How to harden my system against usb spreading Malware?

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
yes i know that and i enabled extension show from windows option to check also if there is double extension file which is almost virus
also i donot use usb unless in rarely case (burn windows iso for example)
And you have VoodooShield, right? It will protect you even if you accidentally execute a bad file on USB.
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
And you have VoodooShield, right? It will protect you even if you accidentally execute a bad file on USB.
Yes, mostly. That can depend on configuration. There are some methods that can use LOLBins to read/execute the malicious code embedded & encoded in the innocent file (as an array of bytes). If the LOLBin is not blocked in VoodooShield then it can be run via non-malicious command-line, for example via the shortcut.
Of course, Voodooshield is not a simple anti-exe, so many such attacks will be neutralized via AI module. But, this was not properly tested, to be sure.
In practice, properly configured VoodooShield should block most USB malware in the wild.
 

plat

Level 29
Top Poster
Sep 13, 2018
1,793
For info, HitmanPro.Alert (paid) has a Bad USB module, which also covers USB connected keyboards and mice. Back when I was using it a few yrs. ago, the module had problems with impacting startup and going inactive unexpectedly. Now these issues don't seem so prevalent. Still, one needs to demo it. (y)

By the way, did anyone see this on the HMP.A FAQ? Interesting. In fact, a few years ago, I only ran HMP.A plus the Windows firewall. Defender was disabled. No infections and I ran it like this for about 6 months. But then I became a wimp and turned it back on. Might as well, can't uninstall it anyway.

hmpa antivirus.PNG

Info forum
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
For info, HitmanPro.Alert (paid) has a Bad USB module, which also covers USB connected keyboards and mice. Back when I was using it a few yrs. ago, the module had problems with impacting startup and going inactive unexpectedly. Now these issues don't seem so prevalent. Still, one needs to demo it. (y)

By the way, did anyone see this on the HMP.A FAQ? Interesting. In fact, a few years ago, I only ran HMP.A plus the Windows firewall. Defender was disabled. No infections and I ran it like this for about 6 months. But then I became a wimp and turned it back on. Might as well, can't uninstall it anyway.


Info forum
HMPA does a lot of things. But it is hard to know how well it does them. Back when they used to test the ransomware protection, it didn't perform so great. That's just an example, I don't know if it reflects on the other modules or not. But the problem with exploit protection is that it can't really be tested effectively.
 
Feb 8, 2020
46
Hi guys ,
i want to know your opinion about the methods you take to harden your system against usb spreading virusus as you can see in my setup i take full control on windows firewall using Tinywall and create allow rules manually for my programs for real time protection i use Emsisoft with Vodooshield anti exe . for usb i disabled Autorun and Autoplay settings via control panel. is it enough?? is there any other windows customization for hardening or just this is enough ?? i don't want to add any other software for that purpose. it will be overkill action in my point of view. i want to know your thoughts

the combo you have with TinyWall, Emsisoft and Voodooshield is already overkill
 

Sampei Nihira

Level 6
Verified
Well-known
Dec 26, 2019
287
HMPA does a lot of things. But it is hard to know how well it does them. Back when they used to test the ransomware protection, it didn't perform so great. That's just an example, I don't know if it reflects on the other modules or not. But the problem with exploit protection is that it can't really be tested effectively.

WD anti-exploit protection (ASR) yes.
Just run 7zip.exe from a USB.;)
 
Last edited:

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
Although the vulnerabilities similar to BadUSB can be very dangerous in businesses and organizations, they do not affect home users (so far). So, there is no need to apply any special protection.

The most dangerous for home users are USB drives (flash drives) infected with something like malware in the hidden folder (archive, non-executable file, etc.) triggered by the shortcut. Another popular possibility is abusing the legal portable applications stored on flash drives (USB Thief). Both methods will require user intervention like running the shortcut or running the portable application.

Another problem follows from the format of many flash drives (FAT 32). Such format does not preserve Alternative NTFS Streams (Mark Of The Web is skipped). The files without MOTW are ignored by SmartScreen AppRep on Windows 8+. Also, the users who have WD or Avast, are not protected by BAFS or CyberCapture features.
 

Crambl9e

New Member
Feb 4, 2020
2
Its new protection level detects viruses missed by the best antivirus software, and provides maximum protection against any threat that tries to attack a system via any USB storage device FaceTime.
 
Last edited by a moderator:
  • Like
Reactions: DDE_Server

Outpost

Level 5
Verified
Well-known
Jan 11, 2020
220
I'm sorry, but maybe I don't understand the problem.
1) No USB of my property should be connected to the third party's PCs.
2) No third party USB must connect them to my pc
3) The USB is only used to transfer files between pc of my property
3) If someone has to transfer files he has to use direct links, email, cloud If someone has no alternative it is his problem
 
F

ForgottenSeer 85179

I'm sorry, but maybe I don't understand the problem.
1) No USB of my property should be connected to the third party's PCs.
2) No third party USB must connect them to my pc
3) The USB is only used to transfer files between pc of my property
3) If someone has to transfer files he has to use direct links, email, cloud If someone has no alternative it is his problem
The problem with Bad-USB is a modified firmware in the USB stick. If you buy somewhere one, you doesn't know if it's already compromised and you can't verify that.
If it's compromised, you wouldn't notify it in worst case.

So don't buy the cheapest ones and only buy on verified shops to minimize the risk to maximum
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top