PDA

View Full Version : Panda USB and AutoRun Vaccine


rusty.nells
04-26-2009, 01:33 AM
Did a quick (but not thorough) search and haven't seen this mentioned on the site.

I haven't tried it but it looks promising.

Panda USB and AutoRun Vaccine (http://research.pandasecurity.com/archive/Panda-USB-and-AutoRun-Vaccine.aspx)

From the web site:

Computer Vaccination

The free Panda USB Vaccine allows users to vaccinate their PCs in order to disable AutoRun completely so that no program from any USB/CD/DVD drive (regardless of whether they have been previously vaccinated or not) can auto-execute. This is a really helpful feature as there is no user friendly and easy way of completely disabling AutoRun on a Windows PC.


USB Vaccination

The free Panda USB Vaccine can be used on individual USB drives to disable its AUTORUN.INF file in order to prevent malware infections from spreading automatically. When applied on a USB drive, the vaccine permanently blocks an innocuous AUTORUN.INF file, preventing it from being read, created, deleted or modified. Once applied it effectivelly disables Windows from automatically executing any malicious file that might be stored in that particular USB drive. The drive can otherwise be used normally and files (even malware) copied to/from it, but they will be prevented from opening automatically. Panda USB Vaccine currently only works on FAT & FAT32 USB drives. Also keep in mind that USB drives that have been vaccinated cannot be reversed except with a format.

Jory
04-26-2009, 02:57 AM
It's portable AND has command line parameters. This is going right on my USB stick.

purple_minion
04-26-2009, 04:19 AM
Also keep in mind that USB drives that have been vaccinated cannot be reversed except with a format.

I'm sure you didn't write it, but I'll bet you my first born child I can reverse it on the usb drive.

14049752
04-26-2009, 04:52 AM
I'm sure you didn't write it, but I'll bet you my first born child I can reverse it on the usb drive.

You would win that bet. I used Cygwin and chmod to change the file to allow read/write access. Inside the autorun.inf file that the program created is just a string of text "caacaacaacaacaa "

Honestly, this will only help marginally because I guarantee if I was able to change file permissions so easily, malware authors will find it laughable.
In fact, they could use this to prevent usb drives from being cleaned...just use linux file permissions to allow it to only be read and not deleted or written.
Better off just using a write protected flash drive instead of hoping for some miracle software fix.