LebGeeks

Tigerheart.Hackers

Member

USB Scripts

We've all seen this before. You plug your flash memory on some PC, you bring it back home, and BAM... You have a script running on your PC, messing up your registry. Suddenly, double-clicking on a partition won't open it right; your folder options are gone or settings cannot be applied successfully; Your RAM usage is high, and in some cases, physically damaged hard drives (seriously). What are you precautionary measures for opening up a flash memory without getting infected? Some people tried the "right-click open" and "right-click explore" for a while, but then came the new Brontox, eliminating all those chances. Some methods still work, like punching in the flash drive's letter inside the address bar, or simply picking the drive letter from the scroll-down menu. But supposing someone else uses your PC, someone with way less experience. What do you do? More importantly, what do you do if it's already there?

Last edited by Tigerheart.Hackers (May 10 2008)

geek

Member

Re: USB Scripts

get an anti-[virus|malware|spyware|adware|...] :rolleyes:?

nuclearcat

Member

Re: USB Scripts

Keyword: autorun.inf
Disable it, and it will not infect ur computer... and search for similar things - and disable 'em.

samer

Admin

Re: USB Scripts

When I used XP, I had two accounts. One for admin tasks and a very limited one called " user ".
When i needed to install a program I used "Run As ".

Anyway,
For 'user', disable all changes to the registry and other methods to register at startup.
This method isn't fool-proof as they can still use some local exploit to escalate their privileges,
for that i suggest employing sand boxing methods, but then again, would that be worth the hassle?

Also, like Nuc suggested, disable autorun..

rolf

Member

Re: USB Scripts

When I used XP, I had two accounts. One for admin tasks and a very limited one called " user ".
When i needed to install a program I used "Run As ".

Anyway,
For 'user', disable all changes to the registry and other methods to register at startup.
This method isn't fool-proof as they can still use some local exploit to escalate their privileges,
for that i suggest employing sand boxing methods, but then again, would that be worth the hassle?

Also, like Nuc suggested, disable autorun..

Vista is configured like that by default.
I normally use a macbook... I installed vista, and a friend online wanted to play some msn game with me, so i had to click yes to a bunch of warning boxes, next thing I know ie is infected and opens 5 tabs every time i launch it. And that was just a couple of hours after installing vista!!!

They need a new OS design... like every program must have his own data directory and is only allowed to write there...and never every, even during installation, has write access to any other part of the system... and bho's (ie plugins) shouldnt be allowed to modify ie as they please...this system could be better designed... that can be fixed though if they think the whole system over from the bottom...

Note that osx is not really that much better designed... it is better, sure, but the main reason for which there is no spyware adware on osx is lower market penetration.

Last edited by rolf (May 14 2008)

samer

Admin

Re: USB Scripts

but the main reason for which there is no spyware adware on osx is lower market penetration.

This point is arguable. While lower market penetration surely helps, I think it's the solid UNIX foundation that makes it less vulnerable. All you is need is some common sense and perpetual paranoia ;)

rolf

Member

Re: USB Scripts

Yeah you may be right... it's probably a bit of both.
You're right about common sense... I thought about it for a while, and no OS feature can actually replace user common sense... like for example if the user downloads a chess game, copies it to the application folder, double clicks on it and it asks for admin password... and he enters it  then frankly there's nothing that can be done in this case... :) maybe antiviruses can help here.. but all want to avoid antiviruses.
On the other hand some apps have installers that ask for admin login... other app ask for admin login to start servers and do other tasks....
What i think could be done to improve the security of current systems:
- Every app will have it's own data directory, and cannot access user documents. For example if you run app XYZ, the system will create a folder /User/username/library/XYZ and the app can only read and write to this folder. Currently apps can read and write to all of the users data. The exception will be when the app wants to read and write from/to a file that is on the Desktop for example. In this case it can do so, but only through the Open and Save dialog provided by the OS.
- A plugin architecture for the OS... everything is a plugin...
- User will be give more info when asked admin password... for example "This program wants to access port 80" or  "This program wants to modify your system" with a "More" button where the user can exactly see what files are being copied.

Last edited by rolf (May 16 2008)

samer

Admin

Re: USB Scripts

<off-topic>

@Rolf: on your macbook, before installing an application that requires admin credentials, read well about it.
Also, make sure you enable the Firewall (disabled by default, oh my!) and get a nice little app called Little Snitch. It's an outbound firewall that will notify you when an application tries to establish a connection with a third party.

</off-topic>

mir

Member

Re: USB Scripts

perpetual paranoia + common sense : ditto

well I think someone from the TigerHeart has some kinda solution that he wants to tell us about
i know the Nabs has been working on something  ...  fa yalla bi2 l ba7sa ya Nabs and tell

Tigerheart.Hackers

Member

Re: USB Scripts

Moi? I'm clueless. But you seem to know something about this, so, enlighten us if you may!

mir

Member

Re: USB Scripts

Toi ? ah.. sorry kint mday3a (if u don't wanna say anything about the "compiled" version)

otherwise... what is the point of your post  i thought u were trying to tell lebgeeks something ... my bad