View Single Post
Old 30. Jul 2012, 03:23 PM   #1 (permalink)
Anupam
Super Moderator
 
Anupam's Avatar
 
Join Date: Jul 2008
Location: India
Posts: 15,232
Default USB Security Software

A huge load of PCs get infected with malware from the USB drives/pen drives/flash drives/removable drives, and some of these malware can be very nasty. Strangely, even the good resident antivirus on the PC miss them. With some of the malware being quite nasty, once they infect the system, often, they require multiple scans from multiple anti-malware programs, and online services, to get completely removed from the system. I have myself dealt with some of these, and I know how difficult it is to get rid of these malware. You should consider yourself lucky, if one of these nasties infect your computer, and you can salvage your computer, without having to reinstall the OS.

Although resident antivirus do offer some protection from these malware, but still, it's not 100%. Strangely enough, there is no good software which offers sufficient protection for the USB drives, or, be resident on the USB drive itself, and protect the USB drive from getting infected at all. There have been a few commercial USB resident AV, but again, their effectiveness is not known, and neither we are concerned with them, the forum/site being about freeware. In this thread, I have tried to list down a few of the software out there, which offer some kind of protection for the USB drives.

The malware in the USB drives mostly spread by making use of the autorun feature, and by targeting, and infecting the autorun file. So, most of the USB security software work on the autorun file, to prevent malware from infecting the PC.

It's said that prevention is better than cure... so, why not just turn off the autorun feature altogether, and also immunize the USB drive to prevent the autorun file getting infected. This method is effectively used by Panda USB Vaccine. It can turn off the autorun feature altogether for the computer. This means, that the autorun of USB drives, and also the optical drives, will be turned off on the computer completely. This may seem like a trouble to some users who are used to the feature, but considering the threats involved, it would be better if this feature is turned off. Additionally, Panda USB Vaccine can also immunize the USB drives. For this, it installs its own autorun.inf file on the drive, and disables its reading, access, and modification, which prevents any other autorun file to be put on the drive. This should offer protection from most of the malware which work by targeting the autorun file. Also, Panada USB Vaccine can be made to start with Windows. It quietly runs in the system tray, and whenever a removable drive is inserted, it installs its autorun.inf file into the drive, and immunizes the drive.

The same method is also followed by BitDefender USB Immunizer, which immunizes the USB drives in the same way as Panda USB Vaccine, and can also reside in system tray, and immunize other drives which are inserted. However, from what I read on its page, I don't think it has the option to turn off the autorun feature altogether for the whole system. I have not used this software, so I am not sure about this feature. If someone does know, please share here.
Removal of the autorun file by BitDefender USB Immunizer can be a bit difficult though, and it involves plugging the drive into a Linux system for removal. I don't know if the drive can be just formatted, to make it empty altogether (which can be done with Panda USB Vaccine).

The above two software can be used to immunize the USB drives, and they work great, and they should offer sufficient protection to the drives. However, still, they are not 100% effective. So, it's better to be safe, and scanning of the drive before opening it, with resident antivirus, or other anti-malware program, is a must.

Flash Disinfector : This tool is developed by BleepingComputer. It works in the same way as Panda USB Vaccine, or BitDefender USB Immunizer. This tool has been discontinued, but still works for XP. It immunizes the removable drives in the same way, by installing a hidden folder named autorun.inf on the drive. But, it also goes a step ahead, and installs that folder in all partitions of the hard drive too, to prevent malware from infecting the system.
In case you want the protection to be removed from the system, it takes a bit of a task. The steps involved are listed here : http://www.myantispyware.com/2009/01...runinf-folder/
It does not run in resident mode.
__________________
Anupam
Anupam is online now   Reply With Quote