View Single Post
Old 30. Jul 2012, 03:41 PM   #2 (permalink)
Anupam
Super Moderator
 
Anupam's Avatar
 
Join Date: Jul 2008
Location: India
Posts: 15,232
Default

Below will be listed some software, which have resident mode, and monitor the insertion of removable drives, and also scan the drive for malware, and remove them. They seem too good to be true . Their effectiveness is a question, and there are no independent tests to show how effective they are against the USB malware. I have personally used some of these, and found some to fail, or, I could not test them for effectiveness.

MxOne Antivirus : This is the software that I would like to see some independent tests about. Reason being, apart from having a resident mode on the PC, it can be installed on the USB drive too. It updates itself with signature definitions, like a regular antivirus, and offline updates are available too.
I used this a long long time back, and I never could test its effectiveness, and I therefore stopped using it. I don't remember exactly, but I think there was some kind of problem with its resident mode on the USB drive. But, I am not sure. Also don't know if it's still being developed. But, going by its features, it just seems like a dream.
An old thread on MxOne Antivirus can be found here on the forum : http://www.techsupportalert.com/free...pendrives.html

MCShield : This one is relatively new software that I happened to come across on a download site. It calls itself an anti-malware tool, which has a resident mode, and scans and removes malware from USB drives. It also has its own database updater. Again, the effectiveness of protection, and removal is not known. But, it seems good, looking at its site. If it works well as good as it looks, it would be just great.

USB Guardian : This works by parsing the autorun file, and locking resources to the executables the autorun file references, which prevents the user from accessing or opening those executables. The files can be deleted. The files can only be unlocked manually by the user. More on how it works : http://www.usb-guardian.com/how-it-works-.html
Seems like quite a good approach theoretically, but practically, the program had failed when I used it, causing my PC to be infected. The thread on forum is here : http://www.techsupportalert.com/free...-security.html

USB-AV Antivirus : This seems to be another new software. It has a resident mode, and claims to have heuristics too. Also claims to work alongside the resident antivirus on the system. Has signature updates, along with the capability of vaccination.

Ninja Pendisk : This has been around for a long time now. From its site :
Quote:
This ninja awaits quietly in the system tray for the times whenever a USB pendisk is inserted on the computer which will be examined to uncover the commonly malicious or virulent files known as “autorun.inf” and “ctfmon.exe” amongst many others.
Besides removing known virulent files, this tool will also immunize your pendisk and create a folder called autorun.inf with special protection permissions to protect your pendisk from being infected again when plugged on contaminated computers.
Seems good from the description, but I have doubts about its effectiveness.

iKill : It works like USB Guardian, by parsing the autorun.inf file, and either deleting the executables referenced by it, or asking the user about them, depending on the option set. It also has other features like process viewer, service viewer, and tools for disabling/enabling of registry editor, task manager, folder options, hidden file options.. the things which are affected by a malware attack.

USB Protector : It has a polished and stylish colorful interface , and some good features, like write protecting USB drive, and encrypting of files on the drive. Scans the USB drive for malware, and lets the user delete them.
The home site of the software has a red WOT rating, I think because of the hosting domain, but software should be clean. Still, caution recommended. Again, effectiveness of software unknown.

Autorun Eater : As the name suggests, the program sits in the tray, and removes suspicious autorun files. If MSE is installed on the system, it can use MSE to scan the drive.

NoAutorun : It blocks the autorun file, and also looks for suspicious files on the drive, and offers tools to deal with those files, like unlocker, file removal tool, and quarantine malicious content. It can also disable the autorun completely on the computer, with an option to keep the optical drive autorun enabled. That seems like a good option, which might appeal to some users. Last version released in February, so it might still be in development.

Antirun : It scans and removes the autorun file from the inserted drives, and can also identify a running malware executable, and remove it.
__________________
Anupam

Last edited by Anupam; 06. Apr 2013 at 08:14 AM. Reason: Updated link for MCShield
Anupam is online now   Reply With Quote