How to Make Your Usb Drive Virus Resistant - Part 2
Step By Step
First: Convert your USB drive to NTFS file system.
Second: Create a DATA folder in the root directory.
Third: Create a Shortcut of the DATA folder and save it also in the root directory.
Fourth: Create inside the DATA folder an empty file and rename it as "DATA.EXE"
Fifth: Change the security setting in the ownership tab of your USB drive of the root folder. Assigned it to one of the reserve admin account of your computer.
Sixth: Set "Everyone" access right to your USB drive of the root folder.
Seventh: Uncheck the "full control, modify, write" in the security tab of the root folder.
Eight: Set the explicit access right to the DATA folder. You check the "modify" access privilege in security tab of the DATA folder.
Ninth: Set the explicit access right to the DATA.EXE file which is inside your DATA folder. You check the "DENY" check boxes in the full control tab of the security setting.
Formatting using the compmgmt.msc
Step 1: Convert your USB drive to NTFS file system.
There are several ways in converting your USB drive from FAT32 to NTFS file system.
My favorite method is to use the CMD prompt. In the command prompt, you have to set focus first in the drive letter of your pen drive. In my computer it is normally set as drive G:. But most computer the pen drive is drive F: or drive E:
Look at the following sequence of commands:
G:\>CONVERT G: /FS:NTFS /X
The other method is to use the Computer Management. Press the windows start button and type "COMPMGMT.MSC", (do not type the quotation mark) and press Enter.
Right click the drive and format the drive using the NTFS file system. But the problem of this method is that you have to erase all your files. Unlike in the "CONVERT" command, you don't need to erase the contents of your pen drive. However, for precaution please back up first the content before proceeding to convert. There are brands of USB drive that cannot be converted to NTFS. If the pen drive is not capable of NTFS conversion it is not safe to use such a usb drive. You have to buy a good brand of USB drive, something that it can be converted to NTFS.
Step 2: Why Create a DATA folder in the root directory?
The DATA folder in the root directory is the save area of your USB drive. When the virus resistant feature of your USB drive is activated you can not save anymore in the root folder. Whatever file or folder located in the root directory is read only.
This virus resistant feature of the USB drive is also useful if you want to write protect your favorite file. Let us say your installers or favorite pictures or videos that you want it permanent in your USB drive. You can create a folder in the root directory and do not set the security setting to "Allow modify" or "Allow Write" in the security tab of the NTFS file system.
DATA and the DATA - shortcut
Step 3: Why create a DATA.LNK in the root folder of your USB drive?
The DATA.LNK is a shortcut file of the DATA folder. This is necessary because the DATA folder is not read only, since it is not immune to virus attack. Some virus can hide the DATA folder, and once it was hidden you can not see it in your windows explorer if the hidden files is not shown in the option.
It is very simple to create a DATA.LNK shortcut file in the root folder of your USB drive. You click on the DATA folder and right click in the vacant area of the root directory and paste shortcut. Now, you rename it, because the new name of the shortcut is "DATA - shortcut.lnk". But, it does not matter whether you rename it or not. Both will work perfectly.
DATA.EXE is a fake virus
Step 4: Creating a fake virus in your DATA folder.
DATA.EXE is a necessary file to be created inside your DATA folder. Why? Because the DATA folder is a modifiable folder and it can be erased, attacked, altered and it can be made hidden by a virus.
The DATA.EXE is a fake virus you will implant inside the DATA folder so that it will protect the folder. How?
Here is the trick. A folder cannot be renamed or erased, or moved if it contains a file or files which is protected. We shall protect the DATA.EXE so that it can not be attacked by any virus.
Here is the simple way to create the DATA.EXE by using the command prompt. Let us assume that the usb drive letter is "F:". First change the directory to F:\DATA\> by entering the following command in the CMD prompt. "F:" then press enter; then type "CD DATA" then press enter. (Donot type the quotation " " character)
Then type the following:
COPY CON DATA.EXE
Press CTRL- Z then press ENTER
Step 5: Set Security Ownership of your USB Drive.
In the NTFS file system, the default file owner is the "SYSTEM". This is vulnerable to virus because viruses simply manipulate the security setting if it can have the "full control access right" to the root directory. Therefore, it is necessary that you change the security ownership of the root directory of your USB drive.
Study carefully the security ownership setting of my USB DRIVE. You can access the menu by right clicking the drive letter and click the Properties tab, Security, and so on.
How to change the Ownership in the Security Tab
Setting the Root Folder to Read Only Is the Sure Way to Block the Viruses
Step 6 & 7: How to set the "Everyone" access right to your USB drive?
In the FAT32 file system the "Everyone" Access right is in principle is set to "Allow Full Control". That is the very reason why in the FAT32 file system you can never make the removable drive virus resistant.
In the NTFS file system the "Everyone" Access right can by manipulated so that you can remove the "Allow Full Control" access right in the root folder.
In the root folder of your removable drive, you have to disable (unchecked) the "Allow Full Control" access right in the security tab. However, make sure that you still "allow the read", so that you can always use your pen drive, in any computer.
If a virus attempts to alter the security setting, it cannot do it because you already changed the root folder security ownership setting. You don't have to worry at all if you set the access right to everyone. The sole purpose of this is to make your USB drive accessible to any computer.
Step 8: How to make the DATA folder writable?
In step 6 and 7 we set the access right in the root folder to read only. By principle of inheritance, the security settings of the files and folders shall be identical also to read only. So, the problem is you cannot save any file to your USB drive.
Our intention is to make at least one folder writable. In our example we shall make the DATA folder modifiable and writable so that you can save your files inside that folder and you can even make other folders inside it. All files and folders that are outside the DATA folder, hence, they are in the root folder are not erasable and cannot be altered and cannot be deleted and cannot be appended. They virtually are permanent and virus proofed.
The only vulnerable folder to virus attack is the DATA folder. Don't worry though, we shall make some trick in step 9 to protect the DATA folder.
Right click the DATA folder, click the Properties, Security, And then click the check box under allow tab "Modify". This method will allow the DATA folder to save files.
DATA folder is set to allow modification
ONCE YOU DENIED THE ACCESS RIGHT TO DATA.EXE no virus can attack it
Step 9: Making the fake virus impregnable
We realized that we cannot in any way set the access right of the DATA folder to read only because we need to save files in it. But upon my careful observation on virus behaviors I realized that they cannot erase a folder if there is a file inside that folder which is impregnable. So we need to set the security setting of the fake virus file we have created in step 4.
The reason why the name of the fake virus is DATA.EXE is because most viruses will replicate the name of the folder they will attack and they will put the exe extension name in it. For the reason that there is already an existing name of that sort in the directory, the virus will attempt to erase such a file and will create its own with that exact name which is DATA.EXE.
But once we make it unreadable, the virus can do nothing to attack our folder, the DATA folder.
The trick is very simple. We will just set the security setting "Deny Full Control" in the security setting of the DATA.EXE. See the picture beside this text.