USB flash virus infection

HI,

I need to know if an infected flash disk can infect the computer even if the usb ports are disabled on that computer.

Thanks
oamal2001Asked:
Who is Participating?
 
myhcCommented:
wow wow, If your PC had AV, then what's the problem. USB drives are scanned, well should be. Mcafee, AVG and many others will do this.
Also, most or ALL anti-viruses scan on file open. so your be covered.

Now the downfall is if the virus is so new that you AV doesn't know about it.  But if someone really wanted to execute  a virus on your system they could by having a bootable USB virus that would bypass any system software you install, so BIOS is the only true way to do this.
0
 
mpiceniCommented:
If the ports are disabled via BIOS, there's no way, simply because Windows absolutely can't see the USB drive.
Also disabling USB support via Device manager or group policy, as far as I know, prevents infection from USB, but can't assure that an already present virus can infect the USB drive inserted. This kind of disabling is software and re-enabling can be done by software.
0
 
oamal2001Author Commented:
I disable USB through a program intelliadmin.

Regards,
0
WEBINAR: 10 Easy Ways to Lose a Password

Join us on June 27th at 8 am PDT to learn about the methods that hackers use to lift real, working credentials from even the most security-savvy employees. We'll cover the importance of multi-factor authentication and how these solutions can better protect your business!

 
myhcCommented:
BIOS is the way if you don't need to use USB for anything else.
0
 
oamal2001Author Commented:
I need to do this through network because I have more than 150 computers.

Thanks
0
 
mpiceniCommented:
IntelliAdmin USBDisabler uses group policies to disable USB support. This means that a code present on a USB drive can't be executed unless some code present on the PC tamper the protection. So very likely you'll not get a virus from USB, but you may get from other source and then put it on the USB drive. I think is an acceptable solution.
0
 
lamaslanyCommented:
What are the makes/models of your PCs?  Some allow you to modify BIOS settings through Windows...
0
 
lamaslanyCommented:
PS:  From my understanding of the registry change that IntelliAdmin USBDisabler applies it prevents Windows from loading the drivers to support the USB device.  If this is the case then Windows will not be able to properly initialise the device and will be unabel to access the file system.  This means that any driver expolits will fail and autorun-style viruses will never be loaded.  This would also have prevented the recent icon handler exploit where simply looking at the drive in Windows Explorer was enough to compromise the system.
0
 
lamaslanyCommented:
Just a quick note:  the risk of booting another OS from a USB device can be mitigated by fixing the boot order and password-protecting the BIOS.  How much protection this offers though is still questionable if you cannot physically secure the machine.  You might want to look at full disk encryption (sometimes called On-The-Fly encryption) which should help further mitigate the risk of physical tampering.

I am afraid at the end of the day you have to make a choice between security, convenience and cost.  
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.