A topic that I might have brought up before (too lazy to go find it) and which really hit home over this last weekend - USB portable storage devices and current malware are a match made in virus heaven.
Friend of mine called me in a panic - his main computer slowed down so he thought he might clean it up a bit. Made a full backup of his photo's and documents to a portable USB drive. Started the cleanup, saw some odd behavior, downloaded an alternate virus scanner trial, found nasty nasty stuff that he could not clean up, rebuilt the OS after formatting the drive -- and started to restore his files from that backup.
Remember that backup? The one he took from what was likely an already infected system? The second he inserted that drive into a USB port - wham! Infected again. That's when he finally called me . . .
Much like virus infections that spread via 5.25 and 3.5 diskettes in days of yore, a new generation of backdoor Trojans, Rootkits, Keyloggers, Botnet/Zombie infections and other malware use USB drives as an infection vector.
This is exceptionally nasty for consultants that use USB drives as their portable toolkit. They stick their drive into an infected computer, which infects their portable drive, which in turn infects the very next computer into which they insert said drive if Autoplay is turned on . . .
Solutions do exist though. My personal solution - which I use in my business - is to use USB thumb drives with a Write Protection Switch (a physical slider switch on the side of the drive that sets the drive to read-only mode and cannot be bypassed by software)
while in the field. I also keep a full redundant backup of my software toolkit in safe storage. (Not to mention I scan my thumb drives after every client visit.)
So you set the drive to read/write
when copying data to it from a safe computer. Switch the thing to read only
while using it in other computers.
The only trouble is that if you need to write/save a file to the drive while visiting another computer - you had better make darn sure that a)
that other computer is running a current and trustworthy anti-malware suite and b)
that your own computer at your home or office has autoplay turned off and c)
that afterwards you think very hard about using that drive in any other computer before getting it scanned from a safe location.
The other problem is that finding
a USB drive with a physical "Write Protection Switch" is fairly difficult. I've got two different brands in my toolkit now. It took some serious google-fu to locate them and even more effort to find a vendor that sold the models. (Iomega and Kanguru for those curious - the Kanguru is fast and secure, but much more pricy.)
I've said it before, here it is again (and updated for Vista users):( Collapse )