Restrict access to USB drive to only select programs

Is it possible to restrict access to a USB drive to only a specific program?

I would like to use my USB drive as backup in case of a virus/trojan/whatever that tries to delete all files on all disks or tries to format disks or whatever.

I run as an administrator account when I use my computer, with UAC enabled. Windows 8.1

I would like to say allow only Explorer and Second Copy (my backup program) to access this USB drive.

How can I do that?

Hey sir,

I do not think it possible, at least not without some 3rd party program that I have never heard of. However, if you are looking for better security so that what you describe is much less possible for an infected computer to do... use a standard account. Set your Admin account to the side, memorize the password for it, and whenever you get a UAC prompt, you can just enter in the details. It should be rare, since it mainly only prompts for large setting changes or program installations, etc. That is how I run my own computers, and it works perfectly. Never even have to log into the Admin account. Hope this helps some!

Thanks for the suggestion but I tried it before and I didn't like it much... I mean I think that there would be little in the way of benefits and more in the way of day to day annoyances. But probably my understanding is completely wrong, but I'm thinking that probably many programs on a standard account can still delete files that the user on the standard account can access and that the benefit of this account separation probably comes from not being able to delete other user's accounts or whatever is outside of the user account. But I am the only user, so actually all the important data is in my account. Is there something I'm missing in my understanding? So I don't really understand the point of having 2 accounts on a single user system.

How about then, is there a way or a program that can disconnect and reconnect the USB drive on a schedule or from a command line (from command line, I could schedule it)

That way I could leave the USB disk plugged in, but when it's time for backup - have it temporarily reconnect. So if something tried to delete my data it would probably occur when the backup flash drive is not connected.

About the only you can restrict access is to disable the USB ports::
http://www.thewindowsclub.com/disable-enable-usb-windowunlock-pen-drive-at-office-or-school-computer

Nuccii said:

About the only you can restrict access is to disable the USB ports::
http://www.thewindowsclub.com/disable-enable-usb-windowunlock-pen-drive-at-office-or-school-computer

Click to expand...

Yep, which might take longer than you'd want, ycomp. At least it would for me!

In answer to your question about my post above, There are benefits. It is a bit harder for a computer to become infected with a standard account, because it is harder to 'elevate' than through the admin account. I've never heard of malware targeting a normal user's files for deletion. Usually, it is the whole system that gets deleted for kicks, or MUCH more likely, the files are left intact in order to spy on them, sending out packets of your info...
Why use a standard user account instead of an administrator account? - Windows Help
I don't mean to make it sound so dramatic. There is only a small advantage with Standard compared to an admin account because of recent upgrades in OS security, like UAC, but it is still present. But if Admin works for you, it works.

And no, I've not heard of such a program available for your specific needs. Only way I know (and nuccii above ) how is disable/enable.

ah, so if I'm logged into a Standard Account the malicous code cannot wipe my disks while I'm logged into the Standard account but if I'm logged into an Administrator account then it can, even without popping up a UAC sceen first?

Honestly, I'd be shocked if it could. No one wants to erase anything, usually, but the standard user is just slightly more secure. Less severe malware can perhaps bypass uac sometimes, but you're safe in terms of wiping the disks on both accounts. I've never even heard of people trying to wipe data, mostly they just copy it, or change security settings. Struxnet changed speeds lol

seems like this one might be able to replug USB devices via the command line but I was hoping for something free.

USB Safely Remove Features

The reason I'm a bit paranoid right now is that I just wiped my google drive locally by accident (I wasn't paying attention when I edited a script that deleted a subfolder, so instead I deleted the whole parent folder) - and scripts don't send to recycle bin. Of course google drive probably would move everything to the trash in the cloud, but I stopped the deletion sync before it occured, uninstalled google drive and reinstalled it and then it just redownloaded everything. But the redownload was scary quick, I still don't understand that.

So I'm just in a get-my-backups in order phase right now.

DustSailor said:

Honestly, I'd be shocked if it could. No one wants to erase anything, usually, but the standard user is just slightly more secure. Less severe malware can perhaps bypass uac sometimes, but you're safe in terms of wiping the disks on both accounts. I've never even heard of people trying to wipe data, mostly they just copy it

Click to expand...

back in the DOS days I did here of such things and I can see some script kiddies getting a kick out of it. But I guess now that I think about it, script kiddie stuff shouldn't get past my A/V... since they probably used some kind of boilerplate code. So I guess it's not something I should worry too much about. I just always felt that off-site is better than on-site, and not attached to the computer is better than attached - after the backups are done.

^true, it's just harder to live like that. If you never use the computer, it'll never get infected xD

If you don't use the internet, the chances of infection drop exponentially. You remain quite a bit more safe if you only go to well-known websites like facebook, google, cnn/abc/etc, rather than looking up unknowns and opening them. But again, that is asking a lot.

I know that any script that attempts to erase a local hard drive will be prevented by UAC both as Admin and Standard without approval, but not sure about things like onedrive or googledrive, if it'll let you erase without approval. There are also supscription services that'll backup your stuff for you... for money. Or just do it for yourself. Backups are mostly used for computer crashes or mistakes a user makes, and malware today is mostly just trying to take your money/info, not erase data.

I was looking up stuff about kids for kicks killing company websites, etc. just because they could. It is much harder for that sort of thing anymore, but not as hard to just spy. [edit] I meant to say I saw a news article recently on this, claiming it was a huge thing during the 90's [/edit]

I was actually a bit more worried about that ransomware kind of thing than a full out delete. You know where they encrypt your files (possibly sometimes even without intention ever to give you the correct key if you pay). It was in the news once. But this really seems like something that should become quite popular. But I get your point, yes my main goal in backing up is against my idiot mistakes or theft. Thanks for the help, I seem to understand it a bit better now.

Yea, but they 'lock' it, rather than delete it. More often they do this with websites that lack the latest security upgrades, the fault of the website owner and/or host, unless you run their malware on your personal computer (UAC prompt, though). It happened to my business' website due to our host's negligence in updating their security, but we had backups that we uploaded in place of the big ugly ransom note. Paying those guys to unlock your website basically gives them license/ability/desire to hack others, so... very bad idea. people are basically paying these thieves to mug them and others. lol. It's like paying the mob for 'security', which ensures that everyone must pay, or get hurt or worse.

Eh, sorry for going off on that tangent, but good luck with the backups, and take care. Any other questions, feel free to post!

I use MCShield ::Anti-Malware Tool:: to "harden" security with USB devices, it's small footprint, free and works good.