Ask the Expert

Viruses transmitted via USB ports

I feel Mr. Stewart's USB virus tip is OK, but wouldn't the infected file be picked up on the user's work PC as soon as the infected file is opened? Having a standalone PC can be done at small locations but is not feasable at larger ones. Turning off USB ports is taking a step backwards in the fight against viruses. Many have PDA's connected to their PC's by USB. What's next -- serial connections?

    Requires Free Membership to View

Security is always a compromise between functionality and protection. While technically it is correct to say that if a file is copied over from an USB drive to a PC drive it should be inspected by the real-time virus scanner, this does not take into account the fact that these USD drives can be used as another drive, and infected programs can be executed from them.

It is the same situation as a ZIP, Jazz, floppy diskette, CD or any other removable media -- all can carry infected files, and these infected files should be inspected by the virus scanner. It is not uncommon for new media to be ignored by the virus scanners for a while -- they might require a tweaking to the detection scheme (usually not dependent upon the file-handling system that Explorer will use.)

Turning off the USB ports on sensitive machines is the same as removing the CD drives and floppy drives -- judge the risk and act appropriately.


For more information on this topic, visit these other SearchSecurity.com resources:
Virus Prevention Tip: USB: The new virus infection pathway
Tech Tip: Key chain data thieves
Best Web Links: Malware


This was first published in November 2002

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: