mcarterbrown.com  

Plugged in Online Gaming, and Technology

Reply
 
Thread Tools
Old 11-08-2007, 08:18 AM   #1 (permalink)
Nerd=Geek
 
CrazyBoy78's Avatar
 
Join Date: May 2006
Location: Mississauga, ON

CCM Fan
Brass N Wood Fan
Palmers Fan
Good USB key scanner?

We've been having a lot of infected USB keys where I work and I was wondering if anyone knew of a good bit of software that could scan the key and protect the host machine from infection at the same time?

I know, it's easier just to format the key, but in some cases files need to be recovered and can't just be wiped out.

Any ideas?
__________________
Later........

Andry : )

Proud member of The Peacekeepers, UMSG JTF7, Rogue Cell #12 and CCABB

My Feedback Soft and Hard gear F/S! Got cigar tubes?
CrazyBoy78 is offline   Reply With Quote
Old 11-08-2007, 08:26 AM   #2 (permalink)
Super Moderator
 
Lrrpie-CT's Avatar
 
Join Date: Mar 2006
Location: CT

If this is at work I would recommend the latest Symantec Antivirus Corporate or Enterprise Edition. Version 11 is shipping now and it would certainly protect against threats coming from any source.
Lrrpie-CT is offline   Reply With Quote
Old 11-08-2007, 09:10 AM   #3 (permalink)
Nerd=Geek
 
CrazyBoy78's Avatar
 
Join Date: May 2006
Location: Mississauga, ON

CCM Fan
Brass N Wood Fan
Palmers Fan
Actually, the standard antivirus we use is Symantec V.10 but I was wondering if there was a more purpose-built program that just scanned keys. We've had issues with students coming in with all sorts of crap (trojans, rootkits mostly) and spreading them accidentally to our network machines as well as other students' machines.
__________________
Later........

Andry : )

Proud member of The Peacekeepers, UMSG JTF7, Rogue Cell #12 and CCABB

My Feedback Soft and Hard gear F/S! Got cigar tubes?
CrazyBoy78 is offline   Reply With Quote
Old 11-08-2007, 09:18 AM   #4 (permalink)
Super Moderator
 
Lrrpie-CT's Avatar
 
Join Date: Mar 2006
Location: CT

Interesting. I can't imagine how they'd get past an up to date SAV. It should be scanning file transfers from all removable media upon attempt. I'm not aware of tools specifically for USB keys either. Of course, through group policies you can eliminate the ability for users to plug USB keys in... but that's draconian.
Lrrpie-CT is offline   Reply With Quote
Old 11-08-2007, 09:40 AM   #5 (permalink)
Icognito Remiss Firebrand
 
incynr8's Avatar
 
Join Date: Apr 2006
Location: In between a beach and a river
Send a message via AIM to incynr8

Fan of EMR
CCM Fan
Palmers Fan
USBVirusScan Didier Stevens
__________________



incynr8 is offline   Reply With Quote
Old 11-08-2007, 10:18 AM   #6 (permalink)
Nerd=Geek
 
CrazyBoy78's Avatar
 
Join Date: May 2006
Location: Mississauga, ON

CCM Fan
Brass N Wood Fan
Palmers Fan
Quote:
Originally Posted by Lrrpie-CT View Post
Interesting. I can't imagine how they'd get past an up to date SAV. It should be scanning file transfers from all removable media upon attempt. I'm not aware of tools specifically for USB keys either. Of course, through group policies you can eliminate the ability for users to plug USB keys in... but that's draconian.
One word: torrent.

I've had to deal with tons of students who come with a trojan or rootkit or hijack because they've been using Limewire or one of the torrents to d/l stuff. Then they click on something and it's all over their system. THEN they throw some stuff on their USB keys and it spreads.

incynr8 - I'm gonna give that a try. Just might be what I'm looking for.
__________________
Later........

Andry : )

Proud member of The Peacekeepers, UMSG JTF7, Rogue Cell #12 and CCABB

My Feedback Soft and Hard gear F/S! Got cigar tubes?
CrazyBoy78 is offline   Reply With Quote
Old 11-08-2007, 10:56 AM   #7 (permalink)
Active Member
 
Join Date: Jul 2007

Quote:
Originally Posted by incynr8 View Post
That's an awesome utility. The name is odd, more like a USBLoader, but it clearly states what the tool can do. I feel for university admins, talk about working in the virus and smut trenches.
Anonymous Coward is offline   Reply With Quote
Old 11-08-2007, 01:26 PM   #8 (permalink)
Shiny. Let's be bad guys
 
Kindred's Avatar
 
Join Date: Mar 2006
Location: Neshanic Station, NJ
Send a message via AIM to Kindred Send a message via MSN to Kindred

Fan of EMR
Brass N Wood Fan
Looks like an interesting program, certainly easy to create and rollout as a service on existing workstations.

Still curious that a decent anti-virus wouldn't pick up files on usb key just like any other on-file-access check?
__________________

Strive for that moment when you're only a slice of pizza and a hooker away from paradise.
Kindred is offline   Reply With Quote
Old 11-08-2007, 01:36 PM   #9 (permalink)
Icognito Remiss Firebrand
 
incynr8's Avatar
 
Join Date: Apr 2006
Location: In between a beach and a river
Send a message via AIM to incynr8

Fan of EMR
CCM Fan
Palmers Fan
Norton Corp should pickup on EVENT, such as file access or local execution. It will not scan the entire volume upon mounting.
__________________



incynr8 is offline   Reply With Quote
Old 11-08-2007, 01:44 PM   #10 (permalink)
MCB Member
 
Grendel's Avatar
 
Join Date: Apr 2006
Location: Northbridge [Whitinsville], MA

Quote:
Originally Posted by incynr8 View Post
Norton Corp should pickup on EVENT, such as file access or local execution. It will not scan the entire volume upon mounting.
Isn't there a way to set that up with corp? I seem to remember that we [company I worked for] had it set up that anything new on the network had to be scanned/updated by Norton before it was allowed to access the network. Or is that just when a new computer was added/plugged into the network not just a device? I know I remember having to wait long periods of time to access the network with my laptop after a road trip.

I'm no IT person but I do like to stay abreast of stuff since I maintain my own at home with family members causing all sorts of hell for me
__________________


"Rather fail with honor than succeed by fraud." -Sophocles

My Pyre #PY008 RF Oak Grendel's Feedback on MCB Pyre Serial Number List
Grendel is online now   Reply With Quote
Reply

  mcarterbrown.com » General » Off-Topic » Plugged in

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

Forum Jump


All times are GMT -4. The time now is 01:01 PM.


Powered by vBulletin® Version 3.8.6
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO
© MCB Network LLC