Gizmos Freeware Reviews  

Go Back   Gizmo's Freeware Forum > Debating Chamber > Security

Reply
 
Thread Tools Display Modes
Old 30. Jul 2012, 03:23 PM   #1 (permalink)
Super Moderator
 
Anupam's Avatar
 
Join Date: Jul 2008
Location: India
Posts: 15,232
Default USB Security Software

A huge load of PCs get infected with malware from the USB drives/pen drives/flash drives/removable drives, and some of these malware can be very nasty. Strangely, even the good resident antivirus on the PC miss them. With some of the malware being quite nasty, once they infect the system, often, they require multiple scans from multiple anti-malware programs, and online services, to get completely removed from the system. I have myself dealt with some of these, and I know how difficult it is to get rid of these malware. You should consider yourself lucky, if one of these nasties infect your computer, and you can salvage your computer, without having to reinstall the OS.

Although resident antivirus do offer some protection from these malware, but still, it's not 100%. Strangely enough, there is no good software which offers sufficient protection for the USB drives, or, be resident on the USB drive itself, and protect the USB drive from getting infected at all. There have been a few commercial USB resident AV, but again, their effectiveness is not known, and neither we are concerned with them, the forum/site being about freeware. In this thread, I have tried to list down a few of the software out there, which offer some kind of protection for the USB drives.

The malware in the USB drives mostly spread by making use of the autorun feature, and by targeting, and infecting the autorun file. So, most of the USB security software work on the autorun file, to prevent malware from infecting the PC.

It's said that prevention is better than cure... so, why not just turn off the autorun feature altogether, and also immunize the USB drive to prevent the autorun file getting infected. This method is effectively used by Panda USB Vaccine. It can turn off the autorun feature altogether for the computer. This means, that the autorun of USB drives, and also the optical drives, will be turned off on the computer completely. This may seem like a trouble to some users who are used to the feature, but considering the threats involved, it would be better if this feature is turned off. Additionally, Panda USB Vaccine can also immunize the USB drives. For this, it installs its own autorun.inf file on the drive, and disables its reading, access, and modification, which prevents any other autorun file to be put on the drive. This should offer protection from most of the malware which work by targeting the autorun file. Also, Panada USB Vaccine can be made to start with Windows. It quietly runs in the system tray, and whenever a removable drive is inserted, it installs its autorun.inf file into the drive, and immunizes the drive.

The same method is also followed by BitDefender USB Immunizer, which immunizes the USB drives in the same way as Panda USB Vaccine, and can also reside in system tray, and immunize other drives which are inserted. However, from what I read on its page, I don't think it has the option to turn off the autorun feature altogether for the whole system. I have not used this software, so I am not sure about this feature. If someone does know, please share here.
Removal of the autorun file by BitDefender USB Immunizer can be a bit difficult though, and it involves plugging the drive into a Linux system for removal. I don't know if the drive can be just formatted, to make it empty altogether (which can be done with Panda USB Vaccine).

The above two software can be used to immunize the USB drives, and they work great, and they should offer sufficient protection to the drives. However, still, they are not 100% effective. So, it's better to be safe, and scanning of the drive before opening it, with resident antivirus, or other anti-malware program, is a must.

Flash Disinfector : This tool is developed by BleepingComputer. It works in the same way as Panda USB Vaccine, or BitDefender USB Immunizer. This tool has been discontinued, but still works for XP. It immunizes the removable drives in the same way, by installing a hidden folder named autorun.inf on the drive. But, it also goes a step ahead, and installs that folder in all partitions of the hard drive too, to prevent malware from infecting the system.
In case you want the protection to be removed from the system, it takes a bit of a task. The steps involved are listed here : http://www.myantispyware.com/2009/01...runinf-folder/
It does not run in resident mode.
__________________
Anupam
Anupam is online now   Reply With Quote
Old 30. Jul 2012, 03:41 PM   #2 (permalink)
Super Moderator
 
Anupam's Avatar
 
Join Date: Jul 2008
Location: India
Posts: 15,232
Default

Below will be listed some software, which have resident mode, and monitor the insertion of removable drives, and also scan the drive for malware, and remove them. They seem too good to be true . Their effectiveness is a question, and there are no independent tests to show how effective they are against the USB malware. I have personally used some of these, and found some to fail, or, I could not test them for effectiveness.

MxOne Antivirus : This is the software that I would like to see some independent tests about. Reason being, apart from having a resident mode on the PC, it can be installed on the USB drive too. It updates itself with signature definitions, like a regular antivirus, and offline updates are available too.
I used this a long long time back, and I never could test its effectiveness, and I therefore stopped using it. I don't remember exactly, but I think there was some kind of problem with its resident mode on the USB drive. But, I am not sure. Also don't know if it's still being developed. But, going by its features, it just seems like a dream.
An old thread on MxOne Antivirus can be found here on the forum : http://www.techsupportalert.com/free...pendrives.html

MCShield : This one is relatively new software that I happened to come across on a download site. It calls itself an anti-malware tool, which has a resident mode, and scans and removes malware from USB drives. It also has its own database updater. Again, the effectiveness of protection, and removal is not known. But, it seems good, looking at its site. If it works well as good as it looks, it would be just great.

USB Guardian : This works by parsing the autorun file, and locking resources to the executables the autorun file references, which prevents the user from accessing or opening those executables. The files can be deleted. The files can only be unlocked manually by the user. More on how it works : http://www.usb-guardian.com/how-it-works-.html
Seems like quite a good approach theoretically, but practically, the program had failed when I used it, causing my PC to be infected. The thread on forum is here : http://www.techsupportalert.com/free...-security.html

USB-AV Antivirus : This seems to be another new software. It has a resident mode, and claims to have heuristics too. Also claims to work alongside the resident antivirus on the system. Has signature updates, along with the capability of vaccination.

Ninja Pendisk : This has been around for a long time now. From its site :
Quote:
This ninja awaits quietly in the system tray for the times whenever a USB pendisk is inserted on the computer which will be examined to uncover the commonly malicious or virulent files known as “autorun.inf” and “ctfmon.exe” amongst many others.
Besides removing known virulent files, this tool will also immunize your pendisk and create a folder called autorun.inf with special protection permissions to protect your pendisk from being infected again when plugged on contaminated computers.
Seems good from the description, but I have doubts about its effectiveness.

iKill : It works like USB Guardian, by parsing the autorun.inf file, and either deleting the executables referenced by it, or asking the user about them, depending on the option set. It also has other features like process viewer, service viewer, and tools for disabling/enabling of registry editor, task manager, folder options, hidden file options.. the things which are affected by a malware attack.

USB Protector : It has a polished and stylish colorful interface , and some good features, like write protecting USB drive, and encrypting of files on the drive. Scans the USB drive for malware, and lets the user delete them.
The home site of the software has a red WOT rating, I think because of the hosting domain, but software should be clean. Still, caution recommended. Again, effectiveness of software unknown.

Autorun Eater : As the name suggests, the program sits in the tray, and removes suspicious autorun files. If MSE is installed on the system, it can use MSE to scan the drive.

NoAutorun : It blocks the autorun file, and also looks for suspicious files on the drive, and offers tools to deal with those files, like unlocker, file removal tool, and quarantine malicious content. It can also disable the autorun completely on the computer, with an option to keep the optical drive autorun enabled. That seems like a good option, which might appeal to some users. Last version released in February, so it might still be in development.

Antirun : It scans and removes the autorun file from the inserted drives, and can also identify a running malware executable, and remove it.
__________________
Anupam

Last edited by Anupam; 06. Apr 2013 at 08:14 AM. Reason: Updated link for MCShield
Anupam is online now   Reply With Quote
Old 30. Jul 2012, 03:58 PM   #3 (permalink)
Super Moderator
 
Anupam's Avatar
 
Join Date: Jul 2008
Location: India
Posts: 15,232
Default Other software

Below list is of software, which are not being developed anymore, and just posted here for reference.

Ariad : Short for AutoRun.Inf Access Denied. Which is what the program does. It blocks access to the autorun.inf file. It involves interaction with kernel, and therefore, use with caution is recommended, and that's why I have posted it in this list.

Autorun Cleaner : As the name suggests, it cleans autorun files from the removable drives.
Last version in 2010.

Pendrive Virus Remover : It is supposed to remove virus which commonly affect the pen drives, like, new folder.exe,autorun.inf, bha.vbs, ravmon.exe, etc. Seems like an ambitious project, but sadly seems out of development.
Last version was in Jan, 2011.

Autorun USB Virus Finder : Detects autorun file, and the associated processes.
Beta version. Last version was in March 2011.

Well, there it is. When I decided to write this thread, I did not know I would come across so many software. Hope that a good free software will come along, or be discovered from above, which will be effective against malware from the USB drives, which are quite a big source of malware infection.

If someone has used these software, and post about their effectiveness, please do share on this thread. Or, any other software, which are missing in the list.
__________________
Anupam
Anupam is online now   Reply With Quote
Old 31. Jul 2012, 06:41 AM   #4 (permalink)
Senior Member
 
wdhpr's Avatar
 
Join Date: Sep 2008
Location: The north Coast
Posts: 1,513
Default

Anupam
Thanks for the all the work on this. USB devices can be a slippery method for depositing malware.
wdhpr is offline   Reply With Quote
Old 31. Jul 2012, 08:33 AM   #5 (permalink)
Editor
 
George.J's Avatar
 
Join Date: Oct 2010
Posts: 1,911
Default

Great piece of info and good job in listing them Anupam.
__________________
If you seek for attention, do common things in life in an uncommon way!
George.J is offline   Reply With Quote
Old 31. Jul 2012, 08:51 AM   #6 (permalink)
Super Moderator
 
Anupam's Avatar
 
Join Date: Jul 2008
Location: India
Posts: 15,232
Default

Thanks guys
__________________
Anupam
Anupam is online now   Reply With Quote
Old 04. Apr 2013, 09:21 AM   #7 (permalink)
Editor
 
Join Date: Jan 2012
Posts: 682
Default

https://code.google.com/p/usbdummyprotect/
Panzer is online now   Reply With Quote
Old 05. Apr 2013, 08:03 PM   #8 (permalink)
Member
 
Join Date: Mar 2013
Posts: 2
Default

This is a great list, thanks

I am helper from ASAP alliance and we are using MCShield alot in removing malware. I think this application is No.1 of it's kind...

Now on new domen: www.mcshield.net
TwinHeadedEagle is offline   Reply With Quote
Old 06. Apr 2013, 08:14 AM   #9 (permalink)
Super Moderator
 
Anupam's Avatar
 
Join Date: Jul 2008
Location: India
Posts: 15,232
Default

Quote:
Originally Posted by TwinHeadedEagle View Post
Now on new domen: www.mcshield.net
Thanks for this. I have updated the link in the post.
__________________
Anupam
Anupam is online now   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT +1. The time now is 07:45 AM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2019, vBulletin Solutions, Inc.