There's a few different ways that I've used to accomplish this, but none are perfect. I got tired of my gf always bring home an infected USB flash drive so i re-formatted her drive with NTFS, then created a folder named 'autorun.inf' in the root. I then went to the security tab for the file, added user 'everyone' and set full control to 'deny'. This prevented virus on cafe/school computers from creating an autorun.inf file to spread viruses on autorun. (Yes, I know i can disable autorun or hold the left shift key during insertion, but that doesn't help when she is using it on someone else's pc and forgets to hold shift.) In your case, you would need to just deny writing and deletion. I consider this method less than perfect because it requires NTFS, and one day a clever virus writer will just change file permissions and do his dirty work. Another solution I've used for apps/files/folders I don't want changed is to use Truecrypt. Your OS will see the truecrypt volume as another drive, but they can be mounted as read-only if you wish. The truecrypt volumes can also be mounted as read only in other OSes as well.
