USB Flash Drive - Malware Protection

I have all of my USB Flash Drives:

1. Formatted NTFS.

2. Immunized with Panda USB Vaccine.

How would I further increase protection (USB Flash Drive based protection) against Malware?

Is there some way to prevent any executable files from being ran on USB Flash Drives?

Since the USB Flash Drives are formatted NTFS, is there some way to use Windows to set permissions (on the USB Flash Drive) to deny files from being executed on the USB Flash Drives?

Thanks in Advance.

 

NVT EXE Radar Pro blocks USB flash executables from running.

 

You have Sandboxie paid, so force your external drives to open Sandboxed.

 

mick92z suggestion is excellent to you.

USB Flash Drives Control allows to do what you want also; but in your case I would follow mick92z suggestion.

 

Please explain further how this might apply to a usb external HDD?

 

Autorun eater might be a useful addition also.

 

You have NOD32. It offers flash drive blocking right??

 

My Goal is to Prevent a USB Flash Drive from transferring Malware from any USB Flash Drive to any PC. I was mainly thinking of keeping anyone's USB Flash Drive from infecting anyone's PC.

I want to Minimize the chance of spreading Malware from USB Flash Drives to an isolated Network of PC's.

 

ERP can be configured to block the execution of processes started from USBs, Network Drives, RAM Disks and CD-ROMs. So if you insert an infected USB in your PC where is installed ERP, the malware will be auto-blocked from beign executed in your system. Also lockdown-mode can help to block any unknown process by default.

 

Personally i feel usb protection is pointless.
For a malware to execute it either has to be resident in the ram or on the hard drive and the resident antivirus will be monitoring these.

 

This way you protect one entry point into your system.

 

If Autorun is disabled in Windows, is there any malware can get onto the system?

If files or scripts are accessed or copied then I can see an opening but wouldn't these threats be contained in the same way as if you had downloaded them from the internet (i.e. your resident security; Sandboxie, Appguard, AV etc)?

These are the registry settings I use to stop Autorun invoking, then I treat all files from the USB as untrusted:
http://support.microsoft.com/kb/967715

W7: "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 255 /f

XP: "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf" /v "" /t REG_SZ /d "@SYSoesNotExist" /f

 

Autorun is blocked for external drives on Windows 7+ by default so malwares won't be able to executed by themselves. Unless you purposely run the infected files on your flash disks (which I doubt your antivirus will let you do so) or is running XP or unpatched Vista it's not worth worrying about usb malwares.

Aside from immunizing your drives to block malwares from executing automatically on older system, you can just put everything on it into a zip / iso / other archive types. Next time you access your disk from another computer just ignore anything that isn't inside the archive.

 

Yes that's true. The regedit I posted turns off Autoplay in all drives, which Autorun needs to start.

I believe that Autoplay just delays/prompts you before invoking Autorun, so it could still be started by happy-clickers/incompetent users. This way I have to explore the drive and manually start the exe.

In any case, like you say, hopefully AVs will catch anything.

By the way, one of my better buys is a USB with a read-only hardware switch that I use if plugging into other peoples computers. This should stop malware from getting onto the drive in the first place.

Cheers,

 

I have to disagree with some of the statements above, as TheKid has a valid concern. Worms such as Downadup, Kido, etc just love to spread via USB drives when Windows reads them.

For those that would like to prevent this without playing with the Registry, it can be done quickly by:

1). Type GPEDIT.MSC in the run box and open the Group Policy editor
2). DoubleClick Administrative Templates on the left
3). DoubleClick All Settings
4). Scroll down on the right to Turn Off Autoplay
5). DoubleClick and make the adjustments there.

 

I now have 3 of them. And future purchases will likely have the switch too. They are not easy to find but IMO, the extra protection is worth it!

 

What are some Brands & Models of USB Flash Drives with a read-only hardware switch? Where can I buy them?

 

Hi Kid,

As HAN says, they are not easy to find any more and they do add an extra cost. I got hold of a Kanguru SS3 32GB and use it with YUMI for cleaning other machines.

This article lists the latest models available. Read through the comments for more up-to-date info, though. Also take note of the vulnerabilities in the "software tricks" method.

This raymond.cc post was also a good read if a little dated and this Wilders post.

Cheers,

Edit: Also, I seem to remember that although SD cards have a flick-switch they are not recommended as it's similar to a software trick..