An IT question, please? About plugging unknown USB keys without risking malware and infections.

1 Star2 Stars3 Stars4 Stars5 Stars (4 votes, average: 4.25 out of 5)
Loading...
By Oliver (AKA the Admin) on 43 comments
in Categories: Just Talking

Hello guys! :)

I’ll have soon finished collecting around 20 USB keys, we’re gathering photos and putting them together for an end of school year album. Problem is: I absolutely distrust the computer skills of the persons who are going to give me their thumb drives, and I’d rather not have my computer infected (my hardware is already fucked up enough, thank you.)

In that regard, would you know of solutions to*safely* access those USB keys’ data?

The simplest solution I can think of is to boot a Linux live distro, plug the keys into my PC running Linux, manually select and copy the images on the thumb drives to a local hard drive or upload them to an online host, and be done while using Linux.

But that won’t be the only time I collect USB keys, so I’d love a solution that wouldn’t make me reboot my machine.

Would you know if the infection risks remain, if I plug an USB hub to my computer, and stick the USB keys inside the hub?
Or would there be officially safe hardware solutions, something like the USB hub, but kinda made to prevent any sort of execution or infection, strictly allowing to read and nothing else?

(I also thought of asking the teachers at my kids’ school, how do they deal with the infection risk? The terrifying answer was: oh, it’s allright, I’ve got an antivirus, I plug them directly and it’s always worked. They all use Windows.)

Thanks if you’ve got an idea in that regard :)

Edit 1, adressing any kind of advice relying on antivirus and antimalware software solutions: there will never be a 100% detection/recognition rate, so those solutions aren’t what I’m after anyway :o

Edit 2: shieeeeeeeet, so there are keys that attack directly the UEFI bios? Goddamnit, linux live CDs won’t be a solution. Probably going to have to use an old machine and upload images to a cloud storage, then.

Edit 3: you know what? Raspeberry pi it is. THAT, this is safe, and for like 40€ I have a great little device that will serve again in the future.

Subscribe
Notify of
guest

43 Comments
oldest
newest most voted
Inline Feedbacks
View all comments
Yes
Yes
6 years ago

Malwarebytes. Eset NOD 32.
Instead of tryharding with other OS, just get proper AV solutions. Both Malwarebytes and Eset gets multiple updates daily, had both since ages and never got my PC infected and I had to deal with ‘annoying’ USB plugs

Yes
Yes
6 years ago

More like – really? Someone is going to tryhard so much to insteal fixed perfect rootkit for to attack you? Well, get spare 30$, byt old PC off scrapyard, install linux/windows on USB/liveCD/SpareHDD whatever, insert desited USB –> start debugging stuff, then do reverse enginerring, say HI to attacker, i would be way too lazy to do that tho! But still, USB is a device that is ALWAYS CONNECTED TO POWER, so if someone will try to abuse that, your stuff will be infected, so either sandbox it or spare machine for test purposes! That would be your safest bet

Kjellpenis
Kjellpenis
6 years ago

You’re safer booting from a live CD image, if you want to copy files or data.

Boodah607
Boodah607
6 years ago

You could use a Virtual Machine like VMWare, install there Linux and then use any of the Sandbox programms existing for your selected distro. Don’t use a hub!! There is no protection from malware, viruses,etc using a hub. Antivirus are all OK but they are updatin the DB two weeks too late for experienced hackers.
My honest opinion

John Doe
John Doe
6 years ago
Reply to  Boodah607

This is less safe than disconnecting the local drives and booting from a live CD, which is not perfectly safe either. There are U3 keys capable of infecting UEFI BIOSes, without consideration for the OS settings, while staying under the radar of the OS, hence of any AV solution. Without specialized hardware (and by that I mean the whole PC), one’s best bet is a live CD. Created the day of use with an AV installed, so Olivier may check the files he accesses for known viruses.

Just a regular user
Just a regular user
6 years ago

I dont know exactly but virus and malware almost always change registry in windows, you can create another user and set in the registry that, that new user only can read the registry and cannot make any changes.(http://www.bench3.com/2009/11/prevent-changes-to-registry-key-avoid.html this may help) read all, make sure that later you can rollback. Also prevent execution from plug devices (http://www.makeuseof.com/tag/how-to-prevent-a-usb-drive-from-running-anything-automatically-in-windows/) another link that may help. So use that new user and plug the usb.

;-)
PS:Antivirus, antimalware help too but its like condoms they work 99.9%.

(-_-);
(-_-);
6 years ago

The only sure way to protect yourself from an infected USB drive is to have a standalone system that uploads the images to a cloud service. An old laptop or desktop (can be bought for less than $100) can be configured as such. Set it up to boot from a disc using FalconFour’s Ultimate Boot CD (https://falconfour.wordpress.com/tag/f4ubcd/). Completely wipe the drive before each new project.

(-_-);
(-_-);
6 years ago

Yes, there’s nasty packages out there that can wreck UEFI BIOS. That’s why we used old standalone machines that weren’t connected to the LAN to handle non-secure/outside files or media. Their job was to be both the canary and the gloves. They’re disposable because what organization doesn’t have old hardware lying around. Even if your organization doesn’t, there’s bound to be one or two guys with extra hardware sitting in boxes that they’d be willing to get rid… err, donate.

A single board computer can work as a screener, but be away that trusting something that gets past a PI scanner doesn’t mean that it’s clean. If you can get it to send it to a cloud application, then it’s fine. If you’re just using it to send “scanned” files to your PC, keep in mind that image files can also be infected. As mentioned, you really want to use a cloud service that will scan image files for you and give you a processed image to use. A Raspberry PI malware/virus scanner is only as good as the software installed. As to whether it’s good enough… new virus wares are notoriously difficult for antivirus programs to detect, with some only detected about 5% of the time.

John Doeeee
John Doeeee
6 years ago

Newer windows versions now prevent autorun function from usb hardware, even that usb device got some malware and plugged to ur pc, the infections still prevented unless you access it (open it from explorer or my computer). I advised scan it first with updated av program before you access it. My suggestion is u scan it with malwarebytes first (make sure u updated it before scanning), after scan is done, rescan it again with your av program like avira, eset, norton, etc.. If u can, try scan it on other pc.

johndoee
johndoee
6 years ago

yes, no AV or antimalware can provide 100% coverage, that’s why multilayered defense is advised, at least you should have 1 regular antivirus, 1 antimalware, and have 1 bi-directional firewall. Right now, the most secure solution is plugging the usb drives to the old or expendable pc first before you plugged it to your main pc, just like you said before.

CuriousReader
CuriousReader
6 years ago

If you are thinking of the major viruses that struck Iran, then you wobt be able to do anything. However feel safe because you arent a state target.

If you are worried about maleware from recent malware updates in the news, again dont worry. The affected computers did not update serious security updates from at least 3 months ago or had a software compromised that was installed from a local source. If you are using non-unheard of software, dont worry. Stay updated and you should not have an issue. Microsoft even gave security updates to XP and Vista that eould have prevented some of the breakins well after they stopped support.

Red
Red
6 years ago

Just create a shared folder in Google Drive and ask everybody to upload their imgs there.

just another Sysadmin
just another Sysadmin
6 years ago

Antivir mostly just doesnt work, if its a new virus. best protection is and will always be a aware and good working brain (as you already proved by asking this).
pretty simple way (but a bit more pricy than just using a LiveDistro) is useing a RaspberryPi just for copying and checking files. Even if there is something malicious infecting it, who cares? just reformat the SDcard with another instance of Noobs (fastes way to install any OS on a Pi) and its like nothing had happend. better than risking by mistake the liveDistro infecting my working HDDs.

brda
brda
6 years ago

Don’t accept physical digital hardware submissions. Have them share you a google doc, or digital file, so you can open it from a virtual machine.

Unwillinghero
Unwillinghero
6 years ago

Ninjapendisk. Free and stops programs autorunning from the moment you plug it in. We used it on university pcs at my university.

Unwillinghero
Unwillinghero
6 years ago

Hmmm… it really also depends on how far you want to go and how cheap.
http://www.ninjapendisk.com here is the link.
But this is literally the answer to your question. Since it also immunizes the future risks as well as prevention and removal of risks that plagues USB data distribution.
If you are further skeptical, you can use a dummy pc that is deep frozen (look it up or send me an email) to ensure you dont run into further issues.

Wish you luck.

Keligh
Keligh
6 years ago

First easy tips: deactivate autorun for all drives (check default actions if you are on windows 10).
After that, either you trust your antir solution or you don’t. A hub won’t help.

If you don’t trust your antivir (and don’t mind what happens to the keys) your best bet woul be going to a cybercafé, upload what you need from the key to an online service (google/amazon drive for example) et retrieve them from your computer after that.

Dan
Dan
6 years ago

Just disable the autorun feature in Windows. On XP, you can create a registry entry to disable all autorun functionality (though some Windows programs change the setting back). The newer Windows versions allow you to change the autorun settings from Control Panel.
After disabling autorun, just right-click the drive icon for the USB stick and click on ‘Explore’ to view the contents of the USB drive. Choosing the ‘Open’ menu item or just double-clicking the icon might still use the autoplay function.

Viruses and malware are programs, so if you don’t run them, then they can’t do anything. On top of that, unless you’re foolish to run your system as an administrator all the time, then malware can’t infect your system. The exceptions are where the malware creator has found an exploit somewhere which allows the program to elevate to administrator access (very rare), or the user ran the program with administrator privileges and UAC was disabled.
(User Access Control runs programs with non-administrator privileges, even if the user is an administrator.)

Markus
Markus
6 years ago

Dear Oliver,
first I’d like to use this chance to thank you for supplying us with great hentai mangas.
Regarding your question and your updated postings, I’d like to inform you about an other problem which could harm any device you plug in unknown usb sticks, not because of malware but because these attacks have the chance to destroy important parts of your PC like mainboard and other devices which are connected with it.
You can inform yourself here, it’s the website of the manufacturer: https://www.usbkill.com/ or read an article regarding this device: http://fortune.com/2016/09/10/usb-killer-hardware/

If you ask me, I think your chosen option with the raspi is the best option, because if anything which could be destroyed by a surge of a usbkill device, it would be the raspi and maybe the display. Worst scenario could be a connected LAN, so I’d recommend to use wifi as connection mode.

Hope to help you with this information!
Have a nice sunday!

Yves
Yves
6 years ago

I’d use an additional machine at minimal cost, running a linux variant.
A Rasberry Pi will set you back 30$ or so and should be oblivious to pretty much anything.

Kjet
Kjet
6 years ago

use condom

Charles D.
Charles D.
6 years ago

Might have been mentioned, however you can go into computer settings and turn off “auto-install from USB” then plug it in and scan.

Jay
Jay
6 years ago

For windows systems, the easiest way is to disable USB devices from using their autorun functions (https://support.microsoft.com/en-nz/help/967715/how-to-disable-the-autorun-functionality-in-windows). This can be done either from group policy or through a registry edit, both *should* be covered in the above link. After its disabled, then you can safely view the files within the USB and do whatever you need.

Zeros
Zeros
6 years ago
Reply to  Jay

I highly recommend to install CryptoPrevent. A software that helps a lot against ransomware that encrypts your files.

Drim
Drim
6 years ago

Hello guy, you can use “USB fix” i think. Personnely i use “USB set” because it’s already in my language but didn’t have in english. The principle stays the same, they disable the autorun file so that usb key does not run by itself.
I put you the link of the site in question here : https://www.fosshub.com/UsbFix.html .
I hope i helped you on this blow my friend.

bruh
6 years ago

So if you use a virtual machine theoretically it would contain any malware in it. The link i attached is what i read it from. but just in case your as paranoid as i am just google search “is malware in a virtual machine contained?” and that should bring up a good about of information. On top of this any other suggestion given on this thread can be used to make extra sure no malware gets into the virtual environment. This would be the equivalent of using double condoms. I dont like putting my email down, but ill check this thread every so often so tell me what you think.

NamiSan
NamiSan
6 years ago

If you used windows, don’t open using windows explorer. Use other file manager.

There is a little effort making windows explorer don’t run an autorun program in any external drive but it will not prevent windows explorer from recognize any external drive that has an autorun program. There is a different in there, you know. recognizing and running it.
How to do it?
It in windows registry.

NamiSan
NamiSan
6 years ago

If your windows is win 10, you need really hardwork to accomplish it.
Let just say m$ want to control any aspect in windows 10.