5
3
At school, there is a large network with lots of non-technical minded people and lots of viruses. How can I protect my flash drive from these worms and viruses so I don't bring them home and infect my home computers?
The Green Frog
Posted 2009-08-30T08:29:50.337
Reputation: 954
5
:-)Of course, if you are happy with moving data from home to school
and never want to get any back home.
Just format the USB every time you get it back from school.
nik
Posted 2009-08-30T08:29:50.337
Reputation: 50 788
6
I actually just use a small SD card reader and an 8GB SD Card. I set the locked switch on the SD Card so that nothing can jump onto this card.
I did look for a large capacity Flash/USB drive with a lock switch, but they're hard to find these days.
Ash
Posted 2009-08-30T08:29:50.337
Reputation: 2 611
1In my opinion, this is what answers the best the question, as it is the only way to make sure you won't catch a virus on a school computer. However, this has the major drawback that you can't write on the key, only read its content. – Gnoupi – 2009-08-30T09:22:32.710
If no data was to be moved from school to home, there is no need for a locked drive. Just format it straight on the next use. – nik – 2009-08-30T09:42:12.250
2
Try Panda USB Vaccine.
harrymc
Posted 2009-08-30T08:29:50.337
Reputation: 306 093
2
See
http://answers.Yahoo.com/question/index?qid=20090616091607AApD6Zy)
for a link. I would've posted it, but have signed out of OpenID, and apparently unregistered/new users can only post one link in a message. And, reading the Yahoo page will be quite useful.
The "unmodifiable" autorun.inf is actually:
a) a directory named autorun.inf with SHR attributes that,
b) contains a very strange file, named "lpt3.This folder was created by Flash_Disinfector", which can neither be copied, deleted, or renamed by Windows. If I remember correctly, documentation somewhere says that the only way to remove this unmodifiable autorun.inf folder is by formatting the drive. However, Linux is not subject to these restrictions, and can easily copy/move/rename the folder.
Flash_Disinfector.exe is actually a RAR-SFX (self-extracting) archive. One of the archive's contents, nircmd.exe - which is used to silently execute commands - might trigger your existing security software.
Disabling Autorun: one way is to via Microsoft's TweakUI. Install and run it, and then (inside it) navigate to My Computer->AutoPlay->Types. There, uncheck "enable Autoplay for all CD and DVD drives" and "enable Autoplay for removable devices." – None – 2009-08-31T10:37:06.253
1
One of the main suggestions would be to ensure that you have up to date antivirus software on your home computer. There are many free solutions out there including the popular AVG free anti-virus.
You can test basic functionality if you are concerned by downloading the Eicar test file to check if it is detecting nasties. Simply save the Eicar file onto your flash drive from school, take it home and see if your antivirus detects it when you plug it in or if you go to open the file. It is NOT a virus, it is just a file which contains a certain string of text that the majority of antivirus programs have been programmed to recognise as a virus for testing purposes.
Obviously, nothing will completely stop viruses so only copy from your school network what you really know about.
Does your school network have antivirus software running on all the computers? Again, you could test this by downloading the Eicar test file above and try to open it.
Kez
Posted 2009-08-30T08:29:50.337
Reputation: 15 359
0
Use a virus scanner and a personal firewall, don't enable sharing on any of your drives and don't let others use your flash drive.
innaM
Posted 2009-08-30T08:29:50.337
Reputation: 9 208
Actually, I think he means using a flash-drive on a school computer, and in this case he probably can't do any of this (besides the "don't let others") – Gnoupi – 2009-08-30T09:21:25.053
0
There's a simple way: you can protect your flash's root so viruses will fail to modify autorun.inf, as MOST of them do. ACLs will help! You must have NTFS filesystem there to have ACL enabled.
kolypto
Posted 2009-08-30T08:29:50.337
Reputation: 2 861
This still doesn't prevent viruses from infecting files — like, for example, antivirus software updates — stored on your flash drive. – intuited – 2010-12-20T23:49:02.183
How can I protect the flash drives root? – The Green Frog – 2009-08-30T10:32:50.010
Console example: "cacls X:" - lists the current ACLs. You'd probably see "X:\ ALL:(OI)(CI)F" there. Now you should delete all users from the list, one by one: "cacls X:\ /E /R COMPUTER_NAME\USER_NAME" ("cacls X:\ /E /R All" in my case). And now add a read permission: "cacls X:\ /G All:R". Now the Access Control List looks like this: "X:\ All:(OI)(CI)R" – kolypto – 2009-08-30T12:00:57.040
"convert X: /fs:ntfs" - this will convert flash drive's file system to NTFS without deleting all your data :) – kolypto – 2009-08-30T12:02:38.160
0
"Flash_Disinfector.exe" works in a way sort-of similar to Panda USB Vaccine, by creating an unmodifiable autorun.inf entry in the root of partitions and pen drives.
There is, however, one scenario in which the protection afforded by an unmodifiable autorun.inf can be bypassed. There's an infection - which may be called "New Folder.exe" - that scans flash drives, and creates copies of itself in every directory, giving those copies the same name as the directory. Even with an unmodifiable autorun.inf, it is possible to mistakenly execute the malware's copies...
In short: a) keep one's own computer clean, b) disable autorun/autoplay c) always launch pen drives from Start->Run or the address bar in Windows Explorer d) ensure that hidden files and file extensions are viewable.
I'm curious, how can it create an unmodifiable autorun.inf ? Because a simple "read-only" wouldn't be enough. Also, give a link, possibly. – Gnoupi – 2009-08-31T09:15:51.067
0
Use a live USB GNU/Linux distribution, maybe with a separate FAT32 partition for your files if you use Windows at home. To access your files at the school, don't insert the flash into the working computer but boot from it instead. This will guarantee that no viruses at the computer are activated, and will let you access your files as usual (if the Linux distro supports NTFS, but most of them do this now)
user7963
Posted 2009-08-30T08:29:50.337
Reputation: 1 397
In this case it's more a "what to do after your usb is infected", unfortunately, it doesn't protect the flash-drive in the first place. Though these are the things to do, when it's too late. – Gnoupi – 2009-08-30T09:19:24.353
@Gnoupi, following these rules will keep your home-pc protected by drawing a line between the home-pc and the school. The flash drive can safely remain on the school side of this fence. It is easier that way. – nik – 2009-08-30T09:33:43.390
5+1 for disabling autorun. Always disable it for everything. – bandi – 2009-08-31T09:13:39.963
+1 for disabling autorun - but -1 for formatting on next use... that's really slow, in my experience :) – warren – 2009-08-31T10:00:29.353
@warren, you are troubled by a "quick format" that protects your home PC from potential malware? And, I'd still suggest keeping Autorun off at all times (regardless of using this scheme). – nik – 2009-08-31T10:43:58.627