Do U know about U3?
| Monday, April 16, 2007 | SHA-1 |
U3 is an open-standard allowing for application portability. Sounds great doesn't it? Don't just take your data from computer to computer. Now take the whole application itself. No need to sit through a long install process on a shared PC. No more tweaking application settings in multiple places. What could possibly go wrong?
Enter our old friend, the Windows auto-run feature. By manipulating USB sticks using the U3 technology, some intelligent folks were able to bypass previous roadblocks to USB attacks based on auto-run. The solution? Turn it off.
- Enable or Disable Automatically Running CD-ROMs
- Select the Drive Types to Start Automatically
It is always safer to disable auto-run for as many devices as possible. For all devices, do the following in Windows 2000/XP/2003:
HKEY_LOCAL_MACHINE\Software
Configuring this registry key will not prevent all U3 attacks. Some basic social engineering could easily result in a user executing malicious code on a USB stick planted in a variety of locations. If you are waiting for the registry key to prevent this, I wouldn't hold your breath. Educating your users is the best defense.
[USB Stewie from Urban Outfitters.com]
And especially with the new crop of large USB sticks that are on store shelves, you can have an amazing array of malicious attacks (heck, even whole operating systems) on your keychain.
Witness the 4GB for $20 Christmas Gift!
how will disabling auto-run
prevent shell-execute from kicking
in the instant the drive is "explored" ?