Real World Computing

Until that idea catches on, we'll have to make do with software methods of securing against data being stolen via a USB key - and you may be amazed to learn that there is in fact a solution to this problem built into Windows Vista! However, that's the only good news. The bad news starts when you try to implement it, as you'll see over the page. For those of us who haven't yet made the leap to Vista, there are some even less friendly options within XP. You can use the Registry tweaks I describe above with all the accompanying caveats, or else you can dive into some aftermarket USB-control software. You'll find there's a vast range of positively dizzying scope that stretches from corporation-wide, overarching device-control software such as Desktop Authority from ScriptLogic right down to dozens of little desktop utilities mostly written by tiny one- and two-man software teams. See www.scriptlogic.com for details of Desktop Authority, or look at the DeviceWall from Centennial Software at www.pcpro.co.uk/links/161networks1 or GFI's EndPointSecurity at www.pcpro.co.uk/links/161networks2 for the corporate-strength varieties.

Call me conservative and old-fashioned, but I don't feel very happy with the small, unknown USB-securing utilities. It's all very well having an open and anonymous software-delivery platform via the web, but the whole reason you're looking to buy such utilities in the first place is to improve your data security, so you need to know something definite about the integrity of the vendors. Believing you've shut the USB door, only to discover the utility you downloaded to achieve that is stuffed full of trojans or callback routines would be more than somewhat irritating...

Another sin I've caught USB monitor software committing is inserting itself into some inappropriate and unhelpful part of the operating system. Instead of recognising the set of USB peripherals that can be picked up and moved and watching those alone, the utility chooses to watch all file copies and data accesses, and then establishes whether their destination is allowed or not using a banned list. This means that every time you copy a file, the utility wastes huge amounts of time trawling its "no" list before deciding your copy target isn't on it. Testing a utility for this annoying habit is pretty simple, if somewhat destructive of machine configurations. When you first install the utility, just run some medium-to-large copies, and if they're noticeably slower (although not as bad as using Vista!) you can bin that utility and you've at least cleared one of the hurdles in implementing XP data protection. One can only despair at the incompetence of programmers who resort to this kind of performance-sapping algorithm for want of a little bit of lateral thinking about inclusive versus exclusive Boolean logic.

Space prohibits me from listing all the 20 to 40 utilities I've picked up with a few rapid Google searches, all addressed to this simple field that's full of complex pitfalls. The question you should be asking yourself is what nefarious uses could your company's data be put to, given that a USB key might be on sale on a market stall in the Third World less than 24 hours after leaving your network? This is the grim reality, and it has far-reaching consequences not just for how you patch and secure your portfolio of PCs, but also how you recruit your staff, subcontractors, outsourcers and even your cleaners - an awful lot of work just for a little thing that can fit onto your key ring.

Continued....