USB Protection

Discussion in 'other anti-malware software' started by atomomega, Sep 21, 2016.

  1. atomomega

    atomomega Registered Member

    Joined:
    Jul 27, 2010
    Posts:
    1,288
    So... more than a year has gone since the launch of Windows 10 and I'm still running Autorun Eater on all my machines. I have a few questions for you:
    1: Do you still use any sort of USB-specific protection?
    2: If you do, which one?
    or
    3: If you don't, how do you mitigate the risks of infections through flash drives?

    I'm just trying to make up my mind wether to finally pull the plug on Autorun Eater (which has been well abandoned for some time now)
     
  2. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    5,613
    1: I don't feel the need to. If I plug in an infected flash drive, my computer will only become infected if I manually launch an infected file on the drive. If I was to open an infected file, my antivirus would probably intercept it.
    3: By being careful about what files I run. It's the same approach I take with files I download.
     
  3. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    3,793
    Location:
    Among the gum trees
    If I don't trust a USB flash drive I will not insert it in my machines.

    If I received one of these in the mail I would NOT insert it in my machine.

    HitmanPro.Alert protects against BadUSB devices (an USB device that pretends to be a keyboard) as well.

    If you were still worried you could use VoodooShield or similar, which will stop any payload from running.
     
  4. dbrisendine

    dbrisendine Registered Member

    Joined:
    Jul 15, 2006
    Posts:
    51
    Location:
    BC, Canada
    MCShield (www.mcshield.net) is a free tool against the USB malware. Check it out; I think you will be impressed.
     
  5. This is a nice one. Even when application does not run it still applies its protection. It looks like a GUI for internal windows protection options only available for Windows Pro and higher (Business, Ulitimate). So grab it while you can.

    USB Disk manager: http://www.syedgakbar.com/projects/usb/
     
  6. Yuki2718

    Yuki2718 Registered Member

    Joined:
    Aug 15, 2014
    Posts:
    1,257
    I tested Clevx DriveSecurity.
    Good: Runs on medium IL. Don't require autorun (it copyes USBListener.exe to temp folder and it monitors USB connection, it also runs on medium IL).
    Bad: No quarantine nor exclusion!! Detect anything encrypted, or at least my own harmless encrypted zip. Expensive.
    I removed it.
     
  7. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    1,889
    do any of these programs install anything on the USB itself? if so I would not use it with my imaged USB stick.
     
  8. quietman

    quietman Registered Member

    Joined:
    Dec 27, 2014
    Posts:
    511
    Location:
    Earth .... occasionally
    McShield will not touch your USBs in any way ..... use it with confidence :)
     
  9. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    1,889
    I noticed today addguard blocked an autorun on one of my usb"s and I can't even remember what is on it, that is the funny part.
     
  10. Willpower

    Willpower Registered Member

    Joined:
    Jan 3, 2014
    Posts:
    18
    Location:
    CANADA

    Yes I'll second that. Have been using MCShield for a number of years and am "impressed"!
     
  11. ArchiveX

    ArchiveX Registered Member

    Joined:
    Apr 7, 2014
    Posts:
    1,103
    Not for protection; useful USB Tool, however.

    USB Device Tree Viewer

    Code:
    http://www.uwe-sieber.de/usbtreeview_e.html#download
     
  12. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,327
    Location:
    USA
    Can you confirm that McShield is working OK on Windows 10? I was thinking of using it again, but I see that it hasn't been updated since 2014.

    Edit: I see now that Windows 10 is listed under McShield system requirements. Does it use signatures and if so do they continue to be updated? TIA
     
  13. Duotone

    Duotone Registered Member

    Joined:
    Jul 9, 2016
    Posts:
    91
    Location:
    Philippines
  14. daman1

    daman1 Registered Member

    Joined:
    Mar 27, 2009
    Posts:
    985
    Location:
    USA, MICHIGAN
    I rely on my AV,,BD scans any USB device before it's allowed to run, after a quick scan then it starts and loads.

    I've never had a USB infection.
     
  15. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,327
    Location:
    USA
    Yes, many AVs now include USB scanning so I wonder if these dedicated USB AVs bring any additional benefit?
     
  16. Duotone

    Duotone Registered Member

    Joined:
    Jul 9, 2016
    Posts:
    91
    Location:
    Philippines
    True... but this kind of softwares also make cleaning an infected/hidden USB files easy, SMADAV also has added ransomware and anti-exe feature(USB only) and very usefull for those who often use a pen drive.
     
    Last edited: Mar 6, 2017
  17. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,327
    Location:
    USA
    Thanks, I may give this one a try :thumb:
     
  18. atomomega

    atomomega Registered Member

    Joined:
    Jul 27, 2010
    Posts:
    1,288
    Thanks for the replies folks and sorry for getting back to you after a few months :D

    So I went ahead and installed MCShield, so far so good, I rarely insert flash drives that don't belong to me, so I've seen it in action only once.

    Kinda tempted to try SMADAV but as @Victek and @daman1 said the av should stop any infection (in my case Windows Defender).
     
  19. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    3,793
    Location:
    Among the gum trees
    I believe the latest version was released way back in 2014 but has it received any updates since you've had it installed?
     
  20. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    1,092
    Location:
    Paris
    When considering USB protection one must also consider any damage done to the files that exited on the flash drive prior to malware infection. So Optimal protection would be:

    1). detecting the malware on the USB
    2). Preventing malware spread to the Host system
    3). putting back the files to their former state.
     
  21. atomomega

    atomomega Registered Member

    Joined:
    Jul 27, 2010
    Posts:
    1,288
    It seems like the last update was on February 21, 2016. Maybe they rely on the heuristics engine built-in?

    screenshot.3.jpg
     
  22. atomomega

    atomomega Registered Member

    Joined:
    Jul 27, 2010
    Posts:
    1,288
    So I believe 1) and 2) are very basic and most antimalware products do it. But about 3) I've only seen G-Data restoring infected files after disinfection, the majority of products just qurantine/delete, from what I've seen
     
  23. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    3,793
    Location:
    Among the gum trees
    OK, thanks. I'm giving it a try now.
     
  24. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    3,793
    Location:
    Among the gum trees
    https://www.mycity.rs/MyCity-Laboratorija/MCShield-v3_11.html#p1820663

    Translated by Google Chrome:
     
  25. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    2,188
    Location:
    DC Metro Area
    Last edited: Mar 9, 2017
Loading...