June 16, 2007

Now that the floppy disk is dead (or as dead as it gets) and the USB flash drive has pretty much replaced it, it's high time to think about that USB drive as more than just a big floppy.

There's no question the size of your average USB drive has made it far easier to shuttle both data and applications between computers. For $25, you can pick up a 2GB USB flash drive, enough data to fill roughly four CD-ROMs. But aside from data, applications are also becoming a featured item: Some companies sell Linux distributions pre-loaded on a USB stick, for instance. With all that space and flexibility available, it's become possible (or at least a lot easier) for people to take both their data and their applications with them.

Because so many things are possible, people new to the idea of using USB drives to work on the go sometimes get a little lost. What kinds of on-the-go work can you specifically do with a USB drive, and why? To that end, I've assembled five basic ways you can use your USB drive on the go in more effective ways:

  • How to use applications without installing anything on the host machine

  • How to run a standalone operating system from a USB drive.

  • How to maintain a standalone (and secure) password repository

  • How to synchronize data between two or more computers

  • How to encrypt your data so that it's safe to carry it around with you.

The vast majority of the material described here is for Windows -- the PortableApps suite, for instance, is a Windows-only item at this point. Some individual programs do exist in Linux incarnations, though -- TrueCrypt, for instance, and KeePass has been unofficially translated into Linux and MacOS editions (as well as a U3 device edition). Check the respective Web sites of each application for what versions are available, as they may change over time.A Note Of Caution: Sorry, You Can't Plug That in Here
As usage of portable USB drives rises, so does caution about their use. Many workplaces and public-access computers no longer allow USB devices to be connected as a security measure, or only allow read-only access (and don't allow non-approved applications to run). It can be frustrating, especially if the data you brought with you is encrypted and you need to run an application to get access to it.

As a general rule of thumb, if you don't think you can log into a given system as an administrator, chances are you won't be able to do the vast majority of things you might expect to do with applications or data on a USB drive. Be prepared to fall back to a data-only or read-only setup if you think you're going to be going back and forth between home and other machines that are heavily locked down.

Be Productive -- Without Installing Anything

Most of us are accustomed to the idea that a productivity application -- a program on the order of Word or Outlook in terms of size and complexity -- has to be installed on a PC to be usable. It isn't something you can take with you.

Nothing could be further from the truth. In fact, many common free/open-source productivity applications are available in portable versions. They can be run directly from a USB drive -- with both the application and user data stored on the drive -- and will never need to be installed anywhere to work properly.

The best place to start when building a collection of such apps is probably PortableApps.com Suite (PA), a preconfigured collection of programs that's a snap to unpack and get running. The default package of applications for the suite weighs in at about 256MB, and is like a free software greatest-hits collection, including mobile versions of OpenOffice, Firefox, Thunderbird, and Sunbird. You can also add other applications, including the 7-Zip archive manager, AbiWord (another open-source word processing app), the FileZilla FTP client, IM clients (Gaim and Miranda), the Sumatra portable PDF reader, and many more. You can elect to install as many or as few pieces as you'd like, and it comes with its own launch menu that you can customize with new apps of your own choosing.

A big reason to go with the PA suite rather than download productivity applications individually (although you can still do that) is that there is a fair degree of integrity within the suite. Everything in the PA suite has been pre-screened to work reliably in a standalone fashion, and each application is kept fresh and up-to-date. You don't have to worry about whether or not a given program will behave correctly; all that gruntwork has already been done for you.

Another point in favor of the PA suite is that it automatically saves user-created data in a directory tree that travels with the suite itself, so user data is never saved to the PC itself. PA even includes a backup utility which saves and restores user or application data (or both, or everything on the thumb drive) to an archive somewhere.

As tightly integrated as the PA suite is, you'll still need to keep an eye out for possible quirks. The antivirus program Clamwin, for instance, needed to be updated by hand after I'd downloaded the PA suite, but there were full instructions on how to do this on the PA site's page for Clamwin.Likewise, the portable edition of OpenOffice behaves strangely if you don't have the PA suite folder installed on the root folder of a drive. When I tried running it from my desktop, it crashed, but after moving it to a thumb drive it worked perfectly. Also, because the PA suite is self-contained and doesn't install anything on your PC, things like document-type associations (for instance, for OpenOffice documents) won't be created. Finally, if you use the PA suite launcher on Windows 2000, there is (as of this writing) a bug that causes the launcher to crash -- there is a patch for it.

The PortableApps suite isn't the only prepackaged collection of portable programs out there. Consider the far less ambitious but still impressive Floppy Office, which packs a nifty array of tiny little productivity tools into a mere 1.5MB archive.

If you're not interested in a suite, there are a lot of apps out there that offer portable versions. For example, there's a nice version of the Opera browser , which some prefer to Firefox. And if OpenOffice is not to your taste, you could swap it for a portable version of the Scribus word processor and page-designer application.

If you're still not satisfied, Listible.com has a whole subcategory devoted to portable productivity applications.

Finally, I should make mention of Nirsoft, maker of a whole collection of incredibly useful and free utilities, all of which require no installation and will run from thumb drive or CD alike. They're perfect if you want to assemble a Swiss-army-knife USB collection of utilities; the program ProduKey alone, which recovers product keys for Windows, Office, and a number of Microsoft server applications, is a must-have.

Run A Standalone OS

It's not only possible to run standalone applications from a USB drive -- it's also possible to boot and run a whole standalone operating system from one, too.Why run a whole separate OS from a USB drive? Data recovery, for one: If Windows goes south, just plug in your drive, boot to it, and copy off any data trapped on the dead system. Another is if you're curious about migrating from one OS to another, and want to try it out in an extended fashion, but non-destructively -- that is, without installing anything on a hard drive, or creating dual-boot scenarios or otherwise changing the configuration of the system.

Note that you can typically only run an OS from a USB drive if the system you're using it on supports booting from a USB device. Not every PC does -- in fact, my own late-model Sony VAIO notebook (vintage 2006) didn't, much to my dismay. You might be able to upgrade the BIOS on a machine that doesn't currently support it and thus add it after the fact, but that's entirely up to the whim of the manufacturer; check with your computer or motherboard maker first.

The OS that's most commonly booted from a USB device would have to be some variety of Linux. Look no further than PenDriveLinux for tutorials on how to get many common Linux distributions running from a USB drive, including Ubuntu, If you're already using Windows, you can boot and run Linux in a way that doesn't require you to reboot the system but runs directly from within Windows itself. This neat trick is accomplished by using the Portable Qemu virtual machine system. Another way to do this is to obtain coLinux, a special distribution of Linux that's designed to run on Windows as a Windows executable. Note that setting up coLinux is not anywhere as easy as the other methods described here, so this is for experts only.

How about being able to run Windows itself from a USB drive? Amazingly, it is possible -- albeit with a bit of hackwork and patience, and with some scaled-down expectations about what's possible.

The most reliable and automated way to do this is to use BartPE, a utility that builds a copy of Windows's Preinstallation Environment (hence the "PE") from an existing installation of Windows. The PE is a mini-version of Windows that supports only a basic subset of Windows' functions, but it's still possible to do a great many things with it like perform data recovery or even run applications that don't need to be installed to operate correctly.

Note that Windows's licensing restrictions requires that you have a spare copy of Windows whose license you can devote to using in the BartPE environment; MSDN subscribers will probably find this restriction easiest to deal with, since they can typically spare an extra XP installation out of the pool allotted to them. Other people have created detailed instructions on how to take a BartPE installation and put it on a USB drive, although your mileage may indeed vary with this technique.You can't just take an existing Windows installation and move it to a pen drive, but thanks to the intrepid work of a few foolhardy experimenters, it is possible to create custom installations of Windows that boot from a USB drive.

The folks at Ngine.de have done exactly that, and they document how to do it by modifying the Windows XP installation CD, with additional hints in their forum for those who want to run Windows from a USB flash drive.

One major limitation to installing Windows on a USB drive using this technique is that it will only boot and run on the system it was installed on -- it isn't transferrable to another PC, which seriously limits its usefulness. But it's still possible to do some clever things, such as use it as an emergency recovery environment if BartPE doesn't prove to be flexible enough.

Maintain A Standalone Password Repository
I hate passwords. I hate having to come up with them ("Sorry, this password must be at least ten characters long and have at least one digit"), I hate having to remember them, and I hate trying to recover them. That said, passwords are still going to be used for a good long time to come, and many times they're the easiest way to secure something. Since a USB drive carries your data and goes where you go, it makes sense to use it as a password store, too -- one that is itself protected against unauthorized use.

One of the most popular commercial programs in this rubric is RoboForm, which has a no-install, USB-key-friendly version called RoboForm2Go. It's mainly used to fill in Web forms, including passwords, but packs in a bundle of other useful and allied features (like only filling in passwords on sites that have the proper domain name, to prevent phishing attacks). There's even a version of RoboForm2Go preinstalled on a USB key.

Another password manager that also works from a USB drive, KeePass, is both free and open-source, and sports one of the best feature sets of any program I've encountered in this space. (KeePass is one of the applications in the PortableApps.com suite.) Passwords can be organizationally grouped, automatically typed into form fields, and cleaned from the clipboard immediately after being pasted. The entire password database is AES-256 encrypted, and password data is kept encrypted in memory whenever possible to prevent snooping by other applications. There's even a plugin architecture; one of the available plugins for the 2.x version of the program lets you import passwords stored in Firefox.

One final suggestion involves something that isn't strictly speaking a program and is really only useful for Web sites, but is still worth discussing here. Chris Zarate's Genpass, now renamed SuperGenPass, creates a JavaScript "bookmarklet" -- a piece of code that runs from a bookmark in your browser -- which automatically supplies passwords for every Web site you visit by cryptographically deriving them from a single master password.

If you have a mobile copy of Firefox, you can install it there and use it as a password generator-to-go, or simply run it from a locally-saved copy of a Web page. For security's sake, you might want to set up Genpass so that you'll need to supply your master password each time it's used. Still, if you're reasonably confident no one else will be able to get to it (for instance, if you have the bookmarklet stored in an encrypted volume), you can hard-encode the password into it.

Synchronize Data Between Computers
If you're dealing with more than a few documents at a time, keeping the data on a USB drive synchronized across multiple machines is a bit of a hassle.

Windows has had a native feature to do this kind of synchronization since Windows 95: the Briefcase. When you copy files from your computer into a Briefcase folder on a USB drive, they can be automatically synchronized back with their originals if any changes are made to them on another computer. It's one of the simplest ways to do this sort of thing, and it's surprisingly under-utilized, although it's also pretty limited.

If you want more flexible ways to sync, you'll need to turn to third-party programs. One of the first apps I used to accomplish this was from Microsoft, interestingly enough: SyncToy . I used it to synchronize data not only to and from a USB drive, but to and from external removable drives as an impromptu backup application. Unfortunately, SyncToy needs to be installed on a specific PC (usually your main computer), and can't be run as a standalone application from the USB drive.

However, there's a plethora of programs for syncing data which can be run in a standalone fashion from a USB drive. I've grown fond of Allway Sync, which sports a staggering array of synchronization options -- not just two-way, but n-way (between multiple systems and a USB drive) -- and tracks all changes made to the files in a local database.

Another good one, with probably the most sophisticated (i.e., detailed) sync options of the bunch, is 2BrightSparks's SyncBack, which includes goodies like being able to sync files still in use, versioning, innate support for FTP directories, and 256-bit encryption. Allway Sync is free; while there is a limited free version of SyncBack, the full version of SyncBack costs $30.

U3 And You

No discussion of USB drives would be complete without at least some mention of Sandisk's U3 platform, an application specification for programs that are meant to run from a USB drive. Think of it as something akin to the PortableApps suite and its program launcher, along with guidelines for program behavior -- e.g., any Registry changes or files made to the computer must be undone when the application is closed.

U3 implementations of OpenOffice.org, Firefox, FileZilla, and a number of other programs are all available. Unfortunately, U3 is a proprietary standard, and has to be implemented on a USB drive that supports it by the manufacturer (at a 5% royalty per unit to Sandisk), although it technically doesn't cost anything to create an app for the U3 standard. Also, another successor standard co-developed by Microsoft and Sandisk is apparently in the works, so U3's days may already be numbered.

Encrypt Your Data
Open your favorite news site and odds are you'll see a headline about a government agency or corporation that's allowed a laptop or hard drive to go missing -- with unencrypted data still on it. If you don't want the data you store on your USB drive to be seen by others, you'll want to encrypt it. This means more than simply making files invisible or even using NTFS's own encryption system; the former is no real deterrent and the latter isn't very flexible.

The good news is that it's possible to get robust encryption for your thumb drive without spending much money -- if any. Consider TrueCrypt, a free and open-source encryption solution, now at revision 4.3. TrueCrypt works by letting you create a large file and turning it into a virtual encrypted volume; once it's mounted, you can read and write to it as you would any other drive. Everything stored on the encrypted volume is inaccessible without the proper volume password. The virtual disk file does not have to be any particular extension or type, and there is no way to analyze an encrypted volume and figure out that it's encrypted; it looks like random data to the uninitiated.

An entire partition on a removable drive, rather than just a file, can also be used as an encrypted volume. Since such volumes have no identifying features either, a USB drive encrypted in this fashion will simply look like an empty volume (or at least one that's been erased). Note that this makes such a drive all the easier to erase or damage by mistake, so use this with caution.A given encrypted volume can also be set to only be decrypted if a specific other file is present somewhere else in the system -- a text document, an .MP3 file, anything at all. This "keyfile" system allows you to add another layer of security for a traveling drive: if you have the keyfile present only on your notebook and your desktop computers, then the encrypted information on the drive will only be accessible there. Even if someone obtains the volume password, they still won't be able to open it somewhere else without the keyfile.

TrueCrypt also sports many features suited to USB drives. For one, TrueCrypt lets you create a "traveler disk," a standalone copy of the program that can be placed on a USB drive along with the encrypted volume. As long as you have administrative access on the target computer (running Windows), you can launch this standalone copy of TrueCrypt and get access to the encrypted volume wherever you might go. The traveler disk can be set to automatically launch TrueCrypt and mount the encrypted volume when plugged in.

Some thumb drives come with encryption hardware built directly into the drive itself. Kingston's DataTraveler Secure drives, for instance, use hardware-based 256-bit AES encryption and come in sizes up to 8GB. That said, hardware-based encryption on a thumb drive is expensive -- a 4GB DataTraveler costs as much as $120 retail -- and software-based encryption can be implemented for free on any drive, removable or not.

