While the utility of pen drives cannot be undermined, they have become an easy ride for viruses and worms to spread from one computer to another and create mayhem. I have no idea how people manage to catch these exotic species … 9 out of 10 pen drives that I plug into my computer carry viruses. The biggest threat to my computer is not Internet and email but pen drives.
Most pen drive viruses infect by executing itself the moment the pen drive is inserted into the PC. They do it by creating an autorun.ini file that is configured to run these viruses. So the first line of defense is to prevent the execution of the autorun.ini file. Here are two software that does it.
USB Firewall runs silently in the background and alerts you immediately in case of an intrusion attempt. The application detects whenever any program tries to launch itself via the autorun.ini file and informs you. You can then remove the autorun.ini file along with the malicious files before they have the chance to infect the PC.
USB Firewall is not an anti-virus application and cannot distinguish between malicious and legitimate files. It just prevents the auto play of pen drives and the files on it. However, in most cases an autorun file on a pen drive is a sure sign of a virus, unless the owner has created it himself for some added functionality. Also, the pen drive may still contain infected files not configured to autorun but waiting for the user to execute. You need to have an anti-virus application guarding your PC to prevent such infection.
Another application similar to USB Firewall is iKill. iKill scans removable drives for the presence of the autorun.ini file. If found, it parses the autorun.inf file for the executables it may run and if AutoProtect is enabled, it automatically delete the files present on the drive. Otherwise, you will be asked if you want the suspected files deleted.
In case, you want to completely disable the auto run feature in Windows, this is how to do it.
- Go to Start> Run and type gpedit.msc to launch the Group Policy editor.
- Select ‘Computer configuration’ from the left tree and then go to Administrative Tempates>System
- In the right panel look for ‘Turn off Autoplay’. Double click on it and select ‘Enabled’ and then select 'all drives'.