Feature request - USB immunizer

[iScream]

Currently I have to install Panda software to immunize my pen drives, it would be nice if ESET had this feature as well.

For those who don't know what I'm talking about:
There are viruses that spread through USB drives, using autorun file autorun.inf to do the nasty things. It's possible to immunize your USB drive by editing some hex values of an autorun.inf, which make it uneditable (on Windows, since Linux doesn't care ), so if you plug it into an infected computer, it won't be able to spread to your USB drive.

[loveboy_lion]

If you are using Windows Vista or Windows 7, you don't need to worry about USB autoruns, Microsoft disabled autoruns with a Windows Update awhile back where they can not infect your system unless you manually run the executable. However on Windows XP, USB autoruns are not disabled by default.

Most AV's detect malware on USB devices, of coarse if you don't connect unsafe USB devices, then you don't need to worry. Since no AV detects everything, it is best to never connect USB devices that you don't know for sure are safe.

anyway its a good feature request but only for xp users

[agoretsky]

Hello,

Noted and forwarded to ESET's product management team.

Regards,

Aryeh Goretsky

Quote:

Originally Posted by iScream

Currently I have to install Panda software to immunize my pen drives, it would be nice if ESET had this feature as well.

For those who don't know what I'm talking about:
There are viruses that spread through USB drives, using autorun file autorun.inf to do the nasty things. It's possible to immunize your USB drive by editing some hex values of an autorun.inf, which make it uneditable (on Windows, since Linux doesn't care ), so if you plug it into an infected computer, it won't be able to spread to your USB drive.

[agoretsky]

Hello,

Some people might use removable media like USB flash drives with multiple operating systems at school, home, work and so forth. Even if only one of those environments is running Microsoft Windows XP, they could continually be reinfected as users bring infected removable media back to the computer.

Regards,

Aryeh Goretsky

Quote:

Originally Posted by loveboy_lion

If you are using Windows Vista or Windows 7, you don't need to worry about USB autoruns, Microsoft disabled autoruns with a Windows Update awhile back where they can not infect your system unless you manually run the executable. However on Windows XP, USB autoruns are not disabled by default.

Most AV's detect malware on USB devices, of coarse if you don't connect unsafe USB devices, then you don't need to worry. Since no AV detects everything, it is best to never connect USB devices that you don't know for sure are safe.

anyway its a good feature request but only for xp users

[iScream]

Now that I'm a bit more informed, if one creates a directory called autorun.inf, new autorun.inf cannot be made unless directory gets renamed, or deleted, but it's unknown if any of those care about this.

About the winupdate: I heard of it, but even after installing SP1 for win7 (reinstalled today...), autoruns are on by default. Of course it's possible to have it turned off through Control Panel, using an AV they can be detected...
I was just randomly posting it. Not a real threat but still, if you think of the not tech savvy people, they might not turn it off and prevention is stronger than detection right?

[quanzi_1507]

Quote:

Originally Posted by iScream

Now that I'm a bit more informed, if one creates a directory called autorun.inf, new autorun.inf cannot be made unless directory gets renamed, or deleted, but it's unknown if any of those care about this.

I think most viruses spreading through usb always check for that first, if a directory called autorun.inf already exists they will simply delete it and create their own infected file (with the same name). Many "USB immuziner" (Panda, BitDefender...) also implements this trick, but they've developed their own way to secure the autorun.inf directory so you won't be able to delete or even see it.

Quote:

Originally Posted by iScream

About the winupdate: I heard of it, but even after installing SP1 for win7 (reinstalled today...), autoruns are on by default. Of course it's possible to have it turned off through Control Panel, using an AV they can be detected...

Windows 7 ignore all instructions about running executables in autorun.inf by default. It will only read instructions about label / name change for the drive so feel free and double-click your drive's icon in My Computer even if it looks like a folder (the virus won't be activated just by clicking the drive's icon). No need to disable autorun.inf in Windows 7 IMO.