DDE_Server

Level 12
Verified
Hi guys ,
i want to know your opinion about the methods you take to harden your system against usb spreading virusus as you can see in my setup i take full control on windows firewall using Tinywall and create allow rules manually for my programs for real time protection i use Emsisoft with Vodooshield anti exe . for usb i disabled Autorun and Autoplay settings via control panel. is it enough?? is there any other windows customization for hardening or just this is enough ?? i don't want to add any other software for that purpose. it will be overkill action in my point of view. i want to know your thoughts
 

security123

Level 2
Their is no need to disable Autoplay / Autorun these days. Microsoft fix that abusing.

What help is SRP like with HC_Configurator.

Also if we talk about USB, don't forget Bad-USB.
Defense against that is much harder and can be restricted with eg. Group Policy (Block new GUID driver/ devices like modem etc.)
 

HarborFront

Level 48
Verified
Content Creator
Their is no need to disable Autoplay / Autorun these days. Microsoft fix that abusing.

What help is SRP like with HC_Configurator.

Also if we talk about USB, don't forget Bad-USB.
Defense against that is much harder and can be restricted with eg. Group Policy (Block new GUID driver/ devices like modem etc.)
For BadUSB you can use the free G DATA USB Keyboard Guard below

 

shmu26

Level 84
Verified
Trusted
Content Creator
The best protection is not to allow a suspicious USB to be inserted into your computer. Do you have friends or children bringing home USB devices that have visited other computers? If not, you don't have to worry about anything.

If you can't keep promiscuous USB devices away from your computer, then the next line of defense is using your brain. For instance, if you see that a flash drive has shortcuts instead of folders and files, DON'T CLICK ON THE SHORTCUTS. They are booby-trapped. And check the extensions of files before you open them. If it is supposed to be a video or a Word doc, make sure the extension is familiar. If you see a strange or unexpected file extension, google it before you click. Maybe it's a new kind of video format. But maybe it's a script file that wants to bite you.
 
Last edited:

DDE_Server

Level 12
Verified
The best protection is not to allow a suspicious USB to be inserted into your computer. Do you have friends or children bringing home USB devices that have visited other computers? If not, you don't have to worry about anything.

If you can't keep promiscuous USB devices away from your computer, then the next line of defense is using your brain. For instance, if you see that a flash drive has shortcuts instead of folders and files, DON'T CLICK ON THE SHORTCUTS. They are booby-trapped. And check the extensions of files before you open them. If it is supposed to be a video or a Word doc, make sure the extension is familiar. If you see a strange or unexpected file extension, google it before you click. Maybe it's a new kind of video format, and maybe it's a script file that wants to bite you.
yes i know that and i enabled extension show from windows option to check also if there is double extension file which is almost virus
also i donot use usb unless in rarely case (burn windows iso for example)
 

Andy Ful

Level 52
Verified
Trusted
Content Creator
The AutoRun vulnerability is patched for USB drives from Vista SP2. But, this can be reverted by malware via modifications in the Windows Registry. Also, the AutoPlay feature cannot run anything automatically, except for some Windows exploits (like LNK exploit) for example when the content is displayed in the Explorer.
https://fortiguard.com/encyclopedia/endpoint-vuln/50524

Nice article about USB attacks:
https://www.bleepingcomputer.com/news/security/heres-a-list-of-29-different-types-of-usb-attacks/

When one uses WD + ConfigureDefender in HIGH Protection Level, then there is activated the ASR rule "Block untrusted and unsigned processes that run from USB".
But it can be bypassed if the user will not run the file from USB, but copy the file from USB to hard disk and will execute this file from hard disk.
One can use SRP to block by default the execution of unsafe files (executables, scripts, shortcuts, etc.) from USB sources.

The main problem with USB security in the home environment is that some files can trigger execution (also filelessly) when they are simply displayed (parsed) in the Explorer. This requires a Windows OS exploit, so it can be missed by most AVs and SRP.
The most common infections via executing shortcuts by the user, can be prevented if the user is cautious enough and have set the Explorer to show file extensions.
 
Last edited: