USB safety in an industry that likes to trade USB sticks

SpecialKO · Oct 18, 2018

Hey all,

I never worried about this as much because I had a Mac, but I've recently switched back to a Windows machine at work, and I'm now a lot more concerned about how much my industry loves putting presentations on give-away USB sticks, which has some pretty obvious malware concerns. Aside from avoiding these giveaways as much as is humanly possible, does anyone have any specific recommendations on reasonably safe usage? If the answer is simply "run a virtual machine", does anyone have any recommendations?

ncts_dodge_man · Oct 18, 2018

Safest bet - never plug one in.
Second safest - always make sure everything is up to date (AV/Malware/etc), take a full backup of your important data and have it saved somewhere not connected to the PC - make sure all license keys and installs (if personal) or IT has backups of everything before plugging it in, then as soon as you do, scan the heck out it. Also, make sure it's not active on a network as to mitigate any viruses that go after network drives.

Alternatively, see (if you have an IT department) if IT would have a PC that can be rebuilt/reimaged and plug it in there first, then scan the heck out of it, or if they have a non-Windows PC to see what the contents are.

A virtual machine may work too, but you're still plugging it into a host PC, so that only mitigates it some.

Gruebeard · Oct 18, 2018

ncts_dodge_man said:
Alternatively, see (if you have an IT department) if IT would have a PC that can be rebuilt/reimaged and plug it in there first, then scan the heck out of it, or if they have a non-Windows PC to see what the contents are.

IOW use someone else's computer

Seems like an excellent solution really. Test it out on a computer not attached to yours or even the network.

PatrThom · Oct 18, 2018

SpecialKO said:
If the answer is simply "run a virtual machine", does anyone have any recommendations?

Unfortunately, the answer is NOT “Just run a virtual machine.” I only wish it could be that simple. Running a virtual machine WILL protect you from apps and such which autorun or which masquerade as legitimate content until launched/accessed, but a VM can only protect you from hazards which are contained within the data area of the drive, and there are so many other ways a USB drive can be prepared to make it attack your computer. There are devices which can mitigate these sorts of attacks, but they’re not a guarantee. There’s really only one way to ensure that evil USBs will not attack your computer, and that is to fill all your USB ports with hot glue or to somehow electrically disconnect them internally, because unless you can ensure that nobody but you ever has access to your computer, there’s always the chance that someone could poison it when you’re not looking.

So I guess the real lesson is... don’t plug anything into your computer that you don’t trust. Ever.

—Patrick

Bubble181 · Oct 18, 2018

Keep a separate, old pc or laptop around just to check out these presentations, not connected to the internet or your network.

PatrThom · Oct 18, 2018

Bubble181 said:
Keep a separate, old pc or laptop around just to check out these presentations, not connected to the internet or your network.

Trouble is, if a stick infects the USB firmware of the controller that's inside the computer, then every USB you plug into that computer going forward will be infected by the computer, so this only works if you test using a brand new, known uncompromised computer and then throw that computer away afterwards.

--Patrick

SpecialKO · Oct 18, 2018

My IT felt has several layers of backups so that part isn’t too bad.

But the best option sounds like I should just ask someone else at the conference to email me the presentation, frankly.

Ah, well. Thanks, all!

PatrThom · Oct 18, 2018

SpecialKO said:
the best option sounds like I should just ask someone else at the conference to email me the presentation, frankly.

CDs/DVDs are still an option, and so is P2P WiFi.

—Patrick

SpecialKO · Oct 18, 2018

PatrThom said:
CDs/DVDs are still an option, and so is P2P WiFi.

Event organizers don't do CD/DVDs anymore because no one has a laptop with an optical drive anymore. P2P Wifi is a good option.

ncts_dodge_man · Oct 19, 2018

Depending on the format of the presentation, you still aren't 100% safe with email or even P2P Wifi - many presentations can be infected with stuff as well, which is where a VM would be able to protect your main PC, or, again, an easily reinstalled separate from network PC to actually open it.

Gared · Oct 19, 2018

We used to get parts catalogs from some of our big vendors on USB sticks - almost 50% of them had trojans on them. It was such a hassle.

Ravenpoe · Oct 19, 2018

If your worry is the hardware of the USB and not the software, there are devices, usually a raspberry pi based device, that will copy the data from an unknown USB to a known one, so that the hardware never touches your machine

Fun Size · Oct 19, 2018

Gared said:
We used to get parts catalogs from some of our big vendors on USB sticks - almost 50% of them had trojans on them. It was such a hassle.

Wait, if they have Trojans on them aren't they safer? I mean, if you're going to plug it in anyway.