1,104
Truecrypt is a very good solution to the original post. I use it for my most important doc., drives, etc.
 
Top