Under lock and key

While most virus and security threats stem from the Internet, there is another, seemingly innocuous, carrier of infection. And many of us leave our PCs completely defenceless.

These days, with sophisticated firewalls, antivirus and spyware tools, it can be the PC's USB port that is its weak spot. Is it any wonder? You don't need to be an administrator to install USB or FireWire devices. Almost anyone could plug in a USB thumb drive and expose your PC to potential threats.

If the threat of viruses isn't worrying enough, the thought of someone using your USB port to steal sensitive data certainly will be. And it's a big problem. Microsoft representatives told us of customers who have glued up their staff's PCs' USB ports to prevent such a scenario.

In the wrong hands, storage devices can siphon away valuable cargo faster than the Artful Dodger. And seemingly innocuous iPod music players have been cited as a serious security threat, too.

Known as Podslurping, iPods with their large hard drives, USB 2.0 and FireWire connectivity, can be an ideal tool for file-pilfering. Unconvinced? Head to www.sharp-ideas.net/pod_slurping.php, where security expert Abe Usher has developed a python program to demonstrate how easy it is to lift data. It's sobering stuff.

With XP's casual approach to USB security, it takes a third-party program to install some serious law and order. Smartline's DeviceLock 6.0 can restrict the use of USB, FireWire, Bluetooth and Wi-Fi devices, as well as optical and floppy disc drives. DeviceLock can work in conjunction with the Windows Active Directory, allowing network administrators to apply policies to groups of users, as well as individuals.

There's a free 30-day trial at www.devicelock.com.


1. Download the 30-day trial software of DeviceLock 6.0, log on to your PC as an administrator and install the software, choosing the setup option Service + Consoles. When asked whether you want to set up a DeviceLock certificate, choose to skip for now, as this can be carried out post-installation.

2. During installation you may be prompted for a licence code. Simply click Cancel if you'd prefer to use the 30-day trial period. Once setup is complete, you must decide which devices to allow or restrict access to. For stand-alone systems, the best way to achieve this end is through the DeviceLock Management Console.

3. Open the Device Management Console and, if unselected, click the Show/Hide Tree Console so that you get a split view. From the right-hand pane, double-click DeviceLock Service, select Local Computer and click OK. Trial versions will receive a 30-day trial period reminder. Click to close the prompt box.

4. In the left pane, double-click to expand Smartline DeviceLock and open the DeviceLock Service. Right-click Devices and ensure that the Display Available Devices Only checkbox is ticked. Doing so means that you won't be confronted with a list of options that are not applicable to your computer.

5. Expand the Devices list so that you can see the Permissions and Security setting areas. To change the access privileges for particular classes of device, click on Security Settings. This will display a list of devices and their current status. From here, you can simply right-click to enable or disable the devices.

6. For more selective methods of applying restrictions, click on Permissions. Select the device type from the right-hand pane and double-click to edit it. To alter permissions for several devices at a time, hold down <Shift> or <Ctrl>. The Permissions dialogue box will pop up; from here you can restrict access for individual users or user groups.



If you don't wish to use a program such as DeviceLock, there are some precautions you should take to reduce the risk of data being siphoned away. The most obvious of those is to use passwords to restrict access to Windows.

Ensuring that the boot sequence is set to Hard Drive in the system BIOS, is another good move, so that CDs and USB keys can't be used to boot into Windows. Password-protect the BIOS so that settings can't be changed back.

And ensure that your computer case is reasonably tamperproof. Direct access to the motherboard could allow jumper-tampering, which resets BIOS settings to their defaults - and removes your password protection.


THE ROOT OF THE PROBLEM Rootkit Revealer is a handy free utility which, as the name suggests, scans for hidden rootkit-based malware buried within Windows. It's pretty effective, too, managing to find most of the nasties hidden out of the reach of some antivirus programs. Suitable for Windows NT4 or later (www.sysinternals.com).

SECURITY IS NOT A FANTASY VMware Player allows programs to run while safely contained in a virtual machine - especially handy for unstable beta software. And the

download includes the useful Firefox Web browser. It does require quite a bit of processing grunt, though, so owners of modestly specified PCs may want to skip it (www.vmware.com).

LOCK IT UP ONLINE Rather than risk losing all your data, Carbonite's Online PCBackup will lock up critical files at a remote backup site. This is also ideal for when you need to access files from multiple locations but cannot transport your PC - just access them online (www.carbonite.com).

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Michael Haynes

PC World
Show Comments

Brand Post

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Luke Hill


I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?