+ Post New Thread
Page 2 of 2 FirstFirst 12
Results 16 to 25 of 25
Hardware Thread, USB Memory Sticks with hidden virtual CD partitions (U3 Drives?) in Technical; Originally Posted by flyinghaggis ... When connecting them to a PC the USB stick autoruns and windows detects it as ...
  1. #16

    Join Date
    Jan 2009
    Location
    Sheffield
    Posts
    4
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    U3 and Autorun / Disabling USB ports

    Quote Originally Posted by flyinghaggis View Post
    ... When connecting them to a PC the USB stick autoruns and windows detects it as a virtual CD drive which launches an app (often a Menu or a promo screen) from an .exe file and them mounts the USB data partition.

    What's really worrying is that despite us having autorun turned off for users and Windows GP file path restrictions in place to stop executables running from removable drives the way these sticks emulate a CD drive seems to bypass this....
    Been discussing this with a colleague and wonder if the U3 or similar drive managed to install it's launcher on the PC - so that it ws able to run later - and appeared (to XP) to be running from the PC rather than the drive? Just a thought - as I can't see any way that it can get booted up without Autorun. (I've designed numerous applications over the last few years to make startup as easy as possible from removables but without 'injecting' a launcher or autorun I still can't see a way it can be done).

    On the vexed question of USB and security - as you may know this is our speciality - so again I will try to tread carefully. Please tell me if you dont find this helpful and I will desist straight away!

    I know it's not easy to preserve a good level of security and keep the convenience and flexibility of allowing removable memory devices to be used. As Geoff says there are a lot of considerations and some real 'gotchas'.

    The reason we have concentrated a lot of developement on this area is that there seems to be many schools - a majority of schools as far as I can tell - who want or need both.

    We have achieved this in numerous schools over the last three years or so but again as Geoff points out the problems are becoming more complex as the BECTA requirements etc require higher security and Impact Level labelling etc. making the problems very different when a student / pupil is logged in from when a staff member is.

    In the latter case the prime need (in my understanding) is to enure that data leaving is encrypted and is auditable (and that everyone knows that) - while with the pupils it's principally to prevent the kind of problems we've been discussing here (exes / autorun etc) and the bringing in - or taking out - of MP3s and other copyright stuff.

    It seems to me that every school is a little (or a lot) different in its needs and emphasis - and I'm constantly amazed at the diversity!

    You will no doubt have gathered that we have not given up on the quest (for the best of both worlds) - far from it. But I am keen to know what the key people on the frontline are thinking and how they plan to meet these challenges.

    Not sure I can help with arguments to persuade SMT to up the Araldite budget (kidding) but otherwise I might be able to help a bit here and there!

  2. #17

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,802
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224
    Quote Originally Posted by flyinghaggis View Post
    How'd you manage to convince SMT to allow you block all USB devices! Do you just block it on pupil PCs or for staff aswell?
    It's the status quo. Way back when we removed floppy/CD drives. It's just a continuation of that policy.

    Generally it's disabled in the bios apart from select PCs (Offices/Staffroom). Basically anywhere there isn't going to be unsupervised pupils.

  3. #18

    ZeroHour's Avatar
    Join Date
    Dec 2005
    Location
    Edinburgh, Scotland
    Posts
    5,631
    Thank Post
    890
    Thanked 1,314 Times in 798 Posts
    Blog Entries
    1
    Rep Power
    441
    One thing to try, make a blacklist hash of the autorun.inf exe it calls.
    I have a u3 stick so when I get back we can see if the hash blocks it or if each stick/manufacturer has a custom build of the exe.

  4. #19

    Join Date
    Jun 2008
    Location
    Kensington, London
    Posts
    372
    Thank Post
    59
    Thanked 36 Times in 32 Posts
    Rep Power
    31
    The 'official' U3 removal is here Bring the power of portable software to your USB flash drive - make it a U3 smart drive!

    We actually intentionally gave out USB sticks this year to our students that were formatted in this way - it means that I know they have and can't delete certain information [forms, handbooks, etc] (and as a bonus to them they have storage space for their academic work)

  5. Thanks to nadeem from:

    RabbieBurns (31st January 2009)

  6. #20

    Join Date
    Oct 2008
    Posts
    67
    Thank Post
    1
    Thanked 9 Times in 6 Posts
    Rep Power
    13
    Latest Sophos Anti-virus has Application Control which stops all kinds of Nasties like this. Works very well, judging by the reports I get from Sophos. Stops all these U3 type fiddles, games, iTunes, media players... and more!!

    7&

  7. #21

    RabbieBurns's Avatar
    Join Date
    Apr 2008
    Location
    Sydney
    Posts
    5,512
    Thank Post
    1,320
    Thanked 469 Times in 306 Posts
    Blog Entries
    6
    Rep Power
    199
    Quote Originally Posted by nadeem View Post
    The 'official' U3 removal is here Bring the power of portable software to your USB flash drive - make it a U3 smart drive!

    We actually intentionally gave out USB sticks this year to our students that were formatted in this way - it means that I know they have and can't delete certain information [forms, handbooks, etc] (and as a bonus to them they have storage space for their academic work)
    Removed from my pen drive perfectly.. Thanks

  8. #22

    synaesthesia's Avatar
    Join Date
    Jan 2009
    Location
    Northamptonshire
    Posts
    5,846
    Thank Post
    570
    Thanked 994 Times in 766 Posts
    Blog Entries
    15
    Rep Power
    460
    Slightly off topic but this could also be a bit of a security issue with the Conficker infection doing the rounds at the moment. The partition and autorunning program may well be read only but I'd be a little worried that variations of this worm may be able to make use of that.

  9. #23

    mac_shinobi's Avatar
    Join Date
    Aug 2005
    Posts
    9,680
    Thank Post
    3,211
    Thanked 1,031 Times in 956 Posts
    Rep Power
    361

    usb dlm ?

    couldn't you use usbdlm to block all other drive letters except one that can be used for the usb memory stick in conjunction with ( assuming you have R2 ) to block autorun.info and exe's ( either or - or just both ) on the memory stick ( which you know will always load as that drive letter ( which you configured / set earlier using the usbdlm inf file ) due to usbdlm.

  10. #24

    Join Date
    Jan 2011
    Posts
    1
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Sorry to drag up an old thread...

    Quote Originally Posted by Sirbendy View Post
    google for U3 removers...I do it to staff ones on demand, and I've removed it from my own.

    Bloody annoying thing it is.
    Actually no, it's people like you who buy it assuming its a normal flash drive who are annoying. U3's autoplay ability is excellent but people like you who buy it in a packet with the U3 logo never actually understood what it is. Then you're the first to moan about it and the next thing you know so is everyone else. Sandisk then get feedback that U3 is not popular and scrap it.

    The potential of it was huge but because people like you didn't understand what you were buying it's been dumped.

    For those moaning about the security aspects, its no more dangerous than a CD-rom that hasn't been completely disabled (and if you disabled it then why even have it in the machine?).

    As someone said on page 2, they handed them to students so they could know for sure that students had copies of documents. This technology also had other uses - such as onboard storage of drivers for USB devices. It would have eliminated the need for M$ to have to include thousands of drivers with every version of Windows and then bloating your hard drive.

    Didn't think about that last one huh.

    I have a tool kit for those who wish to remove their U3 partitions - pm me your email and I'll be in touch. You can also install your own .iso images to the virtual CD too (which is just as dangerous as burning a CD before anyone comments).

  11. #25

    SimpleSi's Avatar
    Join Date
    Jun 2005
    Location
    Lancashire
    Posts
    5,782
    Thank Post
    1,469
    Thanked 591 Times in 443 Posts
    Rep Power
    168
    Sorry to drag up an old thread...
    Its not a problem that you've dragged up an old thread.

    Its your attitude it that's the problem.

    If the subject was currrent then maybe some of your comments would be relevent and useful.

    But the subject isn't current and your remarks aren't.

    regards

    Simon

SHARE:
+ Post New Thread
Page 2 of 2 FirstFirst 12

Similar Threads

  1. USB Memory Sticks Not Detected
    By CHR1S in forum Hardware
    Replies: 3
    Last Post: 4th January 2012, 09:09 PM
  2. I need a load of memory sticks
    By Little-Miss in forum General Chat
    Replies: 52
    Last Post: 21st January 2009, 12:14 PM
  3. I need 1000 Memory Sticks (512Mb) Help!
    By ICTNUT in forum Hardware
    Replies: 11
    Last Post: 18th July 2008, 01:19 PM
  4. Replies: 16
    Last Post: 3rd December 2007, 08:08 PM
  5. USB Memory sticks not showing in My Computer
    By firefox_2006 in forum Hardware
    Replies: 13
    Last Post: 22nd June 2007, 02:45 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •