2 min read

You and the USB

They're convenient, hold a lot of data and are a security risk

The floppy really is dead this time, and the USB memory key killed it.Speculation about the death of the floppy goes back at least a decade. When CD-ROMs appeared, diskettes fairly quickly lost one of their primary roles – as distribution media for software. By that time their heyday as the primary means of transferring files within the office – remember “sneakernet,” anyone? – was pretty much over as local-area networks became ubiquitous.

But there were still those occasions when you wanted to give a file to someone outside the office, or you needed a quick way to move a couple of files from the desktop to the laptop, or you just wanted to make a quickie backup of an important file.

Yeah, you could burn it to a CD-ROM, but that was slow and cumbersome. Sometimes the diskette was still the easiest way.

But now, even if Internet connections anywhere haven’t completely removed your need to transfer files physically, there’s a better alternative than the floppy. It’s the USB key of course – that little thumb-sized thing that plugs into a Universal Serial Bus port and holds more data than a stack of diskettes.

And they’re tiny, so you can carry them anywhere. It’s not often that a really handy new gadget comes along, and this is one of them.

Of course they have their problems too.

Some of the problems are overblown. People will tell you their file-transfer speeds are slow compared to hard drives. Well okay, but they’re fast compared to diskettes, and they’re fast compared to burning your data to a CD-ROM.

More serious, USB keys present security risks. There are stories of security-conscious companies filling all the USB ports on their office computers with solder so nobody can quietly slip a USB key into one and copy sensitive data. Others just ban the gadgets from the premises.

Windows Vista is supposed to help with this by allowing systems administrators to specify what kinds of devices USB ports will recognize. Plug in a printer and it will work; plug in a USB drive and Windows won’t see it – and won’t let anyone transfer data to it.

The other security issue is that these things are so small and hold so much data. You could fit a small customer database on a high-capacity USB key. Never mind somebody stealing a laptop from the trunk of an employee’s car – it’s only a matter of time until we hear the first story of sensitive files that slipped through a hole in somebody’s pocket and were found on the sidewalk.

There’s no point refusing to use the devices because of this, though there are certainly better ways of transferring sensitive data than putting it on one of these things and having someone carry it across town in a pocket. Sensible security policies, encrypting data when appropriate – those are the answers to the security issues.

A particular genre of USB key, the U3 drive, takes the technology a step further. They let you run some applications directly from the USB drive. Plug it into any PC and get access to your applications as well as your data. I’ve tried one of these and found it a bit limited – their capacity limits them to applications designed for U3, which aren’t always what you want – but it’s a promising idea.