Is there any way to prevent a USB flash drive from being written to? [duplicate]

usb filesystems virus malware usb-flash-drive

Is there an effective method that is OS independent to prevent a USB from being written to?

Not really unless you are using a device that explicitly uses a forensic write blocker/controller or something similar that blocks data writes on a controller level.

Read and write permissions/restrictions on the vast majority of devices out there are inherently, physically read and write capable—like USB flash drives—is a logical OS-based construct. When something gains malicious access to a device, it simply doesn’t care about such circumventable logical restrictions. Remember: Code—such as viruses and malware—that can infect a system will basically operate on “root”/“admin” level at all times and can just do whatever it wants.

So even those SD cards that have those little write-protect switches are fairly useless since anything that gains deep system access can just ignore that “don’t write to me” setting. For example, look over this list of various ways to disable/circumvent write protection to SD cards on various systems; a simple adjustment to registry settings for StorageDevicePolicies from 1 to 0 in Windows will essentially tell the system to ignore the write-protect switch.

This kind of “hack” is no deep secret and even openly discussed/advocated by Microsoft support—such as in this official support thread—when providing support to users who have legitimate reasons to bypass write protection on USB devices.

Your best bet—if preventing unauthorized write access is a goal—is to use media that physically blocks write access like CD-R’s or DVD-R’s after they are burned.

I could use a disc to do this, and use a USB powered disc drive where optical drives are not present in the laptop, however this is not as convenient of a method, so I’d prefer to use a USB flash drive if possible.

Honestly, the use of truly read only media—like a burned CD-R or DVD-R—is the only simple and practical way to ensure malicious writing access is stopped at a deeper level. It might seem inconvenient, but the way I would approach this is simple:

  • CD-R/DVD-R Master of Tools: Create a CD-R/DVD-R with all the tools on need on it. Use that as the master. Maybe burn a few copies to have as backups.

  • Create a USB version of the CD-R/DVD-R Master: Now with that CD-R/DVD-R created, create an exact clone of the contents of that CD-R/DVD-R on a USB flash drive. The logic being that you can use this USB flash drive daily and if somehow it chokes or gets infected, you can then “downgrade” to the CD-R/DVD-R.

Now all that said, there is such a thing as a forensic write blocker/controller. These devices mainly provide an interface between a SATA or IDE drive and a USB connection that will allow one to mount and access a SATA or IDE drive without risk of data being written to it. And as the term “forensics” implies, these devices are mainly intended for legal and/or law enforcement purposes to ensure that a device in a “chain of custody” cannot be tampered with.

So if a “bad guy” is arrested, law enforcement might take their laptop, remove the hard drive and connect it to a forensic write blocker/controller to gather evidence for whatever purpose they need in a way that assures the courts and others that the data was not tampered with.

That said, these forensic write blocker/controller devices are not cheap—they run around $200 to $300 (U.S. dollars)—and mainly have interfaces that are USB to SATA or IDE; not USB to USB. But wait! I was able to find this “ToughTech m3” enclosure that claims to have a “Unique WriteProtect read-only mode”:

It features a unique WriteProtect read-only mode that "locks down" your data and prevents someone from accidentally deleting or modifying it. This is a handy way to protect your drive when loaning it to a client or someone else to distribute files or data.

A quick search online shows that this enclosure can be had for less than $50 (U.S. dollars). And if it does what it claims—in the same manner a forensic write blocker/controller works—then this could be a good investment for someone like you. But I have no direct experience with this device so I cannot speak for it’s true ability to protect data from inadvertent/accidental/unauthorized write access.


Is there an effective method—that is OS independent—to prevent a USB flash drive from being written to ?

Yes, there are a few.

  • You can use a forensic USB write blocker such as this one:

enter image description here

From the product description:

The compact USB WriteBlocker connects to USB storage devices and protects their contents during an investigation. To use, simply connect the WriteBlocker to the suspect device.

The USB WriteBlocker connects to most USB storage devices: USB thumb drives, digital cameras, cell phones, or most anything with a USB connection.

  • Some USB flash drives have physical write-protection switches (Important: Many devices will have "logical" switches that can be bypassed by the software, read @JakeGould's excellent answer for more in-depth info):

enter image description here

  • Some IDE/SATA-to-USB adapters have write-disable locks:

enter image description here

Related

WPA vs. WPA2: Exception for one device?
Shortcut of 'adding an equation' in Word 2016 for laptop
PXE-E61: Media test failure, check cable and PXE-MOF: Exiting PXE ROM [duplicate]
bash.exe/ubuntu wsl in full screen mode windows10
Windows 7 using exactly HALF the installed memory
Server vs. Desktop
Bash Shell Tutorials [closed]
Ubuntu: Accidentally changed root user to nonexistent shell
How can I quickly access the Microsoft Word zoom setting on a Mac?
How do I add another user's inbox to my favorite list in Outlook 2010?
How to get Bash shell history range
How to secure my Windows 7 PC?