1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

App to Prevent Removable Media From Running Programs?

Discussion in 'All Other Software' started by Anchoret, Jan 20, 2015.

Thread Status:
Not open for further replies.
Advertisement
  1. Anchoret

    Anchoret Thread Starter

    Joined:
    Jan 19, 2006
    Messages:
    310
    I know programs to prevent any files from executing code from removable media are an integral part of high-security, high-$$$ sensitive airgapped systems, but are any available for the general user, preferably freeware or FOSS?

    Seems like they would be extremely easy to write -- just permitting manual copying of files from these drives and preventing all other functions, autorun, etc.

    Likewise, are there programs that do strenuous BIOS integrity checks?

    Many thanks for any pointers here!
     
  2. monckywrench

    monckywrench

    Joined:
    Nov 28, 2007
    Messages:
    280
    You can limit user permissions. If someone has physical access to your system all bets are off. You can run a Linux or Windows terminal server to prevent their physical access to your hard drives.

    If you need BIOS integrity checks may I suggest your users are presumed actively hostile and should not be able to touch your main machines, at all, ever? Give them thin clients with no hard disk and they could steal and dissect those with no harm to your locked-down server.

    http://www.oracle.com/technetwork/a...e-admin/tips-harden-oracle-linux-1695888.html

    If they are hostile enough to reflash your BIOS they are hostile enough to remove the hard disk, use another PC to modify your installation to their liking, then plug it back in, reset chassis intrusion if fitted, and use elevated privileges to own your system.

    Users could get a locked down brick, they could only upload files to a "safe" location of your choosing, and if they got root on their own impotent thin client it would mean nothing. You can slather your thin client system boards with epoxy so they can't be tampered with if that matters.

    There is ample literature for the Googling if you search using the specifics of your operating system. It's interesting and fun.
     
  3. lunarlander

    lunarlander

    Joined:
    Sep 21, 2007
    Messages:
    11,821
    Windows 8 Pro, Windows 7 Pro and Windows 7 Ultimate has a feature called Software Restriction Policy. Basically, it permits only programs in \Program Files and \Windows to run, All other programs are blocked from executing, eg programs in internet cache, CDs, and USB memory sticks .

    If you don't have the above operating systems, then you can get Simple SRP, from here: http://iwrconsultancy.co.uk/softwarepolicy
     
  4. Squashman

    Squashman Trusted Advisor

    Joined:
    Apr 4, 2003
    Messages:
    19,786
    I thought AutoRun was disabled on USB devices starting with Windows 7.
     
  5. PcPhoenix

    PcPhoenix

    Joined:
    Jan 18, 2015
    Messages:
    99
    It is. There is some sort of ongoing myth that plugging a USB drive into your computer or inserting a CD can "automatically" execute some sort of malicious code on the USB drive / CD. This isn't true. Unless you specifically configured Windows to do so, windows will not automatically run anything.

    This has been true since at least Vista and ahead. I'm not sure about what settings were in XP, it may have been possible then, at least with CD's.

    So no, you don't need any special software to do this.
     
  6. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1141549

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice