Windows build-in mechanisms vs. third-party security options-where is the catch?

Would you have simple instructions to do both of these things on a Win 8.1 Home system?

 

Hmm, doubt that specific policy will prevent something like the LNK exploit... And is rather just in case you're out of it or the computer is not fully owned by you.

Now this interests me more, but looks outdated and impractical...: http://www.grouppolicy.biz/2010/08/...rtcut-icon-security-issues-with-group-policy/

 

It works for files on the storage media, not for deeper USB stack and firmware exploits. The LNK exploit doesn't sound specific to USB and exploits a vulnerability in Windows Explorers's icon handing. Using Emet, a standard user account, SRP and other mechanisms that deal with exploits in general is the best approach for this sort of exploit.

USB is a weak point that has issues beyond what is on the actual storage media. It is not a good idea to buy cheap off brand USB drives on eBay.

https://www.wired.com/2014/07/usb-security/

Group policy is only available on Pro editions of Windows but the registry can be edited to the same effect on Home editions.

Autoplay is easy

Code:

Open regedit and locate the following key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

Change: NoDriveTypeAutorun to 0x91

If necessary create this key as a DWORD.

I can't find a specific reference for a registry key that disables execution in a quick search. This is a something Keys(@Windows_Security) would likely know.

 

I would prefer some actual exploits that are at least researched to be scientifically facts. On Windows 10, or at least anything past XP.

And I think you've gone over whether you believe those policies will cover exploits or not, though the inclusion of EMET did surprise me.

And although I do use MBAE Premium, I can't honestly recommend it to an average user who knows nothing about this sort of stuff.

 

USB disk Manager implements GPO policies for USB on Home versions download http://download.cnet.com/USB-Disk-Manager/3000-2094_4-75743006.html

I have tested it on Windows 8.1, it seems to implement the Access Control List of GPO. I have not tried it on Windows 10 (but like Secure Folders which you can use for Anti-Execute through ACL on Folders, it might work on Windows 10 also since ACL is NTFS related, but only try on Windows 10, when you have image backup restore as a saft net )

 

In spite of a lot of theoretical talk about USB vulnerabilities, there are not a lot of in the wild exploits of them. That is probably due to needing physical access to a machine with a compromised USB device to exploit them. And modding USB firmware is not the easiest thing to do either. There are far easier paths for malware to use. In any case, disabling autoplay and execution from removable devices is a good thing to do and will prevent a USB device that carries malware from someone else's system from infecting yours.

 

@MisterB Ironically the people who fear malware entry though USB should realize someone has to put that USB into their computer, so they are basically afraid for themselves

 

There appears to be a new version of js_bondat circulating with only half the AVs on VT detecting it. This bugger is a javascipt USB worm. Write up on the prior version is here: http://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/js_bondat.nl. Copies the legit copy of wscript.exe from system32 directory and renames it in either %Appdata% or %UserProfile%. For persistence, runs out of Startup directory as Windows Explorer.lnk.