Shriyash
Sungazer
Premium
join:2005-02-23
PuNe, InDiA
| 100% protection against any threats vis USB drive! really?!
There is this software 'USB Disk Security V5.0.0.66' that claims to do exactly that!
»www.zbshareware.com/
It looks very promising, and i have installed a trial version of it, and one of the first things it asked me after installation is if i wanted to disable AUTORUN of the USB drive.
hell yes!
You can of course, enable the AUTORUN.INF file again with one click in the menu.
Its just that in the last month i have had to clean 2 laptops which were badly infected as a direct result of viruses automatically comming from USB sticks.
I have already applied the registry entry called NOAUTRUN.REG from Nick Brown's blog:
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]
@="@SYS:DoesNotExist"
»nick.brown.free.fr/blog/2007/10/···rms.html
Im sure if anyone installs the trial version, and knowingly decides to insert a infected USB stick, that the thread will be picked up.
Just wanted to know if any knowledgeable folks here would like to comment on the application?
It looks like a winner.  |
|
Shriyash
Sungazer
Premium
join:2005-02-23
PuNe, InDiA
| A couple of screenshots. |
|
bcastner
Premium,MVM
join:2002-09-25
Chevy Chase, MD
clubs: 
 ·Verizon Online DSL
| reply to Shriyash
Why would you pay money for something that Microsoft's free TweakUI for XP or Vista natively can do; or the user on other Windows OS versions can do with a simple registry edit?
If you want to flip Autorun capability on and off, write a batch file.
This software only disables Autorun. That is a very, very small part of the issue of USB devices and security. What will happen when you disable Autorun is that the user will use Explorer to open the device to see its contents. This software appears to do nothing about:
• An infected device that had been previously used on the computer. (The MountPoints2 entry will still be there to execute the malware);
• Any non-Autorun.inf infector on the device.
It does not help matters either that the screen shots given look exactly like most SmitFraud infections. I am not suggesting this is one, I have no idea. Just that it looks like one. With exaggerated claims of 100% protection, and a huge GUI signifying nothing. The tool cannot remove Autorun infections. The only thing it does is to make registry edits to disable Autorun, and that is a singlularly easy -- and free -- thing a user can do themselves.
--
============
MS-MVP 2004 - -2008, ASAP Member
Users Helping Users
|
|
mysec
Premium
join:2005-11-29
| reply to Shriyash
This looks like an interesting and innovative program. However,
said by web site :
USB Disk Security provides 100% protection against any malicious programs trying to attack via USB storage.
The majority of products are unable even to guarantee 90% protection.
This is not correct. Any program which provides execution protection will give 100% protection against malicious programs on USB. Process Guard, for example. Or Anti-Executable which I've tested:
»www.urs2.net/rsj/computing/tests/autoruninf
|
|
Shriyash
Sungazer
Premium
join:2005-02-23
PuNe, InDiA
| reply to Shriyash
Thanks for your replys bcastner  and mysec !
Honestly, i was excited and impressed with all these '5 star' awards that this application has got. 
»www.zbshareware.com/awards.html |
|
Shriyash
Sungazer
Premium
join:2005-02-23
PuNe, InDiA
| reply to Shriyash
Just wanted to post an interesting observation.
Clicking on 'Acquire Immunity' in the menu creates a autorun.inf folder in ALL my drives. |
|
bcastner
Premium,MVM
join:2002-09-25
Chevy Chase, MD
clubs:
·Verizon Online DSL
| reply to Shriyash
The creation of an Autorun.inf on each writeable drive is old hat.
sUBs, the Author of Combofix, has done this with his free "Flash Drive Disinfector" for years.
Rather than write a file, create a folder named "AUTORUN.INF" in the root directory. This ensure that no file can be created with this name in the root dirctory.
Or, to selectively "Immunize" and Un-"Immunize"
--
============
MS-MVP 2004 - -2008, ASAP Member
Users Helping Users
|
|
mysec
Premium
join:2005-11-29
edit:
May 12th, @10:41AM
| reply to Shriyash
The awards are probably well-deserved. This program will appeal to those who don't want to, or don't know how to set up their tweaks manually. Attractive for most home users.
And, rather than just blocking AutoRun, as I understand your first screen shot, it notifies you that there is indeed an unauthorized file attempting to execute. This is the real strength of the program, IMO.
Just disabling AutoRun with a tweak still leaves you unaware that a malicious file resides on the USB drive, and otherwise vulnerable as pointed out by bcastner .
I also prefer to be alerted that a malicious file has been denied to execute, as shown in my tests. At that point, I can deal with removing it from the USB drive, as it has not been able to infect my HD.
|
|
