Longhorn Will Have Ability to Ban External Storage Devices

slashdotbs writes "CNET is reporting that Microsoft will allow IT managers to block devices such as USB memory keys and - shockingly! - iPods. The article refers to 'the threat posed by digital storage devices'."

Article Text

Longhorn to put squeeze on gadgets

By Ina Fried
CNET News.com
September 9, 2004, 4:00 AM PT

SAN FRANCISCO--Windows makes it easy to quickly download files to iPods and other portable storage devices--a little too easy in the minds of many IT managers.
In the next version of Windows, Microsoft will give big companies an easy way to block use of such devices, while making it easier for consumers to connect their home systems to them, a company representative told CNET News.com.

Much has been made of the security risks posed by portable storage devices known as USB keys, or flash drives, music players like the iPod, and other small gadgets that can store vast amounts of data. Some fear that such tiny devices can be used to quickly copy sensitive data off business PC hard drives, or to introduce malicious software onto corporate networks.

"It's a real problem," said Padmanand Warrier, a developer in Microsoft's Windows unit. "That's the feedback we've gotten from IT folks."

To put the new features in place, Microsoft is hoping to move to a common model for how wired and wireless devices connect to a PC in 2006, around the time that it releases the next version of Windows, code-named Longhorn. For consumers, that means that wireless printers, networked music players and other wireless devices should be able to connect to a PC as easily as the USB drives today.

Microsoft did include a workaround in Windows XP Service Pack 2 that lets users change an internal Windows setting to prevent data from being written to USB devices. But the features planned for Longhorn will be more comprehensive.

Microsoft showed that technology, known as "Plug and Play Extensions," at this week's Intel Developer Forum.

For businesses, it means regaining some control over portable devices. "It's not just USB keys," Warrier said, noting that devices can just as easily link to PCs through Bluetooth short-range wireless or another connection.

By including tools to prevent workers from connecting portable storage devices to corporate PCs, Microsoft is offering big companies another option in addition to the outright banning of such devices, as some government agencies and other high-security installations have done.

"USB keys have become ubiquitous," said, Alan Brill, a senior managing director at Kroll OnTrack, a technology services firm that does security consulting. "You can pop them into any computer after Windows 95 and all the software that's needed is already in there. It's a tool that can be both used and abused very easily."

Companies have been slow to react to the threat posed by digital storage devices in general, Brill said.

"It's one that companies have turned a blind eye to for a very long time," Brill said. "If you think back, it used to be that stealing significant secrets was difficult because it was hard to get away with that much paper."

Intel, for example, used to check the bags of employees, but eventually such searches became impractical. With roughly, 80,000 employees, the company found it didn't have the resources to prevent against someone putting files onto a flash drive or iPod, a representative said.

"You take a better approach--you make sure people understand the need to protect company information and you hold them accountable," the representative said.

Market research firm Gartner has advised big companies to disable certain "plug and play" functions in Windows as a security precaution.

IT managers do have access to tools that would allow them to block USB ports, but such tools are little-known, and little-used. "There are tools that are available to...manage USB ports, but 99.9 percent of all machines in corporations don't have anything like that," Brill said.

Longhorn in the headlights
Of course, Microsoft's changes aren't coming until Longhorn, which isn't scheduled to arrive until 2006, and it is likely to take more time before the new operating system is widely adopted by co

Re:about the Oh-Neon, Ee-Oney!

[AyeRoxor!]

They mean I hate IE! CUZ it'S got HOALS AND LEEKS! AND VIRUSES! /my turn for a +5 post

Re:This is a good thing

[jhoger]

When it comes to truly sensitive data, it isn't just "any idiot" you're really worried about.

First you have to worry about the guy that has the password to the machine and can decrypt the data. He's the one that is going to steal the data... he knows where it is, he knows how to get to it.

Otherwise the person you're worried about is a hacker. And he's NOT an idiot either.

So what is your point? Breaking the machine so things that should normally work don't just gets in the way of using the machine normally. It's a cost benefit thing... you're incurring a cost, less usability, for no benefit, that is, you're barring people that aren't going to steal the data from stealing it.

-- John.

And then...

[Safety+Cap]

we can unblock access to USB keys right now, too!

Remember that Microsoft Security is like a paper mache lock painted with gray #12 - looks real enough, but fragile when tested

Someone help me here...

[Jack9]

Why wouldnt you just open the box and disconnect the interfaces you didn't want used? Hell why not REMOVE them?

"But we use USB keyboards waa waa waa"

"and I can hook up a harddrive to the parallel port the printer uses, so cry me a new one"

You don't depend on software made by microsoft to protect your data. The software "disabling" of specific hardware devices hooked up to USB seems like mental masturbation. It's what MS is good at I guess.