The way to protect against unauthorized copying of files to the root of a flash card for users of OS WINDOWS
I think that everyone faced the problem of evil "avtoranov." And there are many ways to solve it: open source software, scripts, “dancing with a tambourine”, etc. I want to propose a simple solution algorithm for OS Windows users, which does not require third-party interventions. To achieve the goal, we need several steps - or rather two.
Formatting the file system of the media in NTFS using the OS.
Now we create a folder (“working folder”) in the root and immediately set a name (it is impossible to change the folder name in the future), and all information will be stored in it. But in the root of the folder will be available only for reading. Now we differentiate the rights:
+ At the root of the flash card is not possible to create / delete files and folders. Consequently, the loophole for "autoruns" is closed.
+ In the "working folder" full access - what we want, then we turn back (place the emphasis yourself).
+ File system NFTS - for personal use at the time. (IMHO)
- It is not possible to use the “Send” menu item to copy information to our USB flash drive, since The root directory is closed for writing. It is necessary to copy to the "working folder".
- There is no possibility to rename the "working folder" - read-only in the root.
- The NTFS file system is not suitable for devices reading only FAT (music / video players, smart phones, photo cameras, etc.).
Step # 1 - preparation
Formatting the file system of the media in NTFS using the OS.
When selecting formatting options there is no NTFS
If there is no option for formatting the file system in NTFS, which is the case on Windows XP, then do the following:
- Go to the properties of a flash drive;
- Go to the tab "Equipment;"
- Choose our flash card and click the properties button;
- Go to the tab "Policy";
- Select the option to use the cache;
- Accept changes and format in NTFS;
- Then return back to the "Quick Delete."
Step number 2 - the delineation of rights
Now we create a folder (“working folder”) in the root and immediately set a name (it is impossible to change the folder name in the future), and all information will be stored in it. But in the root of the folder will be available only for reading. Now we differentiate the rights:
- We go in safety - we open properties of the USB stick, the Security tab;
If there is no such tab, then do the following- Go to the "Folder Options", which is in the "Control Panel";
- On the view tab in the "Advanced Options" list, we find the parameter containing the words "sharing" and "(recommended)";
- Remove the daw.
Now the tab has appeared - Click the "Advanced" button;
- In the window that opens, go to the "Owner" tab and click the "Edit" button;
For XP(in Windows XP there is no “Change Permissions” button, we act immediately there) - We put the checkbox "Replace the owner of subcontainers and objects";
- We choose ourselves and become the owner of the object;
- We close the dialog boxes on demand of the OS with the “OK” button and then again open “security” and “advanced”;
- We change permissions - to do this, go to security and on the “Permissions” tab, click the “Change Permissions” button to delete existing rights;For XP(in Windows XP there is no “Change Permissions” button, we act immediately there)
- Add the group “All” - press the buttons “Add”, “Advanced”, “Search”, select from the list the group “All”, “OK”, “OK”;
- In the window that opens, set permissions for the group “All”:
- “Use: For this folder, its subfolders and files”;
- Install the following daws in the "Permissions" field:
- Allow: “Full access”;
- Prohibit: "Change of Ownership", "Change of Permissions", "Delete", "Delete Subfolders and Files", "Write Additional Attributes", "Write Attributes", "Create Folders / Record Data", "Create Files / Write Data".
- We accept the changes, go to the previously created folder in the root of the flash card and perform almost the same operations;
- Change of ownership - in a familiar pattern;
- Remove existing rights by removing the checkbox “Add permissions inherited from parent objects” on the “Permissions” tab;
- In the dialog box that appears, select "Delete";
- Add the group “Everyone” (we already know how) and set the permission parameters:
- “Use: For this folder, its subfolders and files”;
- Set the checkbox Allow: "Full access".
- Again we add the group “Everyone” and set the permission parameters:
- “Use: Only for this folder”;
- Install the following checkboxes "Deny" in the "Permissions" field:
"Change of Ownership", "Change of Permissions", "Delete", "Write Additional Attributes", "Write Attributes"
pros
+ At the root of the flash card is not possible to create / delete files and folders. Consequently, the loophole for "autoruns" is closed.
+ In the "working folder" full access - what we want, then we turn back (place the emphasis yourself).
+ File system NFTS - for personal use at the time. (IMHO)
Minuses
- It is not possible to use the “Send” menu item to copy information to our USB flash drive, since The root directory is closed for writing. It is necessary to copy to the "working folder".
- There is no possibility to rename the "working folder" - read-only in the root.
- The NTFS file system is not suitable for devices reading only FAT (music / video players, smart phones, photo cameras, etc.).
Remarks
- This operation is best done on a "healthy car". And then you can create immortal-autorun;
- On Windows XP, when I tried to delete the “working folder”, it remained (as it should be), but everything inside was deleted;
- But on Window 7, all files remain when attempting to delete the “working folder”;
- Inside the "working folder" does not save from malicious programs that create an exe with the name of the folder when it is opened.
')
Source: https://habr.com/ru/post/183992/
All Articles