Bitdefender USB Immunizer, Protect Removable Drives To Autorun-Based Attacks
Back in the days of the floppy drive, disks where the most common way of spreading viruses and malware. The Internet has taken over, and floppy drives are long gone.
They have been replaced by removable drives and optical discs, which are also capable of spreading malware, and while they are not the number one attack vector anymore, they still pose a threat.
Autorun attacks, like that by the Stuxnet worm, have become a common attack form. That common, that Microsoft has started to patch the autorun functionality in Windows.
Panda Security released USB Vaccine a while ago which offered to vaccinate a computer or USB drive to protect the computer from autorun based attacks.
Bitdefender, another popular security developer, has now released a similar program called Bitdefender Immunizer.
The program offers the same functionality as Panda USB Vaccine. Users can either immunize the computer as a whole, or immunize a connected removable drive.
The product page describes what happens if you immunize an USB drive:
The Immunize option allows you to immunize your USB storage device or SD card against infections with autorun-based malware. Even if your storage device has been plugged into an infected computer, the piece of malware will be unable to create its autorun.inf file, thus annihilating any chance of auto-launching itself.
This basically blocks the creation of autorun.inf files on immunized USB devices.
The computer immunization has the following effect:
The Immunize Computer slider allows you to toggle the autorun feature On or Off for any removable media (except for CD/DVD-ROM devices). If you accidentally plug in an infected USB drive that has not been immunized, the computer will not auto-execute the piece of malware located on the USB storage device.
The security patch linked above seems to have the same effect as the Immunize Computer option.
It has to be noted that immunizing removable devices or computers does not protect the system if the user executes malicious software on the device or computer manually. It only protects against autorun-based attack forms that require no user interaction.
Interested users can download USB Immunizer from the Bitdefender Labs website.
Update: Bastik has posted his findings in the comments, they are important and need to be mentioned in the article. Thanks Bastik for the helpful insight.
The tool does not offer to remove the protection from drives that it has immunized. To unprotect a drive you need to display hidden files in Windows and hidden system files. This can be done via Tools > Folder Options > View in Windows Explorer. You then need to delete the folder autorun.ini on the drive.
The tool displays an email prompt on exit with no apparent option to close it. Just click the ok button without entering an email address to close the program for good.Advertisement