A reader asks: “What do I do with the USB drive that I found in a department-store changing room?”

You have four choices: a safe and ethically positive one; a probably-safe but ethically murky one; a maybe-kinda-sorta-safe one, also with murky ethics; and a totally unsafe one, with murky ethics.

The 100% safe choice is not to keep the drive. For one thing, the person who lost the drive might need it or its contents. For another, you have no idea what’s on the drive — malware, illegal porn, private matter, who knows? So the best option is to give the drive to the store’s customer service desk. If the person who lost the drive needs it, that’s where they’ll go to ask. Even if the person who lost it never comes back, at least whatever’s on the drive can’t harm you in any way, and you made an attempt to help the person who lost the drive. Win-win!

A variant on this, if returning to the customer service desk is impractical: Destroy and discard the drive. It’s not yours anyway, and again, you have no idea what’s on it. Destroying the drive doesn’t help anyone, but also doesn’t hurt anyone.

The probably-safe option is to repartition and reformat the drive via a disposable virtual PC (“VPC”) setup using software such as Oracle’s free VirtualBox; an app that lets you create a “sandboxed” (safely isolated) PC entirely in software. If set up properly, a VPC quarantines the software running inside it, preventing it from being able to harm the real, physical PC that’s running the virtual PC software.

So: Set up a VPC and, working entirely within the VPC, use it to repartition and reformat the USB drive: Wipe out the drive’s contents, totally.

If you don’t boot from the USB drive or open/examine/look at any of the files on the drive — if all you do is repartition and reformat it — the odds are minimal that anything on the drive will escape the VPC and harm you or your PC.

Next, and still operating entirely within the VPC, run a low-level malware scan on the thumb drive. For example, you could download and run Eset’s highly-regarded online scanner (free; trialware and purchased versions available).

If you were able to successfully repartition and reformat the USB drive without error or difficulty; and if a thorough, low-level malware scan comes up clean, the drive is now probably — not surely, but probably — safe to use on your regular PC. (There’s no way to ensure 100% safety.)

Finally, wipe out the VPC you just used, just in case something bad managed to infect it, anyway.

At the end of this process, you’ll have an empty USB drive that’s probably safe to use. You’ll have to weigh for yourself the value of the drive versus the remaining, irreducible risk of using it.

But this approach lands you in an ethically-grey area: On the positive side, you certainly didn’t steal the drive! On the other hand, you did take it; and made no effort to get it back to its owner.

It might not matter. If the files on the drive had little value for the original owner (you have no way to know) and if the physical USB drive is of intrinsically low value — say, it’s one of those generic, semi-disposable, low capacity drives — then it’s a petty matter.

But if the files had high value to the original owner, or if the drive itself is an expensive, high-capacity, high-speed model, then you possess something of value that really doesn’t belong to you.

How you feel about that, and what you do, is entirely up to you.

The maybe-kinda-sorta safe option is to simply plug the drive into your regular PC and repartition/reformat it without looking at, opening, or examining any of the files on the device.

If you don’t access any files on the drive, any malware of the run-of-the-mill variety there will likely stay inert and harmless; and will be wiped out by the repartition/reformat.

If the drive contains advanced malware that might activate as soon as the drive is plugged in and queried by your OS, your PC’s regular antimalware app — you are running one, aren’t you? — might be able to block the infection.

Next, after a successful reformat, perform a low-level malware scan, as described above.

If the drive passes the scan, it’s probably OK to use, but with more risk and a lower degree of certainly than with the VPC method.

However, the ethics of this remain cloudy, same as with the VPC approach.

The unsafe option is to plug the drive into your PC, and poke around it to see what’s on it. You have no idea where the files on the drive came from, or whether the original owner of the drive was careful about what he/she would download and save on the drive. It could be anything. And the ethics of poking around in someone else’s files on someone else’s drive are definitely murky.

Making your choice: If you’re uncertain which of these choices to pursue, I suggest this: Put yourself in the shoes of the person who lost the drive. If it was your drive, and you lost it, what would you want the finder to do?

Whatever you’d want someone to do for you, is probably what you should do for them.

Permalink: https://langa.com/?p=1680


Want to ask Fred a question? Have a comment? Click here!

Want free notification of new content like this? Click here!

Comment? Question? Reply...?