When a USB stick is connected to a PC the Windows operating system enumerates the device. In simple terms, this means Windows will check to see what type of device was just connected, a HID device, Mass Storage Devicet etc, it will also check the speed of the device.
During the enumeration process some registry entries are made into the Windows registry…this is where a hacker could get into your system and take control. This is the update Microsoft issues earlier this week to fix the security flaw.
Since the vulnerability is triggered during USB enumeration, no user intervention is required. In fact, the vulnerability can be triggered when the workstation is locked or when no user is logged in, making this an unauthenticated elevation of privilege for an attacker with casual physical access to the machine. Other software that enables low-level pass-through of USB device enumeration may open additional avenues of exploitation that do not require direct physical access to the system.
So be sure to update your PC with the update notification comes through – it’s in your best interest.
Full Microsoft article
Here is a great tool for cleaning Windows Registry of USB drive entries. The program runs in the Windows console and removes all devices that are not currently connected.
To clean up the Windows registry of a USB flash drive, or other USB devices can make your system boot faster and run faster.
For example, each time you connect a USB printer to a different USB port on your PC there are registry entries made which associate the device with the drivers. Windows is trying to be smart and log this information so the next time you connect the device, Windows will know exactly what to do. Meaning when you connect the printer a second time, you don’t see the balloon from Windows saying “Installing Brother driver” or something, it’s just connected and ready to go.
But, for example, lets say you connect your Nikon camera to your PC and you use a different USB port each time, now you have a bunch of registry entries that can make your PC boot slower, run slower or possible give you trouble with that external device.
With all this said, if you are having trouble with a USB drive, or a USB camera, printer or scanner, the first thing you’ll probably want to do is run this Windows registry cleaner utility. Good chance it will solve your problems.
WinXP / Vista / Win7
Writes settings to:
Does not write files to host computer
How to extract:
Download the ZIP package and extract to a folder of your choice. Launch drivecleanup.exe either in the ‘Win32’ folder or ‘x64’ folder.
ComputerWorld did a nice write up about the IronKey Workspace product for Windows 8 operating system.
Read the full article here.
“IronKey storage devices have also been validated by the National Institute of Standards and Technology (NIST) to meet the stringent Level 3 criteria of FIPS 140-2. Combined with the cloud -based IronKey Enterprise Management Service, data security can be managed and audited from anywhere in the world. The IronKey Workspace flash drive, however, is not FIPS-certified.”
The IronKey will boot from any PC or Mac computer. Boots in about 35 seconds but has an initial configuration time of about 4 minutes.
Nexcopy has released a USB Copy Protection solution for those who need to share files, but without giving the “receiver” full ability to copy and re-distribute.
The great thing about a USB flash drive is file sharing. They are great for copy and saving and taking files on the road. This same convenience factor also makes it very difficult to have Digital Rights Management as well. With Nexcopy’s USB Copy Protection, it’s not difficult any longer!
First, lets explain the difference between write protection and USB copy protection. Some thing it’s the same, but it’s not.
USB write protection [also called data lock] means the files cannot be deleted off the drive…it also means files cannot be added to the drive. But you can still copy the files off the drive to your desktop or hard drive.
USB copy protection provides the same functionality as write protection, but in addition, does not allow
Microsoft has made available a new version of “Defender” to ride infected computers of malware, including rootkits which highjack your boot process and corrupt your computer.
The “Defender Offline Beta” is available from Microsoft for free [here] and does require updates as virus definitions are always changing.
Definitions are files that provide an encyclopedia of potential software threats. Because new threats appear daily, it’s important to always have the most up-to-date definitions installed in Windows Defender Offline Beta. Armed with definition files, Windows Defender Offline Beta can detect malicious and potentially unwanted software, and then notify you of the risks.
The Redmond company suggests you make a USB drive with the Defender Offline Beta software from a PC which is not infected. Doing so on a corrupted computer could interfere with the USB and yield the Microsoft tool useless.
To use Windows Defender Offline Beta, you need to follow four basic steps:
In a mad rush, I’ve logged off my computer, shut down the PC and ran out the door. All the while with my USB stick still connected. The USB stick with all my photo’s, portable applications and the exe file I promised to give my neighbor. Getting home, I reach for my flash drive in pocket, and oh Sh1t it isn’t there.
Or some of you may be using USB’s to boot from so there is boot strap code on the device. If the USB is connected during bootup of your PC, you can get an error message…and for a non-tech person [wife or girlfriend] they may think their computer has crashed.
The only way around all this stuff is making sure to pull the USB out of your computer.
With USB Guard this is exactly what it does, reminds you a USB flashdrive is connected before you log off, or power down the PC.
You can also flag USB hard drives so they too are never forgotten.