Thumb Drives, New Tools For Hackers.

Hackers always are on the lookout for the most vulnerable spot on your personal computers. These days, that weakest link might be your flash thumb drive.

Thumb drives -- which can fit gigabytes of documents, music and video on a stick about the size of a pack of gum -- are a convenient way to shuffle files among different computers. They plug into your computer's universal serial bus port and appear as a hard drive on your PC.

Their growing popularity, huge storage capacity and ability to load a computer's essential system files makes them an inviting target for hackers, too.

ThreatSense.Net, the malware monitoring site run by antivirus software maker Eset, found that 10.3% of recent malware detections involved programs trying to take advantage of thumb drives and other removable media.

Hackers aren't the only danger. Thumb drives' biggest convenience -- their small size -- makes them easy to lose.

A recent survey by Centennial Software found that 66% of consumers misplaced their thumb drives -- and that 60% of those devices had business information on them.

Fortunately, you can protect yourself by following a few basic guidelines:

Be aware of the risks

Most people associate viruses and other malware with e-mail and shadowy Web sites.

But some of the earliest computer threats came from removable media -- think floppy disks -- not the Internet.

As e-mail became a faster way to spread malicious code, the problems with removable media took a back seat.

No longer. Removable media are still not only a threat, but more powerful than before.

"Users now have to go back to the future" to understand the how removable media can threaten their system, said Randy Abrams, director of technical education at Eset.

Today's thumb drives hold 1,400 times more data that yesterday's floppy disks. They're powerful enough to launch an operating system or copy a user's entire database.

Disable Windows' AutoPlay

Most personal computers are configured to automatically launch certain programs when users insert a CD or plug in their thumb drive. While this feature can make some tasks easier -- such as listening to CDs or viewing photos -- it also provides open access to any malicious code on your thumb drive.

"Without taking any type of preventative actions, users in effect have a free-for-all, where outsiders can access all of the information accessible by their USB drives," said Andrew Kellett, senior research analyst at market research firm Butler Group.

Windows does allow users to block certain types of files from launching automatically. But fully blocking AutoPlay is harder.

The easiest way to completely disable this feature is to download a small program called Tweak UI. Though not officially supported by Microsoft, Tweak UI was written by Microsoft employees as part of a set of helpful mini-applications called "PowerToys."

After downloading and installing Tweak UI, click the plus sign next to the My Computer settings to reveal the AutoPlay options.

You can disable AutoPlay on specific drives, types of drives and types of applications.

For the best protection, select "types" and un-check "Enable AutoPlay" for CDs, DVDs and removable drives.

Use security software

To be extra safe, security software can disable a computer's USB port altogether. Some businesses may prefer this approach, because it makes transferring sensitive information harder.

A less drastic approach is to configure security software to read all information as it passes from an open USB port to the main system, intercepting malicious code before it is copied to the main system.

Most antivirus software will stop thumb-drive borne threats. Some products, such as McAfee's Virus-Scan USB, reside on the thumb drive itself to keep the device free of malicious software.

Watch what you store

Sometimes, thumb drives are a little too convenient.

Transferring sensitive business information -- product receipts, customer data and company business plans -- is as easy as storing baby pictures and other innocuous files. That opens the door to violating customer privacy laws designed to protect health, credit card and Social Security records.

In 2005, a worker at Wilcox Memorial Hospital in Lihue, Hawaii, lost a flash drive containing the personal information of 120,000 patients, including names, addresses, Social Security numbers and medical histories.

To ensure workers aren't taking sensitive information out of the office, businesses can track thumb drive usage with one of several security applications.

Lumension Security's Sanctuary Device Control logs the use of these devices and integrates the information with security packages such as firewalls. Centennial's DeviceWall tracks connections and transfers to and from thumb drives.

A surefire way to avoid data leaks: Never store sensitive information on thumb drives.

Encrypt your files

If you must use thumb drives to store sensitive information, use data-encryption software to hide your data from prying eyes.

Encryption software works by scrambling the data in a way that almost impossible to decode without a software "key" to decode it. So if you lose the thumb drive, the files on it will remain safe.

Many thumb drives come with encryption software built in, allowing users to store private files in an encrypted folder on the drive.

Kanguru Solutions, Kingston Technology, and Lexar Media sell drives with encryption features. Sony (NYSE:SNE - News) has taken the idea one step further with its MicroVault USB sticks. The sticks feature fingerprint readers, so only authorized users can access sensitive data.

Encryption software has a couple of downsides.

First, the software often is Windows-only, making it impossible to transfer encrypted information between PCs and Macs. In some cases that defeats the purpose of having a thumb drive.

Second, the data are scrambled so well that if you forget your password, the files are probably gone for good. So make sure you have an unencrypted copy on a secure system.

Source: Yahoo