Hello All, I have borrowed a UDRW thumb drive from the vendor for testing.
What you mentioned is partially correct. If your Windows OS is anything older than Windows 2000 SP3, then you need drivers while if it is newer than Windows 2000 SP3, then no driver would be required. That is, when you insert the UDRW key into your machine, it works as if you got a CD-ROM and a USB key. Thx. Ricci > Hi, > > I took a quick look at UDRW (your first link). It looks like this needs > to install its own drivers which would require user to be local > administrator on the computer. I don't believe you can secure the > computer as long as users are local administrators -- well maybe we can > still use epoxy glue to fill out USB ports ;-) ... anything else local > admins will be able to bypass... > > Miha > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Sent: Friday, June 16, 2006 8:44 PM > To: Focus Microsoft > Subject: RE: Controlling specific USB devices on Windows XP > > Unless the USB device emulates a cd-rom: > > http://www.udrw.com/en/tech/index.php > > Another poster sent me this. It's someone try to perform the "hack" > himself. See the second entry: > > http://hackaday.com/ > > > I may not be well versed in this topic, but my logical assumption that > if there was a way for windows to tell the the difference between a USB > cd-rom and a USB removable storage device, there had to be a way to fool > windows in to thinking a USB removable storage device was a cd-rom. So > wondering if it had been found yet, lead me to try a simple google > search that find the first url. > > > >> -----Original Message----- >> From: Harlan Carvey [mailto:[EMAIL PROTECTED] >> Sent: Friday, June 16, 2006 10:15 AM >> To: McClenon, Braden ([EMAIL PROTECTED]); Greg Merideth; George >> Njoku >> Cc: Focus Microsoft >> Subject: RE: Controlling specific USB devices on Windows XP >> >> Thanks for the info, but most folks are already aware that be default, > >> the AutoRun function is enabled for CDs, but disabled for removeable >> storage. A simply query on TechNet supports this: >> http://msdn.microsoft.com/library/default.asp?url=/library/en- >> us/shellcc/platform/Shell/programmersguide/shell_basics/shell_ >> basics_extending/autorun/autoplay_reg.asp >> >> Harlan >> >> --- [EMAIL PROTECTED] wrote: >> >> > Well, I don't have a USB storage dive handy at the moment, but I >> > grabbed the closest CD I knew had an autorun.inf, the second I open >> > the drive in Explorer, the open=setup.exe line excutes and I have >> > setup.exe executing. Does seem to hard to get it to run >> without user >> > knowledge. >> > >> > > -----Original Message----- >> > > From: Harlan Carvey [mailto:[EMAIL PROTECTED] >> > > Sent: Thursday, June 15, 2006 4:17 PM >> > > To: Greg Merideth; George Njoku >> > > Cc: Focus Microsoft >> > > Subject: Re: Controlling specific USB devices on >> > Windows XP >> > > >> > > >> > > > Given the recent social engineering test with >> > USB devices >> > > left around >> > > > a credit-unions lobby I would disagree. >> > > >> > > That "test" is suspect, as it doesn't provide >> > nearly enough >> > > information. By default, Windows does not parse >> > the "load=" >> > > or "run=" lines of an autorun.inf file from >> > removeable media. >> > > So, the question is, what about the "test" got >> > the users to >> > > run the Trojan on the USB devices? >> > > >> > > >> > > >> > > ------------------------------------------ >> > > Harlan Carvey, CISSP >> > > "Windows Forensics and Incident Recovery" >> > > http://www.windows-ir.com >> > > http://windowsir.blogspot.com >> > > ------------------------------------------ >> > > >> > > >> > >> -------------------------------------------------------------- >> > > ------------- >> > > >> > >> -------------------------------------------------------------- >> > > ------------- >> > > >> > > >> > >> >> >> ------------------------------------------ >> Harlan Carvey, CISSP >> "Windows Forensics and Incident Recovery" >> http://www.windows-ir.com >> http://windowsir.blogspot.com >> ------------------------------------------ >> >> -------------------------------------------------------------- >> ------------- >> -------------------------------------------------------------- >> ------------- >> >> > > ------------------------------------------------------------------------ > --- > ------------------------------------------------------------------------ > --- > > > --------------------------------------------------------------------------- > --------------------------------------------------------------------------- > > > --------------------------------------------------------------------------- ---------------------------------------------------------------------------
