We've known for a long time that viruses will use any and every possible communication pathway to gain access to a computer system. To aid in preventing infections we've deployed scanning software to scan local hard drives, network transmissions and even e-mail. However, there may be a new means of transference that is easily overlooked.
USB storage devices have quickly gained popularity. There are several types of USB storage devices. They range from key-fob sized clips that can store eight to 256 MB of data on a built-in flash-memory chip, to external portable hard drives that can host 120GB of data. Even the portable music players that store audio files in flash memory or a hard drive can be used to store non-audio data files and serve as storage transfer devices.
The issue is not that USB storage devices are really anything new. They either use a form of flash memory or a small hard drive to store data. The issue is that removable media drives may not be included by default in the drive selections of antivirus scanning tools. Furthermore, it is harder to manage the movements and usages of portable USB storage devices, especially those that are small enough to fit inside a pocket or the palm of your hand. Just as with floppies or CD-R/CD-RWs brought in from external sources, USB storage devices can be host to viruses, Trojans, hacker toolkits, worms, logic bombs or other forms of malicious code with or without the knowledge of the user.
So, how does one protect against viruses borne on USB devices? Well, here are my suggestions.
- Implement a security policy that no external storage devices of any kind can be connected to the network or any client on the network until it has been scanned and purged of all malicious content. This will typically require a dedicated stand-alone system to be used as the scanning station.
- Configure antivirus software to scan all locally connected storage devices, especially removable media. Also, the antivirus scanner should watch the system's RAM for any virus-like activity.
- Consider disabling USB support on systems within environments where security is a top priority. Loosing the functionality and convenience of USB devices is well worth the cost in comparison to a serious virus infection, sensitive data disclosure or system corruption.
About the author
James Michael Stewart is a researcher and writer for Lanwrights, Inc.
This was first published in September 2002