Export thread

USB safety in an industry that likes to trade USB sticks

#1

SpecialKO

SpecialKO

Hey all,

I never worried about this as much because I had a Mac, but I've recently switched back to a Windows machine at work, and I'm now a lot more concerned about how much my industry loves putting presentations on give-away USB sticks, which has some pretty obvious malware concerns. Aside from avoiding these giveaways as much as is humanly possible, does anyone have any specific recommendations on reasonably safe usage? If the answer is simply "run a virtual machine", does anyone have any recommendations?


#2

ncts_dodge_man

ncts_dodge_man

Safest bet - never plug one in.
Second safest - always make sure everything is up to date (AV/Malware/etc), take a full backup of your important data and have it saved somewhere not connected to the PC - make sure all license keys and installs (if personal) or IT has backups of everything before plugging it in, then as soon as you do, scan the heck out it. Also, make sure it's not active on a network as to mitigate any viruses that go after network drives.

Alternatively, see (if you have an IT department) if IT would have a PC that can be rebuilt/reimaged and plug it in there first, then scan the heck out of it, or if they have a non-Windows PC to see what the contents are.

A virtual machine may work too, but you're still plugging it into a host PC, so that only mitigates it some.


#3

Gruebeard

Gruebeard

Alternatively, see (if you have an IT department) if IT would have a PC that can be rebuilt/reimaged and plug it in there first, then scan the heck out of it, or if they have a non-Windows PC to see what the contents are.
IOW use someone else's computer :p

Seems like an excellent solution really. Test it out on a computer not attached to yours or even the network.


#4

PatrThom

PatrThom

If the answer is simply "run a virtual machine", does anyone have any recommendations?
Unfortunately, the answer is NOT “Just run a virtual machine.” I only wish it could be that simple. Running a virtual machine WILL protect you from apps and such which autorun or which masquerade as legitimate content until launched/accessed, but a VM can only protect you from hazards which are contained within the data area of the drive, and there are so many other ways a USB drive can be prepared to make it attack your computer. There are devices which can mitigate these sorts of attacks, but they’re not a guarantee. There’s really only one way to ensure that evil USBs will not attack your computer, and that is to fill all your USB ports with hot glue or to somehow electrically disconnect them internally, because unless you can ensure that nobody but you ever has access to your computer, there’s always the chance that someone could poison it when you’re not looking.

So I guess the real lesson is... don’t plug anything into your computer that you don’t trust. Ever.

—Patrick


#5

Bubble181

Bubble181

Keep a separate, old pc or laptop around just to check out these presentations, not connected to the internet or your network.


#6

PatrThom

PatrThom

Keep a separate, old pc or laptop around just to check out these presentations, not connected to the internet or your network.
Trouble is, if a stick infects the USB firmware of the controller that's inside the computer, then every USB you plug into that computer going forward will be infected by the computer, so this only works if you test using a brand new, known uncompromised computer and then throw that computer away afterwards.

--Patrick


#7

SpecialKO

SpecialKO

My IT felt has several layers of backups so that part isn’t too bad.

But the best option sounds like I should just ask someone else at the conference to email me the presentation, frankly.

Ah, well. Thanks, all!


#8

PatrThom

PatrThom

the best option sounds like I should just ask someone else at the conference to email me the presentation, frankly.
CDs/DVDs are still an option, and so is P2P WiFi.

—Patrick


#9

SpecialKO

SpecialKO

CDs/DVDs are still an option, and so is P2P WiFi.
Event organizers don't do CD/DVDs anymore because no one has a laptop with an optical drive anymore. P2P Wifi is a good option.


#10

ncts_dodge_man

ncts_dodge_man

Depending on the format of the presentation, you still aren't 100% safe with email or even P2P Wifi - many presentations can be infected with stuff as well, which is where a VM would be able to protect your main PC, or, again, an easily reinstalled separate from network PC to actually open it.


#11

Gared

Gared

We used to get parts catalogs from some of our big vendors on USB sticks - almost 50% of them had trojans on them. It was such a hassle.


#12

Ravenpoe

Ravenpoe

If your worry is the hardware of the USB and not the software, there are devices, usually a raspberry pi based device, that will copy the data from an unknown USB to a known one, so that the hardware never touches your machine


#13

Fun Size

Fun Size

We used to get parts catalogs from some of our big vendors on USB sticks - almost 50% of them had trojans on them. It was such a hassle.
Wait, if they have Trojans on them aren't they safer? I mean, if you're going to plug it in anyway.


Top