My grandson is starting to use flash drives at his high school. Before he connects his flash drive to my computer I want to be sure it is malware free. How is the safest way I can do this? What I intend on doing is implementing Returnil before connecting the drive and then scanning it with either Symantic Endpoint or Malwarebytes Anti-Malware. If I do this I should not have any problems should I? And, should I also turn on the Anti-Executable Protection in Returnil? Additionally can I also scan his MP3 player for malware using the same procedure above? As always any and all replies will be most appreciated and I would thank you in advance. John
Disable auto run and set your AV to scan portable media all the time. I think you can use Sandboxie to sandbox USB's also, not sure though.
Charnge the format of the USB Flash Drive to the NTFS File System. Then Immunize the USB Flash Drive with Panda USB Vaccine. Turn Off AutoRun in Windows.
I think all the above advice is great, but if me, I would not allow ANY flash drive from one of my grandkids to be connected to my main computer. Too risky. I trust my grandkids, but they do not have the expertise to ensure nothing bad is on the drive and frankly, I don't trust any of the IT experts at their schools. I trust their intent, not their capabilities. Not when it comes to my bank accounts, my money, my data files, my personal information. And I certainly do not know, or trust their friends - who may be careless about security. So I would STRONGLY URGE you to have a second computer for grandkids, kids and other guests in your home and let them use it. And as always, have this computer in a common area, not in the kids/grandkids room, behind closed doors. In spite of what our kids and grandkids say, they are not invincible and are not smarter than the badguys.
"So I would STRONGLY URGE you to have a second computer for grandkids, kids and other guests in your home and let them use it. " If you absolutely must have a single PC you can get close to this with a second hard drive and BIOS control over which one is active. Simply turn your drive off when someone wants to use the other OS. I did this for several years when I had limited space. I agree with Bill though, when it comes to your computer and other people using it, there needs to be more than security in between.
John, I strictly follow the "I don't plug anybody elses USB drives in my computers" type of thinking. But if you have to connect your grandsons flash drives to your computer, you can use Sandboxie to run files and be safe. If a file is infected, the infection gets contained by Sandboxie and is gone when you delete the sandbox. In the free version, you can use a sandboxed Windows Explorer to navigate to the USB drive and run files sandboxed. That is easily done from the Sandboxie icon in the taskbar or from the SBIE folder in All programs. If you got the paid version, you can force the USB drive to open sandboxed. That means that any file in the drive will run automatically when its executed. No need to use a sandboxed Windows Explorer. It works great, there are a lot of settings that you can use to fine tune the sandbox, for example, you can restrict all programs from accessing the internet and either allow all programs to run or you can choose the programs that you want to be allowed to run. There is also a setting that you can use to block programs running in the sandbox from having any access to your personal files and folders. It works very nice, maybe you like to try Sandboxie. Bo
I really want to thank each of you for replying to my original post. Everything said regarding the risk of plugging in a flash drive I have heard many times and I fully agree. And, I appreciate what has been said about Sandboxie, I do have the paid version. I was surprised though in not hearing anything regarding Returnil. I always understood that it would be safe to install and try a program when Returnil was implemented because once the system was rebooted any and all threats would be gone as in the case of Sandboxie. I am trying to safely scan the flash drive for malware and to see what is on it. That is why in my original post I asked if I could do so by first implementing Returnil and also if I should turn on the Anti-Executalble Protection in Returnil. I have an older free version of Returnil because I did not care for the newer versions. I am not as experienced with computers as most on this formal so please bear with me. Thanking you in advance. John
culla, But, do you believe if you had your Returnil 2008 implemented and you inserted a flash drive into your computer USB port to scan that you would be 100% safe? And if so, would you be utilizing the Anti-Executable Protection also just in case there was an auto run file on the flash drive? According to what I believe to be true once you reboot any and all malware if there was any would be gone. At least that is how I understood Returnil worked. Having a little difficulty in someone telling me for sure that Returnil should in this case either work or not. Thanks for replying I appreciate it.
In terms of what? With a little effort, a decent Linux box can do just about anything a Windows box can do. Including getting infected.
I disagree with the getting infected thingie, especially from kids in school using primarily Windows machines for their work. Mrk
To answer your question about Returnil.... I use Deep Freeze (same type program) and yes, if there was anything on a flash drive that infected my computer, I would just reboot and it would be gone. I also use AE (Anti-Executable) from Faronics. It's a mystery to me why more people don't use these "light virtualization" products.
That's the perfect scenario for an infection! A kid bringing home files on a USB device that was just connected to a different network with a bunch of computers used by a bunch more kids. All the more reason to keep that drive away from your main machine - especially if the school's budget still has them with XP. Do not think for second Linux machines are invulnerable. I note the US Dept of Homeland Security just today sent out their latest US CERT Vulnerability Summary and while there are no Linux criticals this week, there are a dozen mediums. FF did not fare so well again either.
You mount the usb device with noexec option, simple as that. None of the Windows malware, if present will do anything on Linux. Even if there's malware for Linux, a remote chance, it will usually be targetting specific distros. Choose an obscure one for a usb check unit, like gentoo, and you're all covered. I bet you a shilling that you will never ever see any Linux malware brought home on usb from a school computer. Mrk
Disabling autorun is a great idea but it along with malware scanning doesn't guarantee an infection free pendrive. Maybe a vm to check files he wants to run? I've never used Returnil, as you've suggested, but that may work great as well.
Hi jpcummins, I've had this situation at work since I joined Wilders. I don't use Returnil although I've had it for a short time in the past. I've had an army of flash drives from collaborators and friends of collaborators plugged in my computers over the years and they are definitely the most infected devices ever as they tend to be quite 'promiscuous' by design. I think Eset, Avira and MBAM detected more than 200 different types of malware during this period. As Bo Elam suggested Sandboxie can be used, but I think Returnil is just perfect for this task (I use Shadow Defender which works with the same principle). The Anti-Executable feature from Returnil is good if you want to stop anything from executing automatically, but you won't be able to see what's on the flash drive (in my case it is important, even if infected to see what's on the drive). The virtual volume of Returnil will take care of any malware even if it is executed, once you reboot your computer.
That's a tunnel vision, if not selfish outlook often taken by alternative OS users. Just because a Linux box is much less likely (today) to be infected with malware that compromises the owner's data or personal information, that does not mean Linux's many vulnerabilities cannot be exploited to draft the Linux box into botnets used by badguys against other systems - and the rest of us. Note Symantec's MessageLabs article, Botnets Exploit Linux Owners' Ignorance reports, Linux Rootkits are proliferating, and used to infect websites with malware. Linux boxes maintained by careless (cocky?) Linux users are a growing menace to all us all - not just themselves. You are on! Pretty sure I got a few shillings from when I was stationed in East Anglia in the early 80s. If not, I have some Confederate dollars to match your defunct shillings. Sure, a Linux box is simple to secure. But a Windows box is even easier. The problem is users, always the weakest link in security, fail to consistently "practice safe computing". And it is the very fact that Linux's growing use along with the fact W7 and W8 systems are much harder to infect than XP systems that Linux systems are being targeted more and more by badguys. Driving a Hummer does not make you a safe driver.
Let me quickly backup and say I do not mean to suggest ALL Linux users have tunnel vision or are selfish. That was poorly written on my part so my apologies to anyone who took my comments in that way. What I am saying is ALL computer users, regardless the OS they use, have a responsibility to ALL OTHER computer users to keep their systems safe. But sadly, there are many alternative OS users (namely Linux and Mac users) who do only think of their own security and safety - either out of ignorance, or selfishness, or both. Granted, there are some Windows users who feel the same way, but the fact of the matter is, "normal users" don't use Linux. The vast majority of Linux users are advanced computer users with considerable experience using networked computers and therefore, at least in my opinion, should know and understand the importance of being a good "netizen" by keeping their systems from being a threat to others, not just themselves. Unfortunately, that is not happening.
Well, we will be going offtopic. I responded to that five time spam article formally. Security companies cannot be trusted for opinions on security. That article refers to servers - not windows to linux malware propagation. That's not tunnel vision but a (maybe) practical solution for a windows user. Safe computing on Windows is definitely possible and easy - but that's not the topic, the the topic is how to make a person's computer more secure against possible school-generated malware on usb sticks. Mrk
Thanks for all of the replies, I certainly enjoyed reading them and learned quite a bit in the process. Although, I was a little surprised that there were not more replies from actual Returnil users. Regardless, I was able to do what I wanted by implementing Returnil, then scanning the flashdrive and finally formatting it to be sure no malware was there. I intend on installing the Bitdefender USB Immunizer and of course implementing Returnil each time one of my Grandsons flashdrives are used. I know that ideally this may not be the safest way to go but circumstances being what they are it will have to do. I do, after making sure the system is safe, make periodic backups. But in reality does anyone know 100% that their system is really safe. John
@john - please interject at any point, this is your thread. But while we await return, I agree 100%, a report on malware from an anti-malware software maker like Symantec should be eyed with a suspicion of bias. However, there would be a major rebuke of the those reports if there were not some truth to it. But as can be seen here, many of the major IT and IT Security media sites reported the findings without faulting the report. They are not all lemmings. And that "5 times" is no doubt exaggerated. Perhaps even grossly exaggerated. But let's be realistic here. Worldwide Linux use is a drop in the bucket compared to Windows so for Linux to attract any attention for distributing spam, the numbers must be significant! The function of the computer really does not matter. It is not the Linux server software being exploited, it is the OS. But to that - it bothers me server admin apparently are not paying closer attention to their network traffic. Of course, server admin could be the spammers too in many cases, or have other incentives to turn blind eyes. FTR, I like Linux and hope it thrives for at least 3 reasons. (1) It leaves absolutely no excuse to steal, or illegally use Windows licenses and other Windows-based software, (2) like AMD nipping at the heels of Intel, it keeps Microsoft from getting too cocky again or complacent (competition is always good for consumers), and (3) Linux gives me viable alternatives (from stealing or busting budgets) to suggest to forum posters, clients, and others. Back on point, security must be paramount, the risks are too great. We cannot even be sure a brand new thumb drive has not be compromised at the factory, let alone from an unknown network handled by an unknown number of people - especially kids. So autoplay needs to be disabled. Consider that little inconvenience a cost of Freedom. ***** Edit add - I see John returned while I slowly typed my last reply. Not really. Zero-day exploits are possible. So to minimize that possibility, don't visit where the badguys wallow - where they release their brand new code. So if you stay away from illegal filesharing or illegal gambling or porn sites, you can be pretty darn certain you are safe. That said, you can put a dozen locks on each door and window, but if a determined pro has targeted you there's little you can do but have a recovery plan.
