0

I am trying to distribute a software, a simple exe file, that can be executed directly from an USB drive. I would like to make that USB drive read only to avoid any malware infection and accidental deletion. Another requirements is to update this software using a trusted updater package in the field.

I understand I can use a hardware switched write protect USB drive, but then I am giving an option to the users to flip the switch when updating and I would like to avoid that.

So, is there a way where the USB drive is mounted readonly by default and if I need to write it, I need a password or an unlocking key or similar that can be achieved via a trusted script/package?

Anders
  • 64,406
  • 24
  • 178
  • 215
Manny
  • 1
  • 2

1 Answers1

2

Completely impossible with standard flash drives. It's possible that a custom flash drive could have a storage controller to support something like this, but they'd be the rare exception and not the rule.

Instead, sign your executable and enable signature verification (such as AppLocker on Windows) on the computers that will run it. Then, if malware infects your executable, it won't run.

Joseph Sible-Reinstate Monica
  • 7,110
  • 3
  • 21
  • 35
  • Thank you. Is it possible to have a time based unlock code for the usb drives? for example something like this - https://www.securedrive.com/product/secureusb-kp-encrypted-flash-drive – Manny Jul 05 '19 at 07:25
  • What do you mean by time-based? – Joseph Sible-Reinstate Monica Jul 05 '19 at 13:04
  • What I mean is - the PIN to unlock the drive is time based. Like RSA tokens or similar so that the unlock code (even if shared) wouldn't hurt – Manny Jul 05 '19 at 15:11
  • Also not possible with a standard flash drive. You'd need either custom hardware, or for the actual encryption key to be stored on a server on the Internet that does the time-based token checking. – Joseph Sible-Reinstate Monica Jul 05 '19 at 15:12