I feel Mr. Stewart's USB virus tip is OK, but wouldn't the infected file be picked up on the user's work PC as soon as the infected file is opened? Having a standalone PC can be done at small locations but is not feasable at larger ones. Turning off USB ports is taking a step backwards in the fight against viruses. Many have PDA's connected to their PC's by USB. What's next -- serial connections?
Security is always a compromise between functionality and protection. While technically it is correct to say that if a file is copied over from an USB drive to a PC drive it should be inspected by the real-time virus scanner, this does not take into account the fact that these USD drives can be used as another drive, and infected programs can be executed from them.
It is the same situation as a ZIP, Jazz, floppy diskette, CD or any other removable media -- all can carry infected files, and these infected files should be inspected by the virus scanner. It is not uncommon for new media to be ignored by the virus scanners for a while -- they might require a tweaking to the detection scheme (usually not dependent upon the file-handling system that Explorer will use.)
Turning off the USB ports on sensitive machines is the same as removing the CD drives and floppy drives -- judge the risk and act appropriately.
For more information on this topic, visit these other SearchSecurity.com resources:
Virus Prevention Tip: USB: The new virus infection pathway
Tech Tip: Key chain data thieves
Best Web Links: Malware