Open source software security

SanDisk Micro Cruzer

30 November -0001
Justin Klein Keane
Nov 26, 2006

I recently bought a 1 GB SanDisk Micro Cruzer flash drive. It came pre-loaded with a strange U3 technology that supposedly allows you to launch programs from the flash drive as well as carry around your files. While the technology is interesting, it's also very annoying. As soon as you plug in the drive it looks like it installs about three different devices. Your flash drive actually mounts as two separate devices - a read only CD-ROM drive and a standard removable USB storage drive. This is very interesting because it confused two users who I loaned the drive to right away. One complained that he couldn't move files onto the drive because he was trying to drag them onto the CD-ROM mount and the other said he couldn't retrieve the files he loaded once he took the drive to another machine (also because he was looking in the CD-ROM and couldn't find the files that were written to the Cruzer's other partition). Interestingly enough, this behavior even happened on an Ubuntu system. While the systray U3 program didn't run, the Cruzer did mount as two separate drives.

The U3 programs themselves look quite impressive. They include a file encryption utility, a virus scanner, and various other small programs (including some open source offerings such as Thunderbird and Firefox). The problem with most of these utility programs is that they were trial versions of programs that cost several times more than the drive itself. Cleverly, Skype had an offering on the Cruzer.

The Cruzer also comes with a password protection utility that you can use so that unauthorized people can't get ahold of your files. I'm not sure how secure the protection is, but it's nice to have a little peace of mind.

The physical design of the device is great. The USB dongle slides in and out of the plastic housing of the USB key itself. We'll see how this holds up over time, but for now it's great. My last USB key had a cap on it that always popped off when I pulled it out of my pocket meaning I'd have to scramble around chasing it as it bounced down the street towards the gutter even though the rest of the device was still attached to my keychain. I'm a little afraid that constantly having to press on the Cruzer's slider to make the dongle slide might wear it down over time, but for now I feel quite safe dropping the device in my pocket.

Data transfer seems great so far. Moving large files isn't terribly fast, but it isn't noticeably slower either. The drive comes formatted in FAT16 though, which apparently is slower with data read/write.

After thoroughly evaluating all the offerings on my new Cruzer mini I decided that U3 wasn't worth it. I used a utility on the key to remove U3 and then I reformatted the entire drive to FAT32. This reduced the SanDisk Cruzer to a mere "dumb" USB drive, which is frankly what I expected to get when I bought the device.

Frankly I think that U3 is neat, but it isn't what users expect and it breaks a lot of interface behaviors that people have learned over time. Ultimately I think this will doom the technology more than anything else. The fact that it takes up over 50 Megs of space aside, most of the utility of U3 can be achieved in other ways, without compromising the device function. Given free, open source offerings such as Open Office, ClamWin and WinGPG you can mimic most of the Cruzer's program behaviors for free, and in a cross platform way.