Wednesday 8 April 2009

How to secure your PC from autostart/autorun viruses on flash

Introduction

This article has been inspired after reading of the another article devoted to mounted disks within Windows XP. To know details follow the link. Here i will briefly explain essentials from that article and will demonstrate how this feature can be applied for the subject. Of course, do not need to accept these instructions with high seriousness.
Mounted disk is disk that is mapped to an empty folder on another disk. So we can map some disk to an arbitrary folder and use it like extened space of the hosted disk. If you remember this feature has existed in the UNIX-world for the long time. To be closer to the UNIX-world even we can de-assign a letter for this disk and use it only via an access to the mapped folder.

Step-by-step procedure

Ok. Let's try this new feature. First of all let's consider that your system uses the F: letter for USB flash.
  1. Insert any flash drive into the USB port of you PC;
  2. Follow this path Start :: Settings :: Control Panel :: Administrative Tools :: Computer Management and open in the left-side window Disk Management;
  3. In the right-lower-side window find the inserted flash image and right-click on it;
  4. Select the command Change Drive Letter and Paths... from the popup context menu;
  5. Click on the button Add...;
  6. Select the item Mount in the following empty NTFS folder: and specify existing path in the input below (e.g.: C:\mounts\F);
  7. Click on the button OK;
  8. In the previous window you will see two items in the list:
    • System assigned default letter (e.g.: F:);
    • Folder assigned by you for this drive (C:\mounts\F);
  9. Remove the first mentioned item from the list selecting this item and clicking on the button Remove. Do not panic about the popup dialog box - just confirm it clicking on the OK button.

... there and back again

Ok. After accomplish all these steps you will lost drive F:. Now the content of this flash can be available via assigned path C:\mounts\F. Follow this path and find the content of the flash there. So, you can see that this works.
Logical question can be arisen. What about if i will remove this flash from the computer? I can suggest you try this. Maybe you will confused that the system will inform you that the C:\mounts\F folder is unavailable. Yes, of course. Since this moment this folder is used by the system and you can not use it as usual folder.
Now i suggest you to insert the flash into PC again. You will surprised that the system will inform you with the typical sound about a new device. But the usual popup window with the list of available choices will not be opened! Also autostart launchers will not start!

Shortcomings and troubleshooting

Yes. This new feature has at least two big shortcomings:
  • You lost possibility to format your flash;
  • You have to get access to the content via long path instead of short letter.
The first one can not be solved, but you have a possibility to remove the whole content. And let's remember how often we format the flash?
The second one can be solved mapping of the folder C:\mounts\F on the letter F: again. After executing the command SUBST F: C:\mounts\F you will get the drive F: back.

Conclusion

You have a choice - comfortable and unsecure or uncomfortable but secure.
Of course this way of security looks like a dantist job via rectum. But in any case i use standard possibilities of Windows - when inserting a flash i hold the Shift key on the keyboard. Easy and simple!

No comments:

Post a Comment