How reliable is a write protection switch on a USB flash drive?

Physical write protect on a USB drive should work in all cases. The write controller is in the drive itself. Thus, excepting a wholly insane implementation, the physical write protect switch is secure.

Physical write protect is always kind of a semi-soft thing, but it's usually at the drive internals. With a floppy drive where the controller is external to the device, one could craft a drive that ignored the write-protect slider. I think SD cards are the same as floppy drives in that regard, though I won't make a bet on it because I know those include some circuitry for things like wear-leveling.

First of all here is a link to a page with a list of usb sticks with such write protection switches: http://www.fencepost.net/2010/03/usb-flash-drives-with-hardware-write-protection/ There is some info there, and they too imply that it's a hardware protection.

Now, if you are really serious about it, you can consider usb write blockers, commonly used for forensic purposes but can be used like this too. Here is one example: http://www.salvationdata.com/data-recovery-equipment/source-data-safe-guard.htm

Although many low-level flash chips do provide a hardware "write-protect" pin, operation is completely unspecified if the state of that pin changes in the middle of a write operation; while changing the pin around the time an operation is started might always have the effect of either preventing the operation altogether (if done soon enough), allowing one last write operation to complete (if done just after the chip recognized the command), or perhaps creating bits with weird intermediate logic levels, some data sheets expressly refuse to specify that consequences are limited to those.

The purpose of the write-protect pins is not to allow end-user control via an external switch, but more typically to allow the manufacturer of the product to either ensure that the contents of a pre-programmed chip won't be changed once it's soldered into the final application circuit, or allow the manufacturer to ensure that it can only be changed via special factory-programming cable.

If the firmware in a flash controller is designed properly, having a firmware-readable "write-protect" switch should be essentially as good as a hardware-interlocked one. An alternative which would be even better would be to have the switch connected to a latching circuit such that the write protect pin could only change to allowing writes when the switch was enabled to do so, but once the processor had taken action that required the ability to write, it could ensure that it kept that ability even if the switch changed in the interim. Such an implementation might require extra hardware, however.

With regard to the observation by axeoth that some drives may only check the switch when a drive is mounted, I would suggest that such behavior (which would not be incompatible with a latching design as I described above) might be motivated by a deficiency in the USB Mass Storage Device specification--most notably the lack of a means by which a device can say to the operating system "I would like to remove myself from the system; please ensure that any pending data gets written to me, and either let me know when that's done, or let me and any human nearby know if there's a problem". If such a behavior were supported, flipping the switch from write-enable to write-protect mode could prompt the device to request a clean unmount and then remount itself as a read-only device. Without such an ability, however, a device would have to either perform a "rude" unmount, delay acknowledgment of the switch, or have write operations report "unexpected" failures. While a rude unmount would perhaps be the best behavior, some users may be annoyed if flipping the switch after they think data is written results in data loss.