How to prevent automatic USB based infections without a resident AV?

What´s the best (simplest, efecctive, low resouse usage) way to stop USB based infections (that automaticaly infect the computer in the moment you plug), without using a anti-virus resident shield (i´m running Windows 7 x64)?
I´m not sure if sandboxie (paid) can do that.
thanks

 

Disabling the autorun. http://www.google.es/search?q=disab...s=org.mozilla:es-ES:official&client=firefox-a
Using this
http://www.pandasecurity.com/homeusers/downloads/usbvaccine/

 

Any product with White List or execution protection will prevent infection from malware executables. Example:

http://www.urs2.net/rsj/computing/tests/autoruninf


----
rich

 

I think that windows 7 already have autorun disabled by default.
I guess Panda USB vaccine and a software like the one refered by Rmus will
only prevent infections that work using autorun.inf, but not this one, for instance: https://www.wilderssecurity.com/showthread.php?t=276994
Maybe its possible to automatically run virtualized a inserted usb?

 

Ariad will prevent that.

 

Not correct.

Any White Listing product will block the running of any executable not on the White List, no matter what the triggering mechanism is, whether autorun.inf file or link shortcut file.

While it's not feasible to test the complete exploit you refer to, since the specially crafted .lnk files point to a specific USB device, I simulated the vulnerability by manually executing my own shortcut .lnk file to the malware executable:

https://www.wilderssecurity.com/showpost.php?p=1713962&postcount=98

The same result would occur if the .lnk file were started by remote code execution (automatically).

In another forum, Anti-Executable v.2 was tested against the current PoC of this exploit floating around, and it blocked it successfully. Any similar solution would also effectively block it.

----
rich

 

The above resumes very well what kind of protection anti-executable technology provides. If it can not execute, it can not infect.

AE´s weak point is, as usual, how to know if a program can be trusted (executed) or not.

 

Originally posted by AlexC

Limited User Account
Windows Security Policies
Windows Permissions
Read Only/Read Write (switchable) USB Flash Drive

 

Well Buster (driving on a BSA ),

What about having paid for it makes it thrustworthy? What about programs from trusted vendors or signed programs? Most download portals provide a stamp 'virus' checked.

Malware and Adware has killed the idea of the lean client, which loaded aps or 'beans' or for the sake of it active-X from the web when the customer needed it.

People tend to communicate through virtual channels more and more. Having a USB stick means you actually got real phisical contact with some one who put something on you on your USB stick. This in itself is rare for most heavy PC users.

Above trends greatly reduce the problem of the user making a correct decision. On top of that some one provided amature malware analists with a nice tool called Buster Sandbox analyser which can be used in combo with a really solid application virtualisation tool.

Regards Kees

 

Thanks!

 

Nice, i noticed my thread got deleted but this one helped a lot!

 

PE Guard 2.1

 

Just disabled it through the Windows Configuration thing.

I used this guide, which was posted above

Is that enough?