Q

Viruses transmitted via USB ports

I feel Mr. Stewart's USB virus tip is OK, but wouldn't the infected file be picked up on the user's work PC as soon as the infected file is opened? Having a standalone PC can be done at small locations but is not feasable at larger ones. Turning off USB ports is taking a step backwards in the fight against viruses. Many have PDA's connected to their PC's by USB. What's next -- serial connections?

Security is always a compromise between functionality and protection. While technically it is correct to say that if a file is copied over from an USB drive to a PC drive it should be inspected by the real-time virus scanner, this does not take into account the fact that these USD drives can be used as another drive, and infected programs can be executed from them.

It is the same situation as a ZIP, Jazz, floppy diskette, CD or any other removable media -- all can carry infected files, and these infected files should be inspected by the virus scanner. It is not uncommon for new media to be ignored by the virus scanners for a while -- they might require a tweaking to the detection scheme (usually not dependent upon the file-handling system that Explorer will use.)

Turning off the USB ports on sensitive machines is the same as removing the CD drives and floppy drives -- judge the risk and act appropriately.


For more information on this topic, visit these other SearchSecurity.com resources:
Virus Prevention Tip: USB: The new virus infection pathway
Tech Tip: Key chain data thieves
Best Web Links: Malware


This was first published in November 2002

Dig deeper on Malware, Viruses, Trojans and Spyware

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close