Feature request - USB immunizer

Discussion in 'Other ESET Home Products Beta' started by iScream, Aug 13, 2012.

Thread Status:
Not open for further replies.
  1. iScream

    iScream Registered Member

    Joined:
    Jan 29, 2011
    Posts:
    21
    Currently I have to install Panda software to immunize my pen drives, it would be nice if ESET had this feature as well.

    For those who don't know what I'm talking about:
    There are viruses that spread through USB drives, using autorun file autorun.inf to do the nasty things. It's possible to immunize your USB drive by editing some hex values of an autorun.inf, which make it uneditable (on Windows, since Linux doesn't care :)), so if you plug it into an infected computer, it won't be able to spread to your USB drive.
     
  2. loveboy_lion

    loveboy_lion Registered Member

    Joined:
    Jun 23, 2012
    Posts:
    3
    Location:
    India
    If you are using Windows Vista or Windows 7, you don't need to worry about USB autoruns, Microsoft disabled autoruns with a Windows Update awhile back where they can not infect your system unless you manually run the executable. However on Windows XP, USB autoruns are not disabled by default.

    Most AV's detect malware on USB devices, of coarse if you don't connect unsafe USB devices, then you don't need to worry. Since no AV detects everything, it is best to never connect USB devices that you don't know for sure are safe.

    anyway its a good feature request but only for xp users
     
  3. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,032
    Location:
    California
    Hello,

    Noted and forwarded to ESET's product management team.

    Regards,

    Aryeh Goretsky

     
  4. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,032
    Location:
    California
    Hello,

    Some people might use removable media like USB flash drives with multiple operating systems at school, home, work and so forth. Even if only one of those environments is running Microsoft Windows XP, they could continually be reinfected as users bring infected removable media back to the computer.

    Regards,

    Aryeh Goretsky


     
    Last edited: Aug 15, 2012
  5. iScream

    iScream Registered Member

    Joined:
    Jan 29, 2011
    Posts:
    21
    Now that I'm a bit more informed, if one creates a directory called autorun.inf, new autorun.inf cannot be made unless directory gets renamed, or deleted, but it's unknown if any of those care about this.

    About the winupdate: I heard of it, but even after installing SP1 for win7 (reinstalled today...), autoruns are on by default. Of course it's possible to have it turned off through Control Panel, using an AV they can be detected...
    I was just randomly posting it. Not a real threat but still, if you think of the not tech savvy people, they might not turn it off and prevention is stronger than detection right?
     
  6. quanzi_1507

    quanzi_1507 Registered Member

    Joined:
    Feb 18, 2009
    Posts:
    320
    I think most viruses spreading through usb always check for that first, if a directory called autorun.inf already exists they will simply delete it and create their own infected file (with the same name). Many "USB immuziner" (Panda, BitDefender...) also implements this trick, but they've developed their own way to secure the autorun.inf directory so you won't be able to delete or even see it.

    Windows 7 ignore all instructions about running executables in autorun.inf by default. It will only read instructions about label / name change for the drive so feel free and double-click your drive's icon in My Computer even if it looks like a folder (the virus won't be activated just by clicking the drive's icon). No need to disable autorun.inf in Windows 7 IMO.
     
Thread Status:
Not open for further replies.