Battle McShield vs. SMADAV Pro: USB/Removable Media Protection

[ifacedown]

Hello.

I have been using McShield for around 3 years now and it never failed me. One thing I also like is I could set it to unhide folders that were hidden by malware. Sometimes only it will a long time to fully scan the USB drive when infection is found (could be turned off by the settings).

I know that SMADAV is beyond USB Protection. But my question here is only: McShield for its USB Protection and features VS. SMADAV USB Protection.

Which is better? Thanks.

 

[Captain Awesome]

McShield-It is discontinued updates from 2014.But it's USB Protection is good till now...

SMADAV Pro-Never used it.So can't talk much about that.

 

[Parsh]

SmadAV has got quite some features and a lot of them do not add much to protection alongside a good AV.
MCShield covers various techniques (desktop.ini, lnk exploit, conficker method..) to tackle USB malware. It also uses heuristics but the product itself is not being developed anymore. Not much info is found regarding SmadAV except that it uses (regularly updated) signatures and behavior detection (probably only pattern-based / heuristics?)

The below links should be helpful:
Q&A - Best pendrive protection for pc
MCShield Anti-Malware v3.0
Beware of FPs in both cases.

If you do not want a separate USB protection utility in your security setup, you can give Block USB-spreading Malware (Autorun.inf) with Anti-AutoExec | NoVirusThanks a try. It's service based, works at kernel mode (driver) and is a light alternative to USB vaccine tools, may not entirely replace McShield or SmadAV feature-wise. It won't remove existing USB malware though.

 

[ifacedown]

McShield-It is discontinued updates from 2014.But it's USB Protection is good till now...

But its signatures have the latest update up to February 2016.

If you do not want a separate USB protection utility in your security setup, you can give Block USB-spreading Malware (Autorun.inf) with Anti-AutoExec | NoVirusThanks a try. It's service based, works at kernel mode (driver) and is a light alternative to USB vaccine tools, may not entirely replace McShield or SmadAV feature-wise. It won't remove existing USB malware though.

Is this anti-autoexec better than this tweak on Group Policy, the one I am using now:

Local Computer Policy --> Administrative Templates --> System --> Removable Storage Access --> Enable the "Deny execute access" to the removable storage classes you want.

 

[Captain Awesome]

But its signatures have the latest update up to February 2016.

Hmm but program ver.was from 2014.

 

[212eta]

Between McShield and SMADAV Pro,
I vote for SMADAV Pro,
because McShield has been discontinued since 2014.

 

[ifacedown]

Between McShield and SMADAV Pro,
I vote for SMADAV Pro,
because McShield has been discontinued since 2014.

But do you personally use SMADAV Pro? What are its strengths?

 

[Parsh]

Is this anti-autoexec better than this tweak on Group Policy, the one I am using now:

Local Computer Policy --> Administrative Templates --> System --> Removable Storage Access --> Enable the "Deny execute access" to the removable storage classes you want.

That NoVirusThanks tool will simply block anything executed via the autorun.inf file from the USB storage. Thus, the "unwanted" things won't execute on their own.
If you use the option of "Deny Execute Access" for selected class(es) of removable disks in Group Policy editor, you won't be able to execute anything from that storage. Is that a practical solution for you?

 

[ifacedown]

If you use the option of "Deny Execute Access" for selected class(es) of removable disks in Group Policy editor, you won't be able to execute anything from that storage. Is that a practical solution for you?

Yes, I am aware of that and that is what I use. The one who taught me that told me very rare USB malware could bypass it.

 

[Parsh]

Yes, I am aware of that and that is what I use. The one who taught me that told me very rare USB malware could bypass it.

There have been and will be ways in which different protection can be bypassed like finding ways around the method used for implementing protection models, over-exposures, social engineering, lack of coverage of some attack vectors and file formats (direct/indirect attacks) etc.
There are methods publicly available to circumvent Group Policy settings.

If the said Group Policy edit suffices your needs, that should be good complemented by a good behavior-based AV.
There are programs like AppGuard (SRP-based, highly customizable protection), VoodooShield (anti-executable), NVT ExeRadarPro (anti-executable), ReHIPS (HIPS/Sandbox).. you might want to check for a multi-layered protection.

 

[HarborFront]

MCShield uses heuristics for scanning so no signature update required.

SMADAV Pro I think it uses its AV for scanning.

USB Disk Security also uses heuristics for scanning and it's free

Actually, if you have an Internet Security Suite this USB scanning feature is usually there. Others like free Panda AV also has it.

 

[ifacedown]

There are programs like AppGuard (SRP-based, highly customizable protection), VoodooShield (anti-executable), NVT ExeRadarPro (anti-executable), ReHIPS (HIPS/Sandbox).. you might want to check for a multi-layered protection.

I already used VoodooShield - it slows down my Windows 10 Creators Update. On the previous Windows 10 versions it was okay.
NVT ExeRadarPro - very good since the last time I used it. I am waiting for it to become freeware, as others told before.

Actually, if you have an Internet Security Suite this USB scanning feature is usually there. Others like free Panda AV also has it.

Yes, but often, McShield does it better than the full AV suites.

 

[Parsh]

MCShield uses heuristics for scanning so no signature update required.

That may be true to a certain extent. Heuristic detection methods might need updates to malware definitions or behavior/patterns used for heuristic analysis of files. How will the protection differ - will then depend on the heuristic methods employed by McShield (and the likes) and whether new ways of exploiting removable storage media for malware execution have been identified recently and being used.

 

[212eta]

But do you personally use SMADAV Pro? What are its strengths?

Active Development while McShield has Discontinued since 2014.
Sorry, but I do Not get well with Abandon-ware...

 

[karthic1998]

Old but not least mc shield is always blocking all virus in usb for me

 

[ifacedown]

Old but not least mc shield is always blocking all virus in usb for me

Same here. Never let me down. Maybe some users have experienced malware bypassing it because they either stopped McShield to finish its job or to open/execute files in an infected romavable media before McShield finish its job.

 

[Sunshine-boy]

USB Keyboard Guard | Reliable protection against manipulated USB stick
G DATA USB Keyboard Guard
In my opinion This is best:notworthy:

 

[bribon77]

One more contribution. USB Flash Drives Control

 

[ifacedown]

One more contribution. USB Flash Drives Control

Well, this is like a Free App for manipulating the Group Policy Editor of Windows.

Thanks.

 

[bribon77]

If it is very effective, it acts like an antiexe.