General

[CrazyBoy78]

We've been having a lot of infected USB keys where I work and I was wondering if anyone knew of a good bit of software that could scan the key and protect the host machine from infection at the same time?

I know, it's easier just to format the key, but in some cases files need to be recovered and can't just be wiped out.

Any ideas?

[Lrrpie-CT]

If this is at work I would recommend the latest Symantec Antivirus Corporate or Enterprise Edition. Version 11 is shipping now and it would certainly protect against threats coming from any source.

[CrazyBoy78]

Actually, the standard antivirus we use is Symantec V.10 but I was wondering if there was a more purpose-built program that just scanned keys. We've had issues with students coming in with all sorts of crap (trojans, rootkits mostly) and spreading them accidentally to our network machines as well as other students' machines.

[Lrrpie-CT]

Interesting. I can't imagine how they'd get past an up to date SAV. It should be scanning file transfers from all removable media upon attempt. I'm not aware of tools specifically for USB keys either. Of course, through group policies you can eliminate the ability for users to plug USB keys in... but that's draconian.

[incynr8]

USBVirusScan « Didier Stevens

[CrazyBoy78]

Quote:

Originally Posted by Lrrpie-CT

Interesting. I can't imagine how they'd get past an up to date SAV. It should be scanning file transfers from all removable media upon attempt. I'm not aware of tools specifically for USB keys either. Of course, through group policies you can eliminate the ability for users to plug USB keys in... but that's draconian.

One word: torrent.

I've had to deal with tons of students who come with a trojan or rootkit or hijack because they've been using Limewire or one of the torrents to d/l stuff. Then they click on something and it's all over their system. THEN they throw some stuff on their USB keys and it spreads.

incynr8 - I'm gonna give that a try. Just might be what I'm looking for.

[Anonymous Coward]

Quote:

Originally Posted by incynr8

USBVirusScan « Didier Stevens

That's an awesome utility. The name is odd, more like a USBLoader, but it clearly states what the tool can do. I feel for university admins, talk about working in the virus and smut trenches.

[Kindred]

Looks like an interesting program, certainly easy to create and rollout as a service on existing workstations.

Still curious that a decent anti-virus wouldn't pick up files on usb key just like any other on-file-access check?

[incynr8]

Norton Corp should pickup on EVENT, such as file access or local execution. It will not scan the entire volume upon mounting.

[Grendel]

Quote:

Originally Posted by incynr8

Norton Corp should pickup on EVENT, such as file access or local execution. It will not scan the entire volume upon mounting.

Isn't there a way to set that up with corp? I seem to remember that we [company I worked for] had it set up that anything new on the network had to be scanned/updated by Norton before it was allowed to access the network. Or is that just when a new computer was added/plugged into the network not just a device? I know I remember having to wait long periods of time to access the network with my laptop after a road trip.

I'm no IT person but I do like to stay abreast of stuff since I maintain my own at home with family members causing all sorts of hell for me