| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 22 Nov 2008 14:07:07 -0500 From: "Exibar" <exibar@...lair.com> To: "'Bipin Gautam'" <bipin.gautam@...il.com>, "'n3td3v'" <xploitable@...il.com> Cc: full-disclosure@...ts.grok.org.uk, webmaster@...cert.gov Subject: Re: [inbox] Re: Fwd: Comment on: USB devices spreading viruses wow, disabling files to run from the root of all drives would never, ever fly in a corporate environment. Although I do like the idea on stopping autorun malware, it would work... but oh the calls to the helpdesk! ;-) Simply disabling autorun is a much better solution. Exibar -----Original Message----- From: full-disclosure-bounces@...ts.grok.org.uk [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of Bipin Gautam Sent: Friday, November 21, 2008 11:58 AM To: n3td3v Cc: full-disclosure@...ts.grok.org.uk; webmaster@...cert.gov Subject: [inbox] Re: [Full-disclosure] Fwd: Comment on: USB devices spreading viruses USB / FLOPPY are attractive means for virus/worm to propagate. Here is a workaround to stop a successful infection from happening (well ~99% of the time least) 1. if you dont use wscript.exe disable/rename it. 2. start menu > control pannel > administrative tools > local security policy >software restriction policy >additional rules say if c:\ d:\ and e:\ are your fixed drives then.... right click additional rules > create path rule and create path rule [DISALLOWED AS] c:\*.* d:\*.* e:\*.* // why let anything to execute from root of fixed drives. for all other drives (removable/non existing) from a - z do as a:\ b:\ f:\ g:\ ........and so on. Why let anything execute from removable drive unless you are 100% sure the pendrive is clean and from a trusted source only. always have file extension and hidden/protected system file to "show by default" from folder option. well this is it. From a personal experience i assure the above should be the BEST solution for this problem and a extra layer of defense if AV fails to detect it. thanks, -bipin On 11/21/08, n3td3v <xploitable@...il.com> wrote: > ---------- Forwarded message ---------- > From: n3td3v <xploitable@...il.com> > Date: Fri, Nov 21, 2008 at 1:11 AM > Subject: Comment on: USB devices spreading viruses > To: n3td3v <n3td3v@...glegroups.com> > > > by n3td3v November 20, 2008 5:08 PM PST > > "Meanwhile, the U.S. Department of Defense has temporarily banned the > use of thumb drives, CDs, and other removable storage devices because > of the spread of the Agent.bzt virus..." > > There is no security through obscurity. > > http://news.cnet.com/8618-1009_3-10104496.html?communityId=2114&targetCommun ityId=2114&blogId=83&messageId=5043948&tag=mncol;tback > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -- x-no-archive: yes _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists