So... more than a year has gone since the launch of Windows 10 and I'm still running Autorun Eater on all my machines. I have a few questions for you: 1: Do you still use any sort of USB-specific protection? 2: If you do, which one? or 3: If you don't, how do you mitigate the risks of infections through flash drives? I'm just trying to make up my mind wether to finally pull the plug on Autorun Eater (which has been well abandoned for some time now)
1: I don't feel the need to. If I plug in an infected flash drive, my computer will only become infected if I manually launch an infected file on the drive. If I was to open an infected file, my antivirus would probably intercept it. 3: By being careful about what files I run. It's the same approach I take with files I download.
If I don't trust a USB flash drive I will not insert it in my machines. If I received one of these in the mail I would NOT insert it in my machine. HitmanPro.Alert protects against BadUSB devices (an USB device that pretends to be a keyboard) as well. If you were still worried you could use VoodooShield or similar, which will stop any payload from running.
MCShield (www.mcshield.net) is a free tool against the USB malware. Check it out; I think you will be impressed.
This is a nice one. Even when application does not run it still applies its protection. It looks like a GUI for internal windows protection options only available for Windows Pro and higher (Business, Ulitimate). So grab it while you can. USB Disk manager: http://www.syedgakbar.com/projects/usb/
I tested Clevx DriveSecurity. Good: Runs on medium IL. Don't require autorun (it copyes USBListener.exe to temp folder and it monitors USB connection, it also runs on medium IL). Bad: No quarantine nor exclusion!! Detect anything encrypted, or at least my own harmless encrypted zip. Expensive. I removed it.
do any of these programs install anything on the USB itself? if so I would not use it with my imaged USB stick.
I noticed today addguard blocked an autorun on one of my usb"s and I can't even remember what is on it, that is the funny part.
Not for protection; useful USB Tool, however. USB Device Tree Viewer Code: http://www.uwe-sieber.de/usbtreeview_e.html#download
Can you confirm that McShield is working OK on Windows 10? I was thinking of using it again, but I see that it hasn't been updated since 2014. Edit: I see now that Windows 10 is listed under McShield system requirements. Does it use signatures and if so do they continue to be updated? TIA
There are other USB protection worth mentioning like SMADAV http://smadav.net/?lang=en its much better than Mcshield IMO...
I rely on my AV,,BD scans any USB device before it's allowed to run, after a quick scan then it starts and loads. I've never had a USB infection.
Yes, many AVs now include USB scanning so I wonder if these dedicated USB AVs bring any additional benefit?
True... but this kind of softwares also make cleaning an infected/hidden USB files easy, SMADAV also has added ransomware and anti-exe feature(USB only) and very usefull for those who often use a pen drive.
Thanks for the replies folks and sorry for getting back to you after a few months So I went ahead and installed MCShield, so far so good, I rarely insert flash drives that don't belong to me, so I've seen it in action only once. Kinda tempted to try SMADAV but as @Victek and @daman1 said the av should stop any infection (in my case Windows Defender).
I believe the latest version was released way back in 2014 but has it received any updates since you've had it installed?
When considering USB protection one must also consider any damage done to the files that exited on the flash drive prior to malware infection. So Optimal protection would be: 1). detecting the malware on the USB 2). Preventing malware spread to the Host system 3). putting back the files to their former state.
It seems like the last update was on February 21, 2016. Maybe they rely on the heuristics engine built-in?
So I believe 1) and 2) are very basic and most antimalware products do it. But about 3) I've only seen G-Data restoring infected files after disinfection, the majority of products just qurantine/delete, from what I've seen
A new limited, pricey option: "This USB firewall protects against malicious device attacks... http://www.zdnet.com/article/this-usb-firewall-protects-against-malicious-device-attacks/ NB: While the USG will protect against low-level USB attacks, it won't protect against malware stored on the flash drive itself.