Feature request - USB immunizer

Currently I have to install Panda software to immunize my pen drives, it would be nice if ESET had this feature as well.

For those who don't know what I'm talking about:
There are viruses that spread through USB drives, using autorun file autorun.inf to do the nasty things. It's possible to immunize your USB drive by editing some hex values of an autorun.inf, which make it uneditable (on Windows, since Linux doesn't care ), so if you plug it into an infected computer, it won't be able to spread to your USB drive.

 

If you are using Windows Vista or Windows 7, you don't need to worry about USB autoruns, Microsoft disabled autoruns with a Windows Update awhile back where they can not infect your system unless you manually run the executable. However on Windows XP, USB autoruns are not disabled by default.

Most AV's detect malware on USB devices, of coarse if you don't connect unsafe USB devices, then you don't need to worry. Since no AV detects everything, it is best to never connect USB devices that you don't know for sure are safe.

anyway its a good feature request but only for xp users

 

Hello,

Noted and forwarded to ESET's product management team.

Regards,

Aryeh Goretsky

 

Hello,

Some people might use removable media like USB flash drives with multiple operating systems at school, home, work and so forth. Even if only one of those environments is running Microsoft Windows XP, they could continually be reinfected as users bring infected removable media back to the computer.

Regards,

Aryeh Goretsky

 

Now that I'm a bit more informed, if one creates a directory called autorun.inf, new autorun.inf cannot be made unless directory gets renamed, or deleted, but it's unknown if any of those care about this.

About the winupdate: I heard of it, but even after installing SP1 for win7 (reinstalled today...), autoruns are on by default. Of course it's possible to have it turned off through Control Panel, using an AV they can be detected...
I was just randomly posting it. Not a real threat but still, if you think of the not tech savvy people, they might not turn it off and prevention is stronger than detection right?

 

I think most viruses spreading through usb always check for that first, if a directory called autorun.inf already exists they will simply delete it and create their own infected file (with the same name). Many "USB immuziner" (Panda, BitDefender...) also implements this trick, but they've developed their own way to secure the autorun.inf directory so you won't be able to delete or even see it.

Windows 7 ignore all instructions about running executables in autorun.inf by default. It will only read instructions about label / name change for the drive so feel free and double-click your drive's icon in My Computer even if it looks like a folder (the virus won't be activated just by clicking the drive's icon). No need to disable autorun.inf in Windows 7 IMO.