USB Flash Drive - Malware Protection

Discussion in 'other anti-malware software' started by TheKid7, May 21, 2013.

Thread Status:
Not open for further replies.
  1. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
    I have all of my USB Flash Drives:

    1. Formatted NTFS.

    2. Immunized with Panda USB Vaccine.

    How would I further increase protection (USB Flash Drive based protection) against Malware?

    Is there some way to prevent any executable files from being ran on USB Flash Drives?

    Since the USB Flash Drives are formatted NTFS, is there some way to use Windows to set permissions (on the USB Flash Drive) to deny files from being executed on the USB Flash Drives?

    Thanks in Advance.
     
  2. siketa

    siketa Registered Member

    Joined:
    Oct 25, 2012
    Posts:
    2,695
    Location:
    Zagreb, Croatia
    NVT EXE Radar Pro blocks USB flash executables from running.
    :thumb:
     
  3. mick92z

    mick92z Registered Member

    Joined:
    Apr 27, 2007
    Posts:
    499
    Location:
    Nottingham
    You have Sandboxie paid, so force your external drives to open Sandboxed.
     
  4. majoMo

    majoMo Registered Member

    Joined:
    Aug 31, 2007
    Posts:
    938
    mick92z suggestion is excellent to you.

    USB Flash Drives Control allows to do what you want also; but in your case I would follow mick92z suggestion.
     
  5. TomAZ

    TomAZ Registered Member

    Joined:
    Feb 27, 2010
    Posts:
    1,002
    Location:
    USA
    Please explain further how this might apply to a usb external HDD?
     
  6. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    3,872
    Autorun eater might be a useful addition also.
     
  7. HAN

    HAN Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    2,080
    Location:
    USA
    You have NOD32. It offers flash drive blocking right??
     
  8. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
    My Goal is to Prevent a USB Flash Drive from transferring Malware from any USB Flash Drive to any PC. I was mainly thinking of keeping anyone's USB Flash Drive from infecting anyone's PC.

    I want to Minimize the chance of spreading Malware from USB Flash Drives to an isolated Network of PC's.
     
  9. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    704
    Location:
    Italy
    ERP can be configured to block the execution of processes started from USBs, Network Drives, RAM Disks and CD-ROMs. So if you insert an infected USB in your PC where is installed ERP, the malware will be auto-blocked from beign executed in your system. Also lockdown-mode can help to block any unknown process by default.
     
  10. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    3,872
    Personally i feel usb protection is pointless.
    For a malware to execute it either has to be resident in the ram or on the hard drive and the resident antivirus will be monitoring these.
     
  11. siketa

    siketa Registered Member

    Joined:
    Oct 25, 2012
    Posts:
    2,695
    Location:
    Zagreb, Croatia
    This way you protect one entry point into your system.
     
  12. sthmptn

    sthmptn Registered Member

    Joined:
    Jul 20, 2009
    Posts:
    31
    If Autorun is disabled in Windows, is there any malware can get onto the system?

    If files or scripts are accessed or copied then I can see an opening but wouldn't these threats be contained in the same way as if you had downloaded them from the internet (i.e. your resident security; Sandboxie, Appguard, AV etc)?

    These are the registry settings I use to stop Autorun invoking, then I treat all files from the USB as untrusted:
    http://support.microsoft.com/kb/967715

    W7: "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 255 /f

    XP: "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf" /v "" /t REG_SZ /d "@SYS:DoesNotExist" /f
     
  13. quanzi_1507

    quanzi_1507 Registered Member

    Joined:
    Feb 18, 2009
    Posts:
    320
    Autorun is blocked for external drives on Windows 7+ by default so malwares won't be able to executed by themselves. Unless you purposely run the infected files on your flash disks (which I doubt your antivirus will let you do so) or is running XP or unpatched Vista it's not worth worrying about usb malwares.

    Aside from immunizing your drives to block malwares from executing automatically on older system, you can just put everything on it into a zip / iso / other archive types. Next time you access your disk from another computer just ignore anything that isn't inside the archive.
     
  14. sthmptn

    sthmptn Registered Member

    Joined:
    Jul 20, 2009
    Posts:
    31
    Yes that's true. The regedit I posted turns off Autoplay in all drives, which Autorun needs to start.

    I believe that Autoplay just delays/prompts you before invoking Autorun, so it could still be started by happy-clickers/incompetent users. This way I have to explore the drive and manually start the exe.

    In any case, like you say, hopefully AVs will catch anything.

    By the way, one of my better buys is a USB with a read-only hardware switch that I use if plugging into other peoples computers. This should stop malware from getting onto the drive in the first place.

    Cheers,
     
  15. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    976
    Location:
    Paris
    I have to disagree with some of the statements above, as TheKid has a valid concern. Worms such as Downadup, Kido, etc just love to spread via USB drives when Windows reads them.

    For those that would like to prevent this without playing with the Registry, it can be done quickly by:

    1). Type GPEDIT.MSC in the run box and open the Group Policy editor
    2). DoubleClick Administrative Templates on the left
    3). DoubleClick All Settings
    4). Scroll down on the right to Turn Off Autoplay
    5). DoubleClick and make the adjustments there.
     
  16. HAN

    HAN Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    2,080
    Location:
    USA
    :thumb:
    :thumb:

    I now have 3 of them. And future purchases will likely have the switch too. They are not easy to find but IMO, the extra protection is worth it!
     
  17. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
    What are some Brands & Models of USB Flash Drives with a read-only hardware switch? Where can I buy them?
     
  18. sthmptn

    sthmptn Registered Member

    Joined:
    Jul 20, 2009
    Posts:
    31
    Hi Kid,

    As HAN says, they are not easy to find any more and they do add an extra cost. I got hold of a Kanguru SS3 32GB and use it with YUMI for cleaning other machines.

    This article lists the latest models available. Read through the comments for more up-to-date info, though. Also take note of the vulnerabilities in the "software tricks" method.

    This raymond.cc post was also a good read if a little dated and this Wilders post.

    Cheers,

    Edit: Also, I seem to remember that although SD cards have a flick-switch they are not recommended as it's similar to a software trick..
     
    Last edited: May 24, 2013
Loading...
Thread Status:
Not open for further replies.