Portable storage media are now a popular infection vector with malware writers. It's easy to see why: email has been flagged as the main source of infection so heavily that it's all too easy to forget old-style threats such as removable media (remember floppy disks?). As a result, basic desktop protection is now often overlooked, not only by home users but also by businesses.
USB CopyNotify!, from CygNET Systems, is an affordable software utility designed to plug data leaks from the unauthorised use of USB devices, such as mobile phones, digital cameras and digital audio players. Flash drives are a particular threat because they are small and easily carried into office, plugged into a computer and used to copy confidential data without detection, thus rendering established data security measures vulnerable.
Of course, there's plenty of enterprise software for handling data security, but these products are generally too costly and too complex for small companies with few (or no) IT staff. By contrast, USB CopyNotify! doesn't require complex setup and management.
Compatible with 32-bit editions of Windows 2000/XP/2003/and Vista, USB CopyNotify! v.1.3 is simple to install, although it does require a server to receive alerts and notifications generated by the software. The client also needs to be installed on all the computers to be monitored. Unfortunately there's no mass-deployment option, so you'll need to install the software on each client system individually.
As soon as any USB devices are used on any USB CopyNotify!-enabled system, the server receives a notification in the form of a pop-up balloon in the system tray. An audio file can also be played. USB usage alerts can be forwarded via email, while events logged by the server (date, time, computer name, IP address, category, message) are saved as a TXT file. A filter allows you to decide which alerts and notifications you receive, and whether you wish to see them in the desktop pop-up, log file or email.
Pop-up notification of USB device activity in the USBCopyNotify! server's system tray.
The pop-up balloon contains details such as the computer name into which the USB device was inserted, its IP address, the USB device description plus operational details. You can then directly block the USB port or specify an action such as running an executable file on activation of a particular alert. The software also monitors data copy operations on USB drives and generates a log entry of any files that are copied. Most users will not even notice the agent, although an experienced user could spot the service running in the background. Luckily, a warning is delivered if the CopyNotify! program itself is shut down or uninstalled.
USBCopyNotify! is straightforward to set up and manage, although its functionality is limited
The latest release of USB CopyNotify! also addresses energy conservation. As well as guarding against data leaks, it also sends alerts when computers are left idle and could be switched off to reduce electricity bills. It's a small enhancement, but it's good to see a feature that helps to reduce an organisation's carbon footprint.
USB CopyNotify! is designed for small businesses that are concerned about the theft of confidential data but are unwilling or unable to implement sophisticated data security solutions. However, it's worth spelling out this product's deficiencies. You can't set policies and protection levels for specific type of computers or departments, for example. This means that administrators can't configure which users are given access to portable storage devices. Nor can you control data flow to and from storage devices on a user-by-user basis over the network. Logging is also basic and doesn't allow you to log all user-based portable device activity to a Microsoft SQL server to generate activity trends and reports based on this data.
To be fair, USB CopyNotify! makes all this clear from the outset. For small businesses looking for simplicity it's a good buy, but managers of larger networks should consider stepping up to something like GFI's EndPointSecurity.