An IT question, please? About plugging unknown USB keys without risking malware and infections.
Hello guys!
I’ll have soon finished collecting around 20 USB keys, we’re gathering photos and putting them together for an end of school year album. Problem is: I absolutely distrust the computer skills of the persons who are going to give me their thumb drives, and I’d rather not have my computer infected (my hardware is already fucked up enough, thank you.)
In that regard, would you know of solutions to*safely* access those USB keys’ data?
The simplest solution I can think of is to boot a Linux live distro, plug the keys into my PC running Linux, manually select and copy the images on the thumb drives to a local hard drive or upload them to an online host, and be done while using Linux.
But that won’t be the only time I collect USB keys, so I’d love a solution that wouldn’t make me reboot my machine.
Would you know if the infection risks remain, if I plug an USB hub to my computer, and stick the USB keys inside the hub?
Or would there be officially safe hardware solutions, something like the USB hub, but kinda made to prevent any sort of execution or infection, strictly allowing to read and nothing else?
(I also thought of asking the teachers at my kids’ school, how do they deal with the infection risk? The terrifying answer was: oh, it’s allright, I’ve got an antivirus, I plug them directly and it’s always worked. They all use Windows.)
Thanks if you’ve got an idea in that regard
Edit 1, adressing any kind of advice relying on antivirus and antimalware software solutions: there will never be a 100% detection/recognition rate, so those solutions aren’t what I’m after anyway :o
Edit 2: shieeeeeeeet, so there are keys that attack directly the UEFI bios? Goddamnit, linux live CDs won’t be a solution. Probably going to have to use an old machine and upload images to a cloud storage, then.
Edit 3: you know what? Raspeberry pi it is. THAT, this is safe, and for like 40€ I have a great little device that will serve again in the future.
Malwarebytes. Eset NOD 32.
Instead of tryharding with other OS, just get proper AV solutions. Both Malwarebytes and Eset gets multiple updates daily, had both since ages and never got my PC infected and I had to deal with ‘annoying’ USB plugs
I should have updated my post with that mention, that I saw later in the comments, to me it was so obvious I felt no need to type it – I was wrong, I should have thought that would cause replies like yours.
No antivirus is 100% efficient, if 5% of the risks aren’t recognized, it’s already fucking too much. See the idea?
More like – really? Someone is going to tryhard so much to insteal fixed perfect rootkit for to attack you? Well, get spare 30$, byt old PC off scrapyard, install linux/windows on USB/liveCD/SpareHDD whatever, insert desited USB –> start debugging stuff, then do reverse enginerring, say HI to attacker, i would be way too lazy to do that tho! But still, USB is a device that is ALWAYS CONNECTED TO POWER, so if someone will try to abuse that, your stuff will be infected, so either sandbox it or spare machine for test purposes! That would be your safest bet
You’re safer booting from a live CD image, if you want to copy files or data.
That’s my plan, as things are, yeah
You could use a Virtual Machine like VMWare, install there Linux and then use any of the Sandbox programms existing for your selected distro. Don’t use a hub!! There is no protection from malware, viruses,etc using a hub. Antivirus are all OK but they are updatin the DB two weeks too late for experienced hackers.
My honest opinion
This is less safe than disconnecting the local drives and booting from a live CD, which is not perfectly safe either. There are U3 keys capable of infecting UEFI BIOSes, without consideration for the OS settings, while staying under the radar of the OS, hence of any AV solution. Without specialized hardware (and by that I mean the whole PC), one’s best bet is a live CD. Created the day of use with an AV installed, so Olivier may check the files he accesses for known viruses.
@Boodah
Virtual machines > lol (the host is running windows and can still be infected first)
@John Doe: no shit, some infected usb keys can infect the uefi bios too?!? Shit, I didn’t know, I thought the “hello, I’m an USB key with something that will fuck you up – hello, I’m the OS and I’m not made to resist the fucking up” dialogue was strictly at the OS level, not at the motherboard and UEFI level.
Wait a sec. My googling produced contradictory results, can some random child parent handle me a key that would have become u3 type because of a worm on his machine?
Or would only persons with officially evil intent own them?
I dont know exactly but virus and malware almost always change registry in windows, you can create another user and set in the registry that, that new user only can read the registry and cannot make any changes.(http://www.bench3.com/2009/11/prevent-changes-to-registry-key-avoid.html this may help) read all, make sure that later you can rollback. Also prevent execution from plug devices (http://www.makeuseof.com/tag/how-to-prevent-a-usb-drive-from-running-anything-automatically-in-windows/) another link that may help. So use that new user and plug the usb.
;-)
PS:Antivirus, antimalware help too but its like condoms they work 99.9%.
Bulk answering:
Oh shoot, I forgot to monitor the spam category for the comments. Restoring every comment trapped in there since last week, sorry about that!
Gee, condoms work much better than software solutions against viruses and malwares, man, boasting a 90% detection rate against large sets of known pests is already extremely rare ^^
As for the rest, I’m on the non-convinced side. If I plug something that manages to alter the registry, I feel it’s already too late.
Thanks for the anti-autorun mention btw, you spared me some googling ^^
The only sure way to protect yourself from an infected USB drive is to have a standalone system that uploads the images to a cloud service. An old laptop or desktop (can be bought for less than $100) can be configured as such. Set it up to boot from a disc using FalconFour’s Ultimate Boot CD (https://falconfour.wordpress.com/tag/f4ubcd/). Completely wipe the drive before each new project.
Bulk answering:
Oh shoot, I forgot to monitor the spam category for the comments. Restoring every comment trapped in there since last week, sorry about that!
Yeah, well, plugging it into another machine is the ultimate last resort operation for me, sadly. I can do that (borrow an abandoned fucked up machine), but it would be kind of a hindrance.
A comment above mentioned some usb keys (“u3”) had the power to fucking infect at uefi BIOS level, god damnit, I wouldn’t have thought that even remotely possible. If keys of that time are common; or if common keys can be modified in that direction by worms/malware; or if one of the persons giving me a key is an asshole; then, yeah, still, I’d have to go that way
It’s depressing to think of that, I wouldn’t have imagined it existed.
Thanks for Falconfour’s mention, I didn’t know of that, it might be fun to check. Though, totally wiping might be going overboard. Simply booting a linux live cd/dvd/usb, copying keys’ content to hard disk, uploading the images to an image cloud storage host (one that doesn’t take content as is, but manages them as images officially, that way, when I fetch them back, it’s the cloud host that serves me his version of the files)…
It’s more complication that I would have wished, I’m regretting more than before having been convinced to lend a hand with that end of year project.
Yes, there’s nasty packages out there that can wreck UEFI BIOS. That’s why we used old standalone machines that weren’t connected to the LAN to handle non-secure/outside files or media. Their job was to be both the canary and the gloves. They’re disposable because what organization doesn’t have old hardware lying around. Even if your organization doesn’t, there’s bound to be one or two guys with extra hardware sitting in boxes that they’d be willing to get rid… err, donate.
A single board computer can work as a screener, but be away that trusting something that gets past a PI scanner doesn’t mean that it’s clean. If you can get it to send it to a cloud application, then it’s fine. If you’re just using it to send “scanned” files to your PC, keep in mind that image files can also be infected. As mentioned, you really want to use a cloud service that will scan image files for you and give you a processed image to use. A Raspberry PI malware/virus scanner is only as good as the software installed. As to whether it’s good enough… new virus wares are notoriously difficult for antivirus programs to detect, with some only detected about 5% of the time.
Newer windows versions now prevent autorun function from usb hardware, even that usb device got some malware and plugged to ur pc, the infections still prevented unless you access it (open it from explorer or my computer). I advised scan it first with updated av program before you access it. My suggestion is u scan it with malwarebytes first (make sure u updated it before scanning), after scan is done, rescan it again with your av program like avira, eset, norton, etc.. If u can, try scan it on other pc.
No antivirus or antimalware can boast a 100% (or even 95%) recognition rate, sadly.
And, as I’m going to officially open the keys, disabling autoexecution only postpones the issue.
I learned in the comments above that some USB keys can even fuck up your machine at the UEFI bios level, it’s been a shock
And it would mean a live linux wouldn’t be a satisfactory solution.
As things are, borrowing an old but still working machine to plug the keys is the only resort, meh
yes, no AV or antimalware can provide 100% coverage, that’s why multilayered defense is advised, at least you should have 1 regular antivirus, 1 antimalware, and have 1 bi-directional firewall. Right now, the most secure solution is plugging the usb drives to the old or expendable pc first before you plugged it to your main pc, just like you said before.
If you are thinking of the major viruses that struck Iran, then you wobt be able to do anything. However feel safe because you arent a state target.
If you are worried about maleware from recent malware updates in the news, again dont worry. The affected computers did not update serious security updates from at least 3 months ago or had a software compromised that was installed from a local source. If you are using non-unheard of software, dont worry. Stay updated and you should not have an issue. Microsoft even gave security updates to XP and Vista that eould have prevented some of the breakins well after they stopped support.
I remember an old short webcomic about which things you are safe from. Solutions ranging from “install antivirus” to “fake death and live in an undersea nuclear submarine”.
In the end there was the mossad category, with “buy a magic amulet or something idk, it still wouldn’t be enough” ^^
I don’t feel safe relying on an antivirus and antimalware. If both have a 95% detection rate, that’s still a high window of opportunity for catching shit.
Disabling autoexecution is a joke when I’ll be browsing the content of the keys anyway.
Linux live CD: I learned in the comments above some keys adressed the uefi bios directly.
So, well, apart from plugging the keys to a borrowed old machine, I’m not sure anymore, sigh ^^
Just create a shared folder in Google Drive and ask everybody to upload their imgs there.
Heh.
You know what, I might do that. At worst it would mean I’d spend 10 minutes on the phone with half of the parents.
Taking good note for a decision tomorrow, thank you Red.
Antivir mostly just doesnt work, if its a new virus. best protection is and will always be a aware and good working brain (as you already proved by asking this).
pretty simple way (but a bit more pricy than just using a LiveDistro) is useing a RaspberryPi just for copying and checking files. Even if there is something malicious infecting it, who cares? just reformat the SDcard with another instance of Noobs (fastes way to install any OS on a Pi) and its like nothing had happend. better than risking by mistake the liveDistro infecting my working HDDs.
I’ll openly be a fucking newbie here, I didn’t think of a rasp. But, yeah, it’s an idea, a really good one.
For something like 40€, I’ve got something with a totally uncommon OS, in which I can plug USB keys, and that I can connect to my PC by USB wire.
And it won’t be 40€ wasted, I’ll be able to plug every alien USB key I’m ever given again in the future.
(plus, toy with a raspberry pi, huhu)
You know what, I’m taking your solution as THE solution.
Thank you man.
Don’t accept physical digital hardware submissions. Have them share you a google doc, or digital file, so you can open it from a virtual machine.
I was in a “let’s be friendly and not make them do all the work” mood when I accepted to take USB keys with photos for the end of year album project.
Plus I suspected some of them would kinda fuck up, fail upload, give up after mistyping the login/password of the drive account, etc.
But the above discussions were discouraging enough, heh.
Until somebody mentioned using a raspberry pi. That, this is a solid gold idea.
Ninjapendisk. Free and stops programs autorunning from the moment you plug it in. We used it on university pcs at my university.
I’ll google the name for reference, thanks.
Although – I’ll have to google it to move from suspicion from knowing – I wonder if it would be enough against infections attacking bios and the like. Disabling autoexecution stops risks… until you open the key in explorer, from what I know at the moment. (operative word “at the moment” )
But as things are, after past discussions above, I’m going in a rasperry pi direction. For like 40€, I’d be officially 100% safe, and I’d have a device that would work again in the future for whatever I may want.
Hmmm… it really also depends on how far you want to go and how cheap.
http://www.ninjapendisk.com here is the link.
But this is literally the answer to your question. Since it also immunizes the future risks as well as prevention and removal of risks that plagues USB data distribution.
If you are further skeptical, you can use a dummy pc that is deep frozen (look it up or send me an email) to ensure you dont run into further issues.
Wish you luck.
First easy tips: deactivate autorun for all drives (check default actions if you are on windows 10).
After that, either you trust your antir solution or you don’t. A hub won’t help.
If you don’t trust your antivir (and don’t mind what happens to the keys) your best bet woul be going to a cybercafé, upload what you need from the key to an online service (google/amazon drive for example) et retrieve them from your computer after that.
The cybercafé mention: “if you fear you’ve got aids but you haven’t checked yet, better officially choose a girl who’s already infected”. Usually, that’s what cybercafé advice revolves about
Not here, though, OK, thanks to cloud storage hosts, they do their own in ensuring they only take the legit contents and regurgigating clean contents ^^
After the above discussion, I’m more going towards a raspberry pi solution.
Just disable the autorun feature in Windows. On XP, you can create a registry entry to disable all autorun functionality (though some Windows programs change the setting back). The newer Windows versions allow you to change the autorun settings from Control Panel.
After disabling autorun, just right-click the drive icon for the USB stick and click on ‘Explore’ to view the contents of the USB drive. Choosing the ‘Open’ menu item or just double-clicking the icon might still use the autoplay function.
Viruses and malware are programs, so if you don’t run them, then they can’t do anything. On top of that, unless you’re foolish to run your system as an administrator all the time, then malware can’t infect your system. The exceptions are where the malware creator has found an exploit somewhere which allows the program to elevate to administrator access (very rare), or the user ran the program with administrator privileges and UAC was disabled.
(User Access Control runs programs with non-administrator privileges, even if the user is an administrator.)
Dear Oliver,
first I’d like to use this chance to thank you for supplying us with great hentai mangas.
Regarding your question and your updated postings, I’d like to inform you about an other problem which could harm any device you plug in unknown usb sticks, not because of malware but because these attacks have the chance to destroy important parts of your PC like mainboard and other devices which are connected with it.
You can inform yourself here, it’s the website of the manufacturer: https://www.usbkill.com/ or read an article regarding this device: http://fortune.com/2016/09/10/usb-killer-hardware/
If you ask me, I think your chosen option with the raspi is the best option, because if anything which could be destroyed by a surge of a usbkill device, it would be the raspi and maybe the display. Worst scenario could be a connected LAN, so I’d recommend to use wifi as connection mode.
Hope to help you with this information!
Have a nice sunday!
Thanks Markus =)
I knew of this usbkill shit, however we’re talking about parents of children in the same class as my own, with their name on the thumb drives. Not something an evildoer would choose purposely
I’d use an additional machine at minimal cost, running a linux variant.
A Rasberry Pi will set you back 30$ or so and should be oblivious to pretty much anything.
use condom
Might have been mentioned, however you can go into computer settings and turn off “auto-install from USB” then plug it in and scan.
For windows systems, the easiest way is to disable USB devices from using their autorun functions (https://support.microsoft.com/en-nz/help/967715/how-to-disable-the-autorun-functionality-in-windows). This can be done either from group policy or through a registry edit, both *should* be covered in the above link. After its disabled, then you can safely view the files within the USB and do whatever you need.
I highly recommend to install CryptoPrevent. A software that helps a lot against ransomware that encrypts your files.
Hello guy, you can use “USB fix” i think. Personnely i use “USB set” because it’s already in my language but didn’t have in english. The principle stays the same, they disable the autorun file so that usb key does not run by itself.
I put you the link of the site in question here : https://www.fosshub.com/UsbFix.html .
I hope i helped you on this blow my friend.
So if you use a virtual machine theoretically it would contain any malware in it. The link i attached is what i read it from. but just in case your as paranoid as i am just google search “is malware in a virtual machine contained?” and that should bring up a good about of information. On top of this any other suggestion given on this thread can be used to make extra sure no malware gets into the virtual environment. This would be the equivalent of using double condoms. I dont like putting my email down, but ill check this thread every so often so tell me what you think.
If you used windows, don’t open using windows explorer. Use other file manager.
There is a little effort making windows explorer don’t run an autorun program in any external drive but it will not prevent windows explorer from recognize any external drive that has an autorun program. There is a different in there, you know. recognizing and running it.
How to do it?
It in windows registry.
If your windows is win 10, you need really hardwork to accomplish it.
Let just say m$ want to control any aspect in windows 10.