USB filter driver

OSR_Community_User · July 15, 2010, 7:03am

Hi,

We would like to control which are all the application can read/write from/to a usb storage media. Could this be achieved with the help of a USB Filter driver (So that no other process can write data to the USB storage)?

Thanks,
Lloyd

Scanned and protected by Email scanner

Chris_Aseltine · July 15, 2010, 10:01am

Lloyd wrote:

We would like to control which are all the application can
read/write from/to a usb storage media. Could this be
achieved with the help of a USB Filter driver (So that no
other process can write data to the USB storage)?

No, it couldn’t. Because if I have physical access to the machine such that I can plug in a USB drive, I can just boot from my own media, modify the OS such that I become an Administrator, and then remove your filter.

OSR_Community_User · July 16, 2010, 2:49am

Thanks for your valuable comment. Is it possible when the user has no
physical access? (At least on a full time running system, can this be
achieved?)

Thanks a lot,
Lloyd

No, it couldn’t. Because if I have physical access to the machine such
that I can plug in a USB drive, I can just boot from my own media, modify
the OS such that I become an Administrator, and then remove your filter.

Scanned and protected by Email scanner

OSR_Community_User · July 16, 2010, 9:30am

Lloyd wrote:

We would like to control which are all the application can read/write
from/to a usb storage media. Could this be achieved with the help of a
USB Filter driver (So that no other process can write data to the USB
storage)?

What I find a bit aggravating with this type of requests is:

OS designers do their best to make the OS compatible to connect to and
read any storage devices in a way to make it convenient and usable.
Some weird people then want to lock out people or applications using
ineffective mechanisms that are but dangerous for the rest of the OS.

Well, if someone should not access the device, how then about
implementing this in the device?

Then it might also work independent from the used OS.

Why do you have a device present itself as a Mass-Storage-Device in the
first place if then you want to lock out applications using
Mass-Storage-Devices?

Chris_Aseltine · July 16, 2010, 11:07am

Lloyd wrote:

Thanks for your valuable comment.

You’re welcome.

Is it possible when the user has no physical access? (At
least on a full time running system, can this be achieved?)

Sure, then you’re fine. Because if they have no physical access to the machine, they won’t be plugging in their USB anything, will they?

OSR_Community_User · July 19, 2010, 2:02am

----- Original Message -----
From:
To: “Windows System Software Devs Interest List”
Sent: Friday, July 16, 2010 8:38 PM
Subject: RE:[ntdev] USB filter driver

>> Is it possible when the user has no physical access? (At
>> least on a full time running system, can this be achieved?)
>
> Sure, then you’re fine. Because if they have no physical access to the
> machine, they won’t be plugging in their USB anything, will they?
>

What “I mean” by physical access is, the user cannot open the “box”. I
believe through BIOS configuration we can configure the boot priority, so as
to prevent user form booting from other media (BIOS access can be password
protected). Please forgive me, if this is a “foolishnes”.

I am thinking of this kind of a solution, in order to prevent data theft
through removable storge media. In our case the use of USB storage media
cannot be fully prevented. So the “Authenticated” (or after authentication)
users must have permission to copy the file.

Thanks,
Lloyd

______________________________________
Scanned and protected by Email scanner

OSR_Community_User · July 19, 2010, 2:12am

What I understood from your post is -

When we connect a camera through USB, it will be displayed as a camera than
a USB mass storage device. “Like this” all mass storage devices has to be
treated, right?

I am a noobie, please dont kick me out. Just thought of getting suggestions
from the experienced users.

Thanks a lot,
Lloyd

----- Original Message -----
From: “Hagen Patzke”
Newsgroups: ntdev
To: “Windows System Software Devs Interest List”
Sent: Friday, July 16, 2010 7:00 PM
Subject: Re:[ntdev] USB filter driver

> Lloyd wrote:
>> We would like to control which are all the application can read/write
>> from/to a usb storage media. Could this be achieved with the help of a
>> USB Filter driver (So that no other process can write data to the USB
>> storage)?
>
> What I find a bit aggravating with this type of requests is:
>
> - OS designers do their best to make the OS compatible to connect to and
> read any storage devices in a way to make it convenient and usable.
>
> - Some weird people then want to lock out people or applications using
> ineffective mechanisms that are but dangerous for the rest of the OS.
>
>
> Well, if someone should not access the device, how then about
> implementing this in the device?
>
> Then it might also work independent from the used OS.
>
> Why do you have a device present itself as a Mass-Storage-Device in the
> first place if then you want to lock out applications using
> Mass-Storage-Devices?

______________________________________
Scanned and protected by Email scanner

OSR_Community_User · July 19, 2010, 9:07am

On 7/19/2010 8:09 AM, Lloyd wrote:

When we connect a camera through USB, it will be displayed as a camera
than a USB mass storage device. “Like this” all mass storage devices has
to be treated, right?

What are you actually trying to do?

My point was:
IF you need an USB device that no other application than application> talks to, THEN don’t use a standard MSD device descriptor,
but something proprietary.
This is more robust and more secure than having first a device present
itself as MSD and then trying to block access for everyone else.

Tim_Roberts · July 19, 2010, 1:11pm

Lloyd wrote:

What I understood from your post is -

When we connect a camera through USB, it will be displayed as a camera than
a USB mass storage device. “Like this” all mass storage devices has to be
treated, right?

IF your camera exposes a USB Video Class interface and a USB Mass
Storage Class interface, then it will appear once in each class. It’s
entirely up to your device to decide how it will be exposed. Web
cameras without file systems do not expose a Mass Storage Class
interface, for example.

–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

Maxim_S_Shatskih · July 19, 2010, 2:13pm

> through removable storge media. In our case the use of USB storage media

cannot be fully prevented. So the “Authenticated” (or after authentication)
users must have permission to copy the file.

Probably applying the ACL to the volume device object will solve the issue?

–
Maxim S. Shatskih
Windows DDK MVP
xxxxx@storagecraft.com
http://www.storagecraft.com