No Autorun

Discussion in 'other anti-malware software' started by atomomega, Sep 24, 2010.

Thread Status:
Not open for further replies.
  1. atomomega

    atomomega Registered Member

    Joined:
    Jul 27, 2010
    Posts:
    1,285
    -http://noautorun.sf.net-

    Blocks virus in USB flash/disk from auto-running. When a USB disk is inserted, this tool not only locks the autorun.inf file, but also locks all the autorun-related virus and other suspicious files.

    Latest build: 1.1.1.21
    Released on: 2010-07-23

    Supports 32-bit MS Windows (NT/2000/XP), 64-bit MS Windows, Vista, Windows 7
    GNU General Public License (GPL)
    ____________________________________________________________________________________
    Besides sg09 and me, I haven't seen anybody else here using this one. It has protected me several times when I've been using my flash drives @ college. It locks up all the malicious code before it can do any harm. I've found it much more user-friendly than Panda's USB Vaccine, since it doesn't have to modify registry entries. Unobtrusive protection for flash drives, open source, extremely light on resources, easy to use.

    Has somebody else tested this? What are your experiences?
     
  2. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    Hi, never heard of it before now so :thumb:

    Already have the Panda one, but might try this at some point. X64 Bit also available.

    I don't understand how it achieves what it's supposed to Without any reg entries ?

    Has some nice useful options though :)

    ar.gif
     
  3. tsilo

    tsilo Registered Member

    Joined:
    Apr 29, 2006
    Posts:
    376
    I am using it.. it's VERY effective. There is already posts about it.. search and u will find it.
     
  4. acuariano

    acuariano Registered Member

    Joined:
    Nov 4, 2005
    Posts:
    786
    thanks look good.
     
  5. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    What is the situation? Your drive gets infected when connected to another computer, it's protected you when connecting back to your computer?

    I assume, then, you are using a U3 type of flash drive. Otherwise, an autorun.inf file will not execute.

    ----
    rich
     
  6. sg09

    sg09 Registered Member

    Joined:
    Jul 11, 2009
    Posts:
    2,713
    Location:
    Kolkata, India
    @atomomega: Thanks for mentioning me. Yes I am using this tool for last few months after seeing the recommendation here. It also locked autorun exe file a lots of time where my reliable USB Virus Scan or most other similar apps failed. It is very easy to use and lacks only one imp feature IMO that is the USB vaccination feature. I asked the author for this in Twitter and he replied me that he will try to include the feature.
     
  7. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    As far as I can remember, No Autorun allows to define flash drive as read-only. So, if you insert it on an infected system, it won't infect, because it won't be possible to write to it.
     
  8. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Very nice feature! I don't see that in the configuration screen shot posted above, so it must be somewhere else.


    ----
    rich
     
  9. atomomega

    atomomega Registered Member

    Joined:
    Jul 27, 2010
    Posts:
    1,285
    Yeap, that's correct. Those computers are very infested, so when I bring my USB drive back home and connect it to my computer, No Autorun kicks in immediately, locking up the malicious files. It gives you the option to either remove them or keep them.
     
  10. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Why don't you set the option to Read Only that was mentioned? Then, nothing can write to the drive.

    ----
    rich
     
  11. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    I believe you need to right-click the tray icon and then one of the stuff in there leads to a window where you can define it.

    And, indeed, very nice feature, if all you pretend when carrying out your flash drive is to just read, copy or install stuff in other systems. Otherwise, it could be a bit troublesome if you, at the moment, need to place stuff in it. :D

    But, I guess we wouldn't trust our flash drive in systems we don't own and do not trust. ;)
     
  12. ruinebabine

    ruinebabine Registered Member

    Joined:
    Aug 6, 2007
    Posts:
    1,097
    Location:
    QC
    "Simple Read-Only protection tool for removable devices.
    Make Empty File on selected disk with required size. Most common usage - place executable file on USB-flash drive and run it for space filling. When free space will need, delete empty file.
    "

    I did not test it.
     
  13. sg09

    sg09 Registered Member

    Joined:
    Jul 11, 2009
    Posts:
    2,713
    Location:
    Kolkata, India
    I guess you are referring to this...
    no autorun.jpg
     
  14. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Oh, I don't know... I never worry about such stuff.

    My flash drive is not the U3 type, so if I copy some stuff from someone else's computer and my drive becomes infected, it won't auto-run when I connect back to my computer. When I access the drive in Windows Explorer, I'll notice if there is anything that shouldn't be there (I never have found anything), and just nuke it.

    The other situation of connecting other peoples disks to my computer: In floppy disk days I copied over files to students' disks many times. Now, autorun.inf will execute from a floppy disk. This was before fancy programs, so upon inserting the disk, holding down the SHIFT key prevents autorun.inf from executing. I never did find any infected disks, but it was still a good security procedure to follow.


    ----
    rich
     
  15. atomomega

    atomomega Registered Member

    Joined:
    Jul 27, 2010
    Posts:
    1,285
    I actually tried it right after I was able to read your post while I was at school. But as mentioned above, I wasn't able to add anything to the flash drive. That's the main reason why I use flash drives since I have to do my homework and bring it to school and sometimes pass it on to somebody else, or edit it using the school's computers... so I guess it wouldn't be that practical, for me at least...:doubt:
     
  16. tsilo

    tsilo Registered Member

    Joined:
    Apr 29, 2006
    Posts:
    376
    It protects PC even if read-only feature isn't turned on.. it's only option.
     
  17. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    If you neuter autorun with OS by turning it off, use something like Panda USB vaccine (lpt1 trick) or use this, isn't the end result the same? If you simply don't want a USB stick (infected or not) to infect you with autorun, why is this any better/worse than the other methods?

    Sul.
     
  18. Rilla927

    Rilla927 Registered Member

    Joined:
    May 12, 2005
    Posts:
    1,710
    I just made a recent post about usb sticks getting infected and have been so worried cuz my system got hit bad and of course I was using my usb sticks. Mine are not U3 thank god and I have auto-play disabled in the OS. I'm so happy I found this info.

    I never thought of it the way you put it so well. Thanks to people like you in this forum us little guys keep learning.
     
  19. Rilla927

    Rilla927 Registered Member

    Joined:
    May 12, 2005
    Posts:
    1,710
    Well put Sully, end result is the same.
     
  20. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    It even protects from link exploit POC. It detected the POC .lnk file and actual malicious .lnk file as well.

    It stopped execution of lnk exploit POC dll. I could not test the actual malware though as we have no working sampoles yet.
     
  21. atomomega

    atomomega Registered Member

    Joined:
    Jul 27, 2010
    Posts:
    1,285
    Even though this is not intended to be an A vs B thread, I personally have found Panda USB Vaccine quite intrusive as it sticks to USB drives and can't get rid of it even if you reformat the flash drive, it also changes the way OS (XP Pro SP3 in my case) behaves upon inserting any autorun media (cd, dvd, external hd...) and there's no option to un-vaccinate neither the computer nor the flash drives.
    That's why I find No Autorun much more user/OS-friendly as it only kicks in when it has to and displays a clear warning with all the files found to be threats and gives the option to block them but leave them there or to remove them...
     
  22. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Since the link exploit doesn't use autorun.inf, I don't understand how this NoAutorun product would intercept a LNK file.

    Can you post the alert message that popped up?

    thanks,

    rich
     
  23. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    It detected the actual malware .lnk file too.

    It stopped loading of POC dll file too. :thumb: :thumb:
     

    Attached Files:

  24. soccerfan

    soccerfan Registered Member

    Joined:
    Oct 15, 2007
    Posts:
    167
    Apparently, this is a feature of the latest version. From the changelog:
     
  25. sg09

    sg09 Registered Member

    Joined:
    Jul 11, 2009
    Posts:
    2,713
    Location:
    Kolkata, India
    That's great I wasn't aware of that...:)
     
Thread Status:
Not open for further replies.