Protection from Malware on USB Sticks

Discussion in 'other anti-malware software' started by Krusty, Feb 10, 2018.

  1. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,193
    Location:
    Among the gum trees
    I've been thinking about this since I read this post by @shmu26 .

    Do most of us who use machines connected to the 'net really need a separate program to protect us from malware hiding on USB devices?
     
  2. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    8,627
    Not in my opinion. Nothing on a USB stick will run, unless I manually open the file.
     
  3. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,193
    Location:
    Among the gum trees
    Ah, but what about BadUSB (protected by HMP.A on my machine)? You can disable Autorun but that won't stop BadUSB. :shifty:
     
  4. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    IMO it's not needed, at least not for regular users.
    How effective is HMP.A against firmware hacks? Does it make decisions automatically or does a user have to make a decision?
     
  5. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,193
    Location:
    Among the gum trees
    I am far from being the best person to ask but Alert simply 'alerts' to any new mouse or keyboard that is plugged in. The user has to allow it but if I plug a flash drive in and it pretends to be a keyboard... :isay:
     
  6. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    8,627
    I haven't disabled autorun. By default, Windows won't run anything automatically.

    In my opinion, the chance that the average user is going to encounter something like BadUSB is close to zero.
     
  7. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,193
    Location:
    Among the gum trees
    Then what about Stuxnet and its ilk? :D
     
  8. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,193
    Location:
    Among the gum trees
    For the record, I agree that most users will not have to worry about this threat. I just thought it might be interesting to discuss.
     
  9. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,193
    Location:
    Among the gum trees
  10. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    8,627
    Well, I did say close to zero, rather than saying it won't happen. As for that article, I've never been mailed any USB sticks, other than ones I've purchased online. If I was, I would treat it with suspicion.

    Personally, I don't worry to much about things that are highly unlikely to happen. If hidden malware was commonly found on flash drives, that would be a different matter.
     
  11. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    I don't. I think your setup should protect the machine period, at all times.
     
  12. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,193
    Location:
    Among the gum trees
    Thanks for your feedback.
    I'm the first to admit that my machines are over protected. My name is Krusty and I'm a security software-coholic. :D
     
  13. Bill_Bright

    Bill_Bright Registered Member

    Joined:
    Jun 29, 2007
    Posts:
    4,040
    Location:
    Nebraska, USA
    I think in all cases with pre-infected USB sticks, either auto-play still has to be enabled or users are clicking on the infected files after connecting the sticks. In either case, and as is typically the case, it once again boils down to the user is always the weakest link in security.

    I don't know if it was by chance shmu26's computer did not have network access or if he put that computer on the other side of the house because it did not have network access, either way, that was good as malware typically seeks out other systems on the local network first.

    For sure, I think your post is a reminder for every one to check their auto-play settings to verify auto-play for all external devices is disabled.

    Now, to answer your question, "no". I don't feel anybody needs "extra" protection for their USB connected devices. They do need to keep their operating systems current, they do need to use a decent anti-malware solution and keep it current, and they need to NOT be "click-happy" on unsolicited downloads, attachments, popups, and links.

    Now in the case of a "guest" computer in the house, obviously the "click-happy" part may be hard to police. But that's where you read the riot-act to your kids and grandkids and even adult guests BEFORE you give them the password to gain access. And if that system is connected to your locale network, restrict file and access sharing.
     
  14. RockLobster

    RockLobster Registered Member

    Joined:
    Nov 8, 2007
    Posts:
    1,812
    I disagree with almost everyone on this thread. The badusb threat is a serious one, just the fact no one is taking it seriously is all the more reason for malware creators to use it not withstanding how difficult it is to detect.
    Take a look at this project on github
    https://github.com/brandonlw/Psychson
     
    Last edited: Feb 10, 2018
  15. Bill_Bright

    Bill_Bright Registered Member

    Joined:
    Jun 29, 2007
    Posts:
    4,040
    Location:
    Nebraska, USA
    Who says we are not taking it seriously? Just because it is a serious threat, that does not mean you need yet another dedicated security program for it. I clearly said above to disable auto-play, keep your system and security current, and don't be click-happy. That is taking security seriously.
     
  16. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    @RockLobster
    Yes threat is serious but unlikely to happen to vast majority of users.
    Personally I just don't insert unknown USB devices in my computer. I prefer to be a little more careful than install another software that will try to fix another hardware (firmware) problem.
     
  17. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    1,999
    Location:
    Member state of European Union
    It is also worth to remember about usb killer - not a malware, but this threat is trying to fry your electronics.
     
  18. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,144
    Location:
    Nicaragua
    Those of us using Sandboxie dont need to install anything to protect ourselves from infected flash drives. My main protection against infected USB drives is that I avoid plugin in other peoples USB drives. But Sandboxie works well for protection. With the paid version, you can force your USB drives so when the flash drive gets inserted, a sandboxed version of Windows explorer pops up open automatically. If anything runs, it runs under Sandboxies supervision. You can set up via Sandbox settings the programs that are allowed to run, forbid all programs from having internet access, etc. If you are using Sandboxies free version, you disable auto run and run a sandboxed version of Windows explorer manually and use it for navigating to the flash drive, Anything you execute or run via the sandboxed explorer, runs sandboxed. To make it easier, if you open flash drives often, you can create a sandboxed shortcut to run Explorer so it opens with one click, automatically.

    I think the danger of getting infected via USB drives is greater for college and high school students who constantly share files among themselves. Or people in general who share flash drives (bad idea, IMO). For someone like myself who basically plugs no drive that's not mine the chances are about 0% of getting infected this way but even so, since I have SBIE, I force all my USB drives as it is safer and doesn't take anything away from my computing experience. No usability loss.

    Bo
     
  19. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    Unfortunately that is not true for badusb and similar attacks. There is nothing run or opened from USB, so SBIE doesn't have anything to sandbox.
     
  20. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,549
    The risk of flash drive attacks is culturally determined, to a large extent. For the modern, always-connected generation, using someone else's flash drive sounds like using someone else's toothbrush. You just won't do that.
    But in societies (or age groups) where internet connectivity is not the norm, sharing flash drives is as common as riding the bus.
     
  21. Bill_Bright

    Bill_Bright Registered Member

    Joined:
    Jun 29, 2007
    Posts:
    4,040
    Location:
    Nebraska, USA
    Yuck. But true - at least in my opinion.
    Maybe but you still don't need special, dedicated software to protect you from the associated threats. The risks of catching something in the bus is the same as it is when you touch a shopping cart, ride in an elevator, or give your kids/grandkids a hug when get home from school.
     
  22. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    1,999
    Location:
    Member state of European Union
    In my experience friends connect external hard drives or pendrives when there want to share larger files. I mean a few gigabytes, tens of gigabytes. A few movies would do. Sharing this through Internet would require some time. Connecting is usually less time consuming and more private. It also is less likely led to law problems, because they don't share over the Internet, so it is more private. They usually know each other and are meeting at home anyway.
     
  23. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,144
    Location:
    Nicaragua
    Sandboxie is excellent protection against malware coming via flash drives, you ought to know that. Regardless of what you wrote, if you have the good habit of not using other peoples USB drives (I said it twice in my earlier post) and use Sandboxie to sandbox flash drives when they get plugged, your chances of getting infected via flash drives are about 0, that aint bad.

    Bo
     
  24. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    2,199
    No. Enable SRP.
     
  25. Bill_Bright

    Bill_Bright Registered Member

    Joined:
    Jun 29, 2007
    Posts:
    4,040
    Location:
    Nebraska, USA
    But you are assuming these friends live near each other. Many of my friends are scattered all over the world.

    As far as the legality, you are indicating ways to do something illegal (filesharing copyrighted materials) without getting caught. I say if someone wants a song or movie, pay for it. If they don't want to pay for it, watch it at some one's house who has legally paid for it. If they don't want to do that, forget about it. Just don't steal it. :mad:

    As for sandboxie, yeah, they work but it is not really practical for most normal users (nor is it needed). If someone does not have control over what devices are being connected to their computers, or the technical knowledge to know how their Windows treats connected devices when attached, Sandboxie is going to be beyond their technical abilities regardless. And again, it is just not needed - so why pay for something not needed, especially if it makes their computing more difficult and confusing?

    Again, autoplay is disabled by default. Windows and most anti-malware solutions (and yes, including the capable Windows Defender) keep themselves updated by default. The rest is up to the user - regardless of and in spite of what their security setup of choice is, or how competent and disciplined they are.

    The best security in the world can not help you if you open the door and let the bad guy in. If you insert a flash drive or attach an external disk to your computer that has not been in your possession 100% of the time and you are not 100% certain it is clean, DON'T BE CLICK-HAPPY on ANY of the files it contains. Insert or attach then scan the entire drive for malware. If clean, then you can click away.

    I don't care who the friend is, how competent they are in IT security, or how much I trust them. If they come over with a thumb drive containing something I want or they want me to see, it is getting scanned before any file is opened or copied. Period! And to that, I don't have any friends or relatives who would object to that either! If they did, too bad!

    How did the earliest forms of malware get spread? Via floppy disks on the "sneakernet"! It seems we've come full circle, again.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.