My comment for Immunize was rhetorical.
Immunize explanation is on the Bitdefender link. Please read the links I posted before commenting. The disable autoruns is for 7 and Vista. Here is XP.
I know these tools and they work very well.
- I’ll try to explain to you some things:
Thouse tools like BD immunize, Panda USB protection, …hey doesn’t disable the autorun. They load his own autorun so called powerfull autorun or bulletproof autorun… impenetrable autorun.inf with its attributes.
Aim of this is that malware cann’t use autorun.inf.
Tools like , USB AntiVirus …etc.
They already operate on a signature which is an advantage and disadvantage:
advantage - Scans USB’s and it kills to him known malware.
disadvantage - it kills only to him known malware. Unknown malware will “leave alone”.
-About USB malware:
Malware must have its own trigger and excellent file.
First malware writers have found a way to take advantage of legit Windows autorun.inf, to execute their malware into PC.
This the contents of autorun.inf as example:
http://fotkica.com/thumbs3/1_tmb_52742402_66097_116715901_autorun.inf.jpg
In this example, autoran.inf saying that windows should start test.exe malware.
Then people started to develop tools that may manipulated with autorun.inf ( autorun.inf is legit Windows file, loading their own autorun.inf was a good as first solution, legitimate action too) and thus provide additional protection or some of them trying to earn money.
The aim of this tools is nothing other than prevent infection. This is very important to know. Malware still lives in USB!
Therefore your link from BD says:
[b]Autorun-based malware[/b]
Malware writers have had to find another way to infect the machine because the autorun.inf has been too known action. They couldn’t use that metod sufficiently…
Currently known methods of infection using this metods:
- Desktop.ini
- comment.htt
- ActiveX
- User (user thinks he launches legitimate folder and he actually launch executable malware, legit folder is super-hidden)
- Windows Shell
- … etc
This was written only in brief, the story it is much wider
When Argus asked for running MCShield, you wrote this:
No need for MC SHield. Every pc should have autoruns disabled. Secondly if you immunize your USB stick then it makes your USB stick immune to malware autoruns being put in it. here are a few simple steps.
Having the above… do you realize why this comment is wrong?
If the user took your advice, he would get just this:
-Autorun-based malware ( only prevent infection )
If user obeyed Argus, it get this:
[b]AntiAutorun[/b], AntiLNK, three AntiReplicator routines, AntiRimecud, two AntiMimics, known bad file/folder names, hashes, AntiEsfury (folder name heur.), general/blended file heuristics (files are checked in 6 ways)...
In summary:
- autorun is just one of the ways the infection can be started;
- this is not bulletproof;
- USB device is still infected, ready to use on another machine, launches its autorun.inf and interject malware where it can.