App to Prevent Removable Media From Running Programs?

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Anchoret

Thread Starter
Joined
Jan 19, 2006
Messages
310
I know programs to prevent any files from executing code from removable media are an integral part of high-security, high-$$$ sensitive airgapped systems, but are any available for the general user, preferably freeware or FOSS?

Seems like they would be extremely easy to write -- just permitting manual copying of files from these drives and preventing all other functions, autorun, etc.

Likewise, are there programs that do strenuous BIOS integrity checks?

Many thanks for any pointers here!
 
Joined
Nov 28, 2007
Messages
280
You can limit user permissions. If someone has physical access to your system all bets are off. You can run a Linux or Windows terminal server to prevent their physical access to your hard drives.

If you need BIOS integrity checks may I suggest your users are presumed actively hostile and should not be able to touch your main machines, at all, ever? Give them thin clients with no hard disk and they could steal and dissect those with no harm to your locked-down server.

http://www.oracle.com/technetwork/a...e-admin/tips-harden-oracle-linux-1695888.html

If they are hostile enough to reflash your BIOS they are hostile enough to remove the hard disk, use another PC to modify your installation to their liking, then plug it back in, reset chassis intrusion if fitted, and use elevated privileges to own your system.

Users could get a locked down brick, they could only upload files to a "safe" location of your choosing, and if they got root on their own impotent thin client it would mean nothing. You can slather your thin client system boards with epoxy so they can't be tampered with if that matters.

There is ample literature for the Googling if you search using the specifics of your operating system. It's interesting and fun.
 
Joined
Sep 21, 2007
Messages
13,874
Windows 8 Pro, Windows 7 Pro and Windows 7 Ultimate has a feature called Software Restriction Policy. Basically, it permits only programs in \Program Files and \Windows to run, All other programs are blocked from executing, eg programs in internet cache, CDs, and USB memory sticks .

If you don't have the above operating systems, then you can get Simple SRP, from here: http://iwrconsultancy.co.uk/softwarepolicy
 

Squashman

Retired Trusted Advisor
Joined
Apr 4, 2003
Messages
19,786
I thought AutoRun was disabled on USB devices starting with Windows 7.
 
Joined
Jan 18, 2015
Messages
99
I thought AutoRun was disabled on USB devices starting with Windows 7.
It is. There is some sort of ongoing myth that plugging a USB drive into your computer or inserting a CD can "automatically" execute some sort of malicious code on the USB drive / CD. This isn't true. Unless you specifically configured Windows to do so, windows will not automatically run anything.

This has been true since at least Vista and ahead. I'm not sure about what settings were in XP, it may have been possible then, at least with CD's.

So no, you don't need any special software to do this.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top