USB Drive - Forced Start under SBIE or Disable Autorun?

View previous topic View next topic Go down

USB Drive - Forced Start under SBIE or Disable Autorun?

Post by Scoobs72 on 31/12/2010, 01:04

I currently have all USB drives forced to open under SBIE. However, I also have autorun disabled via the registry. Given Autorun is disabled is there any added value in using SBIE for my USB drives? My first thoughts are no...but is there something I'm not considering? Thx.

Scoobs72
Member
Member

Posts : 28
Join date : 2010-11-05

View user profile

Back to top Go down

Re: USB Drive - Forced Start under SBIE or Disable Autorun?

Post by ssj100 on 31/12/2010, 01:17

From a security point of view, I don't think there is any added value in force sandboxing your USB drives.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: USB Drive - Forced Start under SBIE or Disable Autorun?

Post by p2u on 31/12/2010, 01:46

Scoobs72 wrote:However, I also have autorun disabled via the registry.
Depends on exactly how you disabled Autorun. Microsoft's implementation of disabling something is far from perfect, you know. I'd like to hear some more details.

Paul

p2u
Valued Member
Valued Member

Posts : 211
Join date : 2010-12-14

View user profile

Back to top Go down

Re: USB Drive - Forced Start under SBIE or Disable Autorun?

Post by Scoobs72 on 31/12/2010, 04:05

Thanks guys. I'm using this method for disabling autorun:

http://antivirus.about.com/od/securitytips/ht/autorun.htm


Scoobs72
Member
Member

Posts : 28
Join date : 2010-11-05

View user profile

Back to top Go down

Re: USB Drive - Forced Start under SBIE or Disable Autorun?

Post by p2u on 31/12/2010, 12:18

Scoobs72 wrote:Thanks guys. I'm using this method for disabling autorun:

http://antivirus.about.com/od/securitytips/ht/autorun.htm

Just keep in mind that implementations through the registry can easily be undone. Since any hacker and his/her grandma have probably already heard about the existence of that key, it wouldn't hurt to either monitor that key (with HIPS or with a good registry monitor) or block write access. Just imagine that you whitelist the wrong installer...
P.S.: Additionally, if you don't have any exotic scanners, camera's etc, you could disable the Shell Hardware Detection Service.
P.S.: And how about this beauty? cmd as admin and:
Code:
REG ADD "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\CancelAutoplay\Files" /v "*.*" /d "" /f
Autoplay handlers cause a lot of trouble and should better be disabled system-wide. This is the list of any type of file that should NOT be auto-played, ever. *.* means ANY. Clear the rest that is already there in the list.

Paul

p2u
Valued Member
Valued Member

Posts : 211
Join date : 2010-12-14

View user profile

Back to top Go down

Re: USB Drive - Forced Start under SBIE or Disable Autorun?

Post by ssj100 on 31/12/2010, 16:37

Wouldn't running as a limited user prevent that registry key from being changed? Or are you worried about privilege escalation exploits?

If you whitelist the wrong installer/software, I think changing that registry key is the last of your worries haha. Just making a point.

What exactly are "Autoplay handlers"?

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: USB Drive - Forced Start under SBIE or Disable Autorun?

Post by Sponsored content


Sponsored content


Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum