The idea of a USB Intrusion Prevention System is a portable program that would automatically block any attempt to modify your USB and ask for confirmation.
The write-protect module would make the USB read-only. No need to bring the actual software, but may be needed to remove write-protection, or maybe simply asking for a password should modifications be made.
These were brewed up after an incredibly frustrating encounter with a flash disk virus (although it also affects the host. see here).
I am not sure why there is another request… and why Comodo should develop what is already exists and working?
As soon as we “discovered” in the referred thread that you are talking about write-protection
there were several advices
Usually any USB devices currently coming either with hardware or Software write-protection
In addition you can find existing free ones
Just search for “how to write protect USB devices”
You will find a lot, or you can use known Registry hack in order to disable writing into any USB device ( again - it's a matter of quick googling)
Anyway again, most of contemporary USBs have either hardware/physical write protect switch or coming with its own password protection/encryption Software
If not, here is the Reg setting mentioned [url=http://www.ghacks.net/2009/04/03/usb-flash-drive-write-protection/]USB Flash Drive Write Protection[/url]
If you are visiting PC in question have a CD with the script to set that;
Only after that plug in your USB;
Reset back if you want after you've finished & the device was unplugged
a side note: needless to say – if you are going to unknown place with you presentations and alike basically you may consider CD/DVD rather that your beloved USB
… sure unless you cannot fit all and need like 64GB & more of files at the same time
but then there are External Hard drives. Those have jumpers for write protection
Then keep in mind again that you are talking about the computer that is already infected.
What it has to do with Comodo anyway?
That is an alien computer – any! Comodo may not be installed there
And even if you are talking about the PC where Comodo is installed … basically it doesn’t matter since as you said any security can miss it due to alleged modification of the alleged virus.
… and so on … that was my pessimistic comment since I don’t see how this “new Software” will work better then existing ones and how that may help any PC that already infected whether it has Comodo installed or not
So, my vote will be No
actually you asked a question “Would you like comodo to develop?..”
and there is just a list, which imply “Yes”(es)
Does “Others” means "other Software? - that is still “Yes”
Where is “No”? … well I used “Others” for that … but I think that you can add the item for “No” otherwise that’s ambiguous
I voted for “USB Intrusion Prevention System” as IMO it’s a far better option than write-protecting a usb stick. Such a program could run from a thumbdrive and monitor everything that would attempt to get onto the device and therefore (possibly) limit the spread of malware and save you a lot of headache. What I’m thinking about is something like D+, something that could tell you: “The file abc is behaving suspiciously and wants to copy itself onto your thumbdrive. Do you want it to proceed?”. I think that would be useful, especially when you’d want to run a portable program like a browser from your usb flash drive while using a computer you don’t know if it’s safe or not (in an internet cafe, for example).
Hi Silent Assassin ,
Unfortunately that is not workable idea as far as I can see it.
See some remarks above regarding bringing your USB to the alien PC, where Autoruns are in place and/or already infected PCs.
Before you will be able to run such Software “from your USB” - your device (rather data, which was a main concern expressed by spainach_12) will be affected … and so on & so forth.
So the best way is to use existing working measures
Then, it takes much more to control running “other and any” programs (rather and more strictly - any executable code placed into the memory) and intercept their actions as Defenes+ or Behavioral Blockers do. You cannot do that just by running “a program” (expressing this in popular, simple terms). Therefore you cannot “monitor everything”
Well, judging from your post I presume that you know what you’re talking about and therefore I’m not going to argue with you as I don’t have the technical expertise you probably have.
I think that Drive Sentry has something like the type of a program I mentioned in my previous post, I’m not sure how it works exactly, though. It seems, however, that it executes from a removable media when it’s plugged into a computer in order to keep it safe from malware.
Well, judging from your post I presume that you know what you're talking about
I don't have the technical expertise you probably have
SiberLynx DOES have the technical knowledge :) maybe has a little too much knowledge. :-La
I voted for "USB Intrusion Prevention System"
it kind of sounds like it's leaning towards a firewall for a USB. Hell Yeah. :) But that will never happen. That would be like having it's very own Intrusion Prevention System for your drivers <---something like that
I will eventually find out where you are and kick your ■■■
Exactly ! and that’s what I was going to post as a reply … I was just thinking too much about how to put as simple as possible
You may find some topics about “portable Firewall” here and a concept of “portable Apps.” as a whole
That’s what I meant, since “monitoring Defence+ alike” was mentioned.
You need to work on a deep system level in order to achieve that power
You may need driver(s)/devices/hooking on a kernel level (x64 platform is a special pathetic case, thanks to Litte&Soft)/services/ etc. being installed.
You cannot do that, not technically, but rather you have no rights to, speaking of portable devices. If you do something like that - that would be unacceptable interference regarding the alien computer(s) you are working with, which may have a severe impact and ill implications on a system … when you disconnect your device and leave
I have a theory that i am practicing currently with my usb (Mind you that my usb contains the OS i’m using now and everything else i have)
I think it would be slightly more secure using a different filesystem on the usb (i’m talking about ext3/4 Btrfs2) Most windows virus’s can only recognize/run on ntfs/fat family filesystems,
if you insert a ext3 formatted usb you won’t be able to use it correct? this is where a file manager would come in handy, but not just some sloppy put together file manager, because the file manager would be also located on the usb (As current i have on mine), in a UDF format space (to act like a cd) and simply you just run the file manager.
Then the swapping of data would be operated by the file manager;
Theoreticaly, No need to worry about infecting your usb (vice versa) - If the file manager is built securely.
No Passwords to remember,
It’s easier to insert a live-cd into a system and boot a linux distro and recover your data on your usb rather than
giving your usb to a tech so he can decrypt it for you forcefully.
Technically only worry you would have, if you physically break your USB Drive, or
Virus’s have enabled them selves with the format permission and format the usb but this statement is a whole other paragraph but Can be prevented!
Yeah…well…none of these work anymore. Seeing as that there is no other reasonably hassle-free solution available, I guess I might as well close this poll. Anyway, thank you to all those who took their time to vote and comment. I appreciate the help, I guess. I found a solution, but it takes too much time. If any of you guys experience this, pm me if you need any advice.