2nd layer protection for USB drives: MCShield

Would you go for MCShield?
Seems very good (in performance and protection).
What do you think?

amf.mycity.rs/mcshield
http://amf.mycity.rs/mcshield/Doc/MCShield_Help_EN.pdf

Oh, it runs side-by-side with avast!
Completely freeware.

I am presently using USB Vacine by Panda Security. I wonder if MC Shield would be better?? ???

you may ask argus and magna86. they use it :wink:

I don’t need a 2nd layer protection for USB drives because my Outpost Pro FW already has layer protection for USB & DVD drives all in one :wink:

Sorry but why use and add on when you can have avast check your USB drive.

2nd layer, heuristic and proactive analysis.

If it starts out clean and everything you add is clean, why do you need a second layer or the rest ???

If you need (have to) to use other USB sticks in your computer you’ll know it…

I have Outpost removable media protection set to block autorun.inf and block any application from launching that does not have a digital signature. Plus I use a usb immunizer from a different source since avast doesn’t provide this.

Avast should release their own usb immunizer so users do not need to go to other sources. This would help to protect any computer that you plug a usb into from autorun based malware.

Thanks for the suggestion.

Step my Removable protection a notch in Outpost to also block the launch of applications that are not signed by trusted digital signature. I don’t Enable CD protection though.

Hello,

Original idea for MCShield are came from USBNoRisk ( first USB malware removal that is designed for helpers ) that we used the our malware removal forum to clean ifected USB flash drives.

USB viruses are not spread via autorun.inf just as everyone thinks.
Malware usually comes through using:

  • autorun.inf
  • Desktop.ini/comment.htt/ActiveX
  • user
  • Windows Shell-LNK exploit (newest method)

The program can prevent all known vectors attack.

Example:
How malicious program uses the Desktop.ini files?

Content Desktop.ini file

[.ShellClassInfo]
HTMLInfoTipFile=file://Comment.htt
ConfirmFileOp = 0

Content Comment.htt file

AppleObject.createInstance()
Set WsShell = AppleObject.GetObject()
Wsshell.run(Path + "malicious_file.EXE")

This is just part of the code Comment.htt file, but as you can see, powered by / run the malicious program.

Double click on the folder icon is enough to start a malicious program and do what it is intended for.
Some of the malware uses this method (Stuxnet), without double-clicking on the folder.

MCShield will automatically disable this malware and put it in quarantine.
Panda USB Vaccine not see this infection.

as i understand Panda vaccine will only stop the autorun …not detect the infection ?

Good information!
Thanks for the input, I believe I will switch.
I also have OPFW set to protect USB and no digitally signed, but what the heck the resources used are nil and the added protection ( 2nd. layer) can’t in my estimation hurt. :wink: ;D

Panda creates an autorun.inf file that after the change the file attribute which proclaims the partition, thus leading the Windows FAT driver to confusion and thus being unable to access the file (and thus prevents malware and uses standard Windows functions to access the file)

but…

Is not a philosophy that I have malware starts to write directly on the disk, without using Windows driver.

Just thought I’d say, I use USB alot with shared Flash Drives as this is how I monitor various aspects of my buisness.
Anyway, I read the pdf file supplied, liked what I read and downloaded/install MCShield.
I think it is compac, and find it a very nice tool. Will use it now :wink:
One of the small interesting side benefits of staying in touch with whats going on here on the forum. 8) I’ve mentioned before, I like to read most everything :stuck_out_tongue:
Nice little didi Tech :smiley:

@ Tech,
You’ve also convinced me. Better safe than sorry. :slight_smile:

This tool doesn’t want to work for me. After the installation I got the Windows pop-up saying that the scanner stopped and would be closed. I disabled scanning removable media and hard drives on the programs start and rebooted. After that the program started well but as soon as I insert a USB-stick I again got the pop-up that the scanner stopped and would be closed.

Hm…I’ll will contact developers.

Start → All Programs → MCShield → Logs

Please attach here:
AllScans.txt
Summary.txt

magna86
I have already removed the program and cleaned the system.

Good to know there’s help near by. :wink: :slight_smile: