# How to protect file on USB from being copied?



## CasperChua80

Here I am again trying to reach out for help from the many computer savvy guys/gals on this board.
I have a scenario that I'm looking for solution.

How can I prevent file on USB flashdrive to being copy and paste either via right click or drag and drop copy to other device that is hookup to it like a PC or laptop? The file will be PDF, document file, JPG or some other image file, and some movie file etc? 

The scenario is the file will be needed to be just viewable to show people but they cannot copy any part of it out from it other than admin level that create/authorize full control of it.
Example is like a person on a field trip is bring some presentation stored on USB flashdrive and show it on field premise to showcase company stuff like brochure, powerpoint, concept drawing, sales figure etc but we do not allowed them to have those file on the USB drive to being able to copied off to client's PC or even their own home without authorization. Not even a phrase or JPG image from a particular document etc. Pretty much just view only mode. Print screen function might be hard to work around that but hopefully something that will able prevent it or come out blank is there anything like that out there?
Only manage to find how to write protect the drive but not in my intended scenario.

The internet search provides a lots of solution but it's on PC/laptop but not on USB flashdrive that I could find.

Thanks and appreciate any info/input from you guys/gals.


----------



## It01Firefox

Hi,

here are some options that you could look into:

Secure Flash Drives or
Copy Protection Software

Markus


----------



## LEDAdd1ct

The second link Markus posted looks really interesting, and they appear to offer a version you can download to test. I am curious about it as well. If you decide to try it, please share with us your experience.


----------



## Toohotruk

I use Folder-lock, and it seems like when I first got it it was well reviewed. I've used it for a few years now, and it has worked as promised. You can use it on USB drives, and I think on CDs and DVDs, as well as on your hard drive.

Edit: I re-read the OP a little more carefully...obviously my suggestion would not work in this scenario. I need to avoid posting so early while tired and still a little drunk.


----------



## Lynx_Arc

What you are asking for is not possible with a default operating system installation. Almost all operating systems I know of by default ALLOW copying of most if not all files and to prevent that a program must be run to change the operating system from that. Either you have to install a program to disallow copying from external media or you have to install a program by autorun from the media itself which I don't recommend for security reasons (viruses and malware etc). The alternative is to incorporate the data files into a program data such that they are no longer viewable without the program being run so copying them doesn't help at all.


----------



## Sub_Umbra

I think you don't have much of a chance of hanging on to anything you let an attacker *see.*

What if someone brings their own device and copies *the whole flash drive* to it so they may work on it later? Then he may just go home, boot a LiveCD, mount your thumb drive and have at any file or resource there. In this scenario you will have no control over even what OS the attacker arms himself with.

For the most part, if an attacker can 'see' a file 'in the clear' you probably can't stop him from taking it.

Also, because of the *Wear Leveling* technology built into virtually all flash memory devices safely encrypting or removing a file is more complex than it is with magnetic media.


----------



## Lynx_Arc

Sub_Umbra said:


> I think you don't have much of a chance of hanging on to anything you let an attacker *see.*


In windows there is this little key on the keyboard called Print Scrn that if you hit it once while nobody is looking it captures a screen shot to the clipboard and it can later be pasted into any picture editing program so a program would have to disable screen captures too.


----------



## HotWire

I've used USB thumb drives with content I created and believe me.... keep it in your pocket! Leave it in the computer, someone will swipe it. Also I found that thumb drives seem to fail and if you don't have backup.... you are dead in the water. I've created original content instructive CDs and loaned them to people to use. I found out later they had been copied! Grrr..... I've created lots of instructional media and... people who copy don't get use use my stuff any more! I don't know about any way to view it but not copy it.


----------



## Lynx_Arc

HotWire said:


> I've used USB thumb drives with content I created and believe me.... keep it in your pocket! Leave it in the computer, someone will swipe it. Also I found that thumb drives seem to fail and if you don't have backup.... you are dead in the water. I've created original content instructive CDs and loaned them to people to use. I found out later they had been copied! Grrr..... I've created lots of instructional media and... people who copy don't get use use my stuff any more! I don't know about any way to view it but not copy it.


About the only way to limit copying is to show it to them on your machine only because there are programs you can download for free to copy nearly anything on a computer, be it files or media if you can see or hear it then copying it is possible even if you have to get out a digital camera and take a picture of your monitor screen and then download it into a computer it is copied.


----------



## EZO

While it may be difficult to ultimately prevent the copying of your files from a USB flash drive or someone taking a screen shot you can limit access to and functionality of various files by relying on PDFs. Using Adobe Acrobat X Pro you can create and share highly secure files that can only be opened and viewed by designated individuals or a group of designated individuals. Acrobat software provides an entire enhanced security suite that includes several methods of 128 bit private key encryption via certificate or via encrypted password, trusted identities, security envelopes, various signature methods and more. You can designate specific settings for each file, including attachments or these security methods can be applied to a whole portfolio or folder. For example, you can allow a file to be viewed but you can prevent the file from being edited or printed and you can prevent users from selecting, copying or pasting text, images or other content. If you do allow printing, you can restrict print resolutions. You can manage trusted identities and require signed and verified signatures. There are numerous other security, editing and notational functionalities available in Acrobat. The software is designed around the idea of securely distributing and editing simple or complex PDF files among or within workgroups. For example, an attorney and financial professional I work with sends me certain documents in this PDF form via email that only I or colleagues in his office can open. 

Using this method, even if you should lose your USB drive, only the individuals you specifically grant access to can open specific files and work with them in ways that only you designate and you can do so on a granular level.


----------



## Sub_Umbra

EZO said:


> While it may be difficult to ultimately prevent the copying of your files from a USB flash drive or someone taking a screen shot you can limit access to and functionality of various files by relying on PDFs. Using Adobe Acrobat X Pro you can create and share highly secure files that can only be opened and viewed by designated individuals or a group of designated individuals. Acrobat software provides an entire security suite that includes several methods of 128 bit private key encryption via certificate or via encrypted password, trusted identities, security envelopes, various signature methods and more. You can designate specific settings for each file or these security methods can be applied to a whole portfolio or folder. For example, you can allow a file to be viewed but you can prevent the file from being edited or printed and you can prevent users from selecting, copying or pasting text, images or other content. If you do allow printing, you can restrict print resolutions. You can manage trusted identities and require signed and verified signatures. There are numerous other security, editing and notational functionalities available in Acrobat. The software is designed around the idea of securely distributing and editing files among or within workgroups. For example, an attorney and financial professional I work with sends me certain documents in this PDF form via email that only I or his colleagues can open.
> 
> Using this method, even if you lose your USB drive, only the individuals you specifically grant access to can open specific files and work with them in ways only you designate and you can do so on a granular level.


That's what Adobe says, too. I don't believe *them.* Adobe has hundreds and *hundreds* of thousands of lines of code supported out there, (if not millions.) It's important to remember that Adobe has always claimed that their products are secure. That's what everybody says. In truth all new software must be considered insecure until it's been hammered on for a while. Adobe's product line is changing all the time. they are always rolling out product and policy changes. Often times they must roll back claims and even *initial setting defaults* because later they would be found unsafe.


Adobe products usually install with many threats *enabled by default.* Adobe has convinced many that they need something *as dangerous as javascript* in their documents and that it is worth all the threats they open up to themselves by using it. 

By adding Java and Flash to Acrobat they enabled cross platform venue possibilities for any *malware,* known or unknown. This is a serious business. Adobe has tons of legacy code out there that has been hammered on by malware writers for years and years and years. In today's environment we never even find out about what malware is out there until the crooks/spooks make a mistake and it's detected. Unknown exploits are valuable and are kept close to the vest.

Unfortunately, the inclusion of these languages has greatly increased Acrobat's *attack surface area.* It used to be that Microsoft had the most code exploits, but If I'm understanding *Steve Gibson* Adobe actually had *more code exploits than Microsoft* did last year...

IMO, Acrobat probably violates three or four sound security practices: 

----Any new complexity in any software *always* poses unknown security threats until it's been seriously hammered on.

----Any new code *at all* poses the same problem.

----Bringing out new code that contains boucoups legacy code is also a threat.

In contrast the most *secure* solutions often involve a combination of:

----Finding the simplest program that will do the job.

----Finding the oldest program that will do the job.

----Choosing an *Open Source* solution will enable the company to hire someone to look at the code for you.

In conclusion, whenever one buys a software _'solution'_ that is the newest, biggest, most versatile proprietary software out there one is setting oneself up for the problems listed. You won't be able to hire anyone to audit or fix the code. Once you fork over your money you'll still have to take the company at it's word for everything they tell you. YMMV


----------



## EZO

Sub_Umbra said:


> That's what Adobe says, too. I don't believe *them.* Adobe has hundreds and *hundreds* of thousands of lines of code supported out there, (if not millions.) It's important to remember that Adobe has always claimed that their products are secure. That's what everybody says. In truth all new software must be considered insecure until it's been hammered on for a while. Adobe's product line is changing all the time. they are always rolling out product and policy changes. Often times they must roll back claims and even *initial setting defaults* because later they would be found unsafe.
> 
> 
> Adobe products usually install with many threats *enabled by default.* Adobe has convinced many that they need something as dangerous as javascript and that it is worth all the threats they open up to themselves by using it.
> 
> By adding Java and Flash to Acrobat they enabled cross platform venue possibilities for any *malware,* known or unknown. This is a serious business. Adobe has tons of legacy code out there that has been hammered on by malware writers for years and years and years. In today's environment we never even find out about what malware is out there until they crooks/spooks make a mistake.
> 
> Unfortunately, the inclusion of these languages has greatly increased Acrobat's *attack surface area.* It used to be that Microsoft had the most code exploits, but If I'm understanding *Steve Gibson* Adobe actually had more code exploits last year...
> 
> IMO, Acrobat probably violates three or four sound security practices:
> 
> ----Any new complexity in any software *always* poses unknown security threats until it's been seriously hammered on.
> 
> ----Any new code *at all* poses the same problem.
> 
> ----Bringing out new code that contains boucoups legacy code is also a threat.
> 
> In contrast the most *secure* solutions often involve a combination of:
> 
> ----Finding the simplest program that will do the job.
> 
> ----Finding the oldest program that will do the job.
> 
> ----Choosing an *Open Source* solution will enable the company to hire someone to look at the code for you.
> 
> In conclusion, whenever one buys a software _'solution'_ that is the newest, biggest, most versatile proprietary software out there one is setting oneself up for the problems listed. You won't be able to hire anyone to audit or fix the code. Once you fork over your money you'll still have to take the company at it's word for everything they tell you. YMMV




While I would agree with some of what you say about Adobe software in your reply, it is clear (or at least likely) that you have zero personal experience using with this software and I would respectfully submit that you would not be able to open these encrypted files.


----------



## Sub_Umbra

The issue is not about whether or not I may open the encrypted file. *Threat assessment* should be part of any security plan. If the OP only had to defeat me as an attacker *he'd have it made.* That is not the world the OP lives in.

Instead, he lives in a world of *script kiddies* who have never written a line of code in their lives. They don't have to *understand* how the script works to use it. They mostly attack Windows *mono-cultures* where the same lines of code produce the same exploits across nearly every MS OS since win98. It is not unlike *the bic pen trick* a few years ago that worked on some models of Kryptonite locks. All it takes is five minutes of practice and an idiot could break into any of those model locks -- of which there were millions. Many are still vulnerable.

There are *so many exploits* to choose from that script kiddies just study a few and then start hitting machines. You don't really have to know much.

I've listened to all seven years of Steve Gibson's Security Now podcasts, and it is amazing how much time Adobe spends fixing problems they always claimed didn't exist. Below is a link to a google search of all of Gibson's Security Now podcast transcripts for the word *acrobat.* The results would seem to be popping up in the security discussion throughout most the podcast's seven year run

http://preview.tinyurl.com/6mrzm4u

Lots and lots of security patches spreading from well into the past on into the future. Actually Adobe's patch frequency is increasing. As I said earlier many Adobe products are now *cross platform vectors* for malware and as such it is attacked more than Windows itself.


----------



## blasterman

> That's what Adobe says, too. I don't believe *them.*



To sum up what EZO said politely.....'so what'?

Unless you're dealing with some pretty sophisticated NSA certified encryption any data file on a thumbdrive is going to be accesible if somebody wants it bad enough. If you can read it, and view it, the entire point of keeping it protected is pointless. You then need the cooperation of the reading software to prevent you from copying it or doing what you want with it. The format of the file is irrelevant because it's just passive data. Data doesn't attack computers. Microsoft's DOCX format is full of all kinds of problems, but it requires an executable on the local OS to open the file and do the damage, typically .DLL shenanigans.

Again, if you can translate and decrypt the source file it's up to the actual application it's opened with to prevent the information from being copied and passed around via API restrictions. Or, the underlying OS or hardware is also cooperating, as is the case with DRM. I'm sure the Adobe encryption algorithms have already been cracked by some motivated student at MIT trying to impress his dorm-mates, and likely by Chinese industrialists 5-minutes after it was sold on the market. However, the Adobe software is designed to discourage pedestrian copying and manipulation of PDF files, not provide a data exchange format for the CIA.

I agree with Sum Umbra about Acrobat and it's related suite being a big pain in the neck from a security standapoint. Trying to support Acrobat on Citrix or Terminal Server type environment is rapidly devolving into a big headache because of the constant patching and the PDF format turning into just another portable web page format that does everything HTML does (JAVA, etc) while claiming it's different. If you try to sandbox Acrobat so that it can't stick it's fingers in some place it shouldn't it frequently breaks forcing an Admin to run around and kill Acrobat executables all over the place. Also, while Adobe products are an increasing security headache because of the reasons above I've yet to see any security notice go out rating the potential problems as needing immediate attention. I'm far more concerned about Cisco firmware exploits and virtualization cracks than application layer problems that can be locked down with common sense.

Last, and with all due respect, Steve Gibson (and his site) is the most lampooned tech guy in the universe.


----------



## EZO

While I would agree with much of what blasterman and Sub-Umbra have posted, especially about Adobe, the fact is that the kind of attacks and breaches you are speculating about are highly unlikely when considering the OP's needs and requirements. I mentioned this thread to a good friend of mine who is head of IT and chief security officer at a major hospital in charge of enforcing the HIPA requirements among many other duties involving all systems and hospital controlled mobile devices. While he acknowledges and bemoans what a security morass has evolved with computers systems over his career and it is a 24/7 battle but he finds discussions like this silly. He calls it "Chat room bravado". (He also made a less kind remark, I won't repeat here.) Obviously, anyone dedicated enough can break into almost anything, even "script kiddies", but one needs to consider the particular scenario. The OP simply asked for a method to prevent copying and pasting of media presentations from a USB drive. Nowhere, does he mention the need to protect against corporate espionage, dedicated attacks or even casual algorithm cracking. In all likelihood a properly set up security envelope using the latest version of Acrobat would be more than enough to meet the OP's needs here because it does basically what he asks. To quote from blasterman's post. "Adobe software is designed to discourage pedestrian copying and manipulation of PDF files, not provide a data exchange format for the CIA."


----------



## cdrake261

bit locker?


----------



## eh4

KeePass is a nice little password manager that is also cross platform.

Maybe a password manager and some Cloud service would satisfy some of the requirements, open a Google Drive account with limited permissions? -allowing viewing but no modifications or copying?


----------



## 27ragbag

I think the thread has gotten a little off the primary subject. I don't believe the original post was about encryption, you know...scrambling data so a password must be entered to decrypt the file. What the user wants is a way to share the document (on a flash drive) without the User being able to save the file. Clearly encryption is involved, but also copy protection where the ability to Save or Save As is eliminated. And also the ability to Print is eliminated. I've seen many solutions where the term "copy protection" is used, but the truth is the files are only encrypted. Once the password is entered, the User can do anything they want with the file. Again, I don't think THAT was the original intent of the poster. I have only found two solutions. Nexcopy.com for Copy Secure drives and Trus Cont.com and their TSFD drive. The TSFD does require the User to install a piece of software on the computer - thus a User must have Admin rights. The Nexcopy solution does not require installation (so no Admin rights) and runs right from the flash drive. Both put the data in a write protected partition so the info cannot be deleted or formatted off the drive. Both restrict the Print Screen function as well. Nexcopy solution supports the Mac computer but don't know if that is a concern or not for the poster. The newsoftwares.net listed above is only encryption...and for encryption only just use truecrypt.org - it's free.


----------



## kaichu dento

27ragbag said:


> I think the thread has gotten a little off the primary subject. I don't believe the original post was about encryption, you know...scrambling data so a password must be entered to decrypt the file.
> 
> What the user wants is a way to share the document (on a flash drive) without the User being able to save the file. Clearly encryption is involved, but also copy protection where the ability to Save or Save As is eliminated. And also the ability to Print is eliminated.
> 
> I've seen many solutions where the term "copy protection" is used, but the truth is the files are only encrypted. Once the password is entered, the User can do anything they want with the file. Again, I don't think THAT was the original intent of the poster. I have only found two solutions. Nexcopy.com for Copy Secure drives and Trus Cont.com and their TSFD drive.
> 
> The TSFD does require the User to install a piece of software on the computer - thus a User must have Admin rights. The Nexcopy solution does not require installation (so no Admin rights) and runs right from the flash drive. Both put the data in a write protected partition so the info cannot be deleted or formatted off the drive. Both restrict the Print Screen function as well. Nexcopy solution supports the Mac computer but don't know if that is a concern or not for the poster. The newsoftwares.net listed above is only encryption...and for encryption only just use truecrypt.org - it's free.


It's been a long time since the OP was here, but this may be of help to some of the rest of us.


----------



## fisk-king

Truecrypt is a *very* good solution to the original post. I use it for my most important doc., drives, etc.


----------



## 127.0.0.1

+1 truecrypt ^^^

once you start using it with --huge- passwords anyone can copy your file but *no
one is going to be able to decrypt it*. use a huge password like
'the rain in spain falls mainly on the plain' along with some special characters mixed in


----------



## Kith

OP - you are sunk as soon as you allow a third party to plug it in to their computer.

It doesn't matter what level encryption this or that you use.

As soon as the file is open on the computer in question, a clear text (non-encrypted) version can be saved right out of RAM.

I run a custom piece of software that automatically backs up anything my computer opens out of RAM and onto the cloud. 

What you are asking to do is not possible.

The only way you could keep what you want to keep from their hands is to bring your own machine to demo on it - if you plugged that flash drive into my machine i'd have a full copy of the document backed up off-site in cloud storage before we were past page 1 of the demo.


----------



## buds224

I just received information about this that might be interesting. I haven't seen any reviews yet, but the claims may match the OP's requirements.

http://www.mediasupply.com/usbcopyprotection.html


***UPDATE: Never mind, looks like it's not useable storage space.....you send them the files, they do all the encryption and you're stuck with the configuration of data. Not very viable after all.


----------



## gadget_lover

It's almost impossible to keep information secret. In 1977 I was able to see a bootleg copy of "Starwars" made by a guy with a video camera in a theater. We have much better tech now. An HD camera capable of recording the whole spiel in a pocket ballpoint pen, for instance. 

Dan


----------



## 27ragbag

buds224 said:


> I just received information about this that might be interesting. I haven't seen any reviews yet, but the claims may match the OP's requirements.
> 
> http://www.mediasupply.com/usbcopyprotection.html
> 
> 
> ***UPDATE: Never mind, looks like it's not useable storage space.....you send them the files, they do all the encryption and you're stuck with the configuration of data. Not very viable after all.



Clicking on the link shows they are using the Nexcopy solution mentioned above. They just do the data loading for you, but Nexcopy has a wizard so you can re-do the drives yourself.


----------



## robinson18

Some people like to use password to protect their PDF files from being modified or copied without authorizing. A PDF file with the modify password cannot be copied and edited unless you have the password.

However, with PDF Password Remover, you can remove the copy and edit restrictions from secured PDF files as you like even you do not know the password.


----------



## Spazhead

Sorry to say, but if you let people read the file, then any content inside can be copied by simply doing screen captures. or using your phone camera to take a picture or video of the screen displaying the info.






CasperChua80 said:


> Here I am again trying to reach out for help from the many computer savvy guys/gals on this board.
> I have a scenario that I'm looking for solution.
> 
> How can I prevent file on USB flashdrive to being copy and paste either via right click or drag and drop copy to other device that is hookup to it like a PC or laptop? The file will be PDF, document file, JPG or some other image file, and some movie file etc?
> 
> The scenario is the file will be needed to be just viewable to show people but they cannot copy any part of it out from it other than admin level that create/authorize full control of it.
> Example is like a person on a field trip is bring some presentation stored on USB flashdrive and show it on field premise to showcase company stuff like brochure, powerpoint, concept drawing, sales figure etc but we do not allowed them to have those file on the USB drive to being able to copied off to client's PC or even their own home without authorization. Not even a phrase or JPG image from a particular document etc. Pretty much just view only mode. Print screen function might be hard to work around that but hopefully something that will able prevent it or come out blank is there anything like that out there?
> Only manage to find how to write protect the drive but not in my intended scenario.
> 
> The internet search provides a lots of solution but it's on PC/laptop but not on USB flashdrive that I could find.
> 
> Thanks and appreciate any info/input from you guys/gals.


----------



## NonSenCe

nothing useful to add.. but i once was thinking about how to prevent someone taking a picture of the screen be it picture, text, drawing or video.. (this was before real modern technology got so good at recording good quality video) that a program should be made to pull the information apart into tiny fragments and then randomly blink each of the partitions quickly.. (random separate pixels basically) the person looking at it would see it fine (the rate how fast our eyes and brain decifers what it sees, is pretty set) but if one would take a "print screen" or take picture of it result would be just random pixels, not the whole image.


----------

