Author Topic: 2nd layer protection for USB drives: MCShield  (Read 29226 times)

Online Tech

  • avast! team
  • Certainly Bot
  • *
  • Posts: 64885
  • Gender: Male
    • Personal Message (Online)
2nd layer protection for USB drives: MCShield
« on: August 27, 2012, 01:17:32 AM »
Would you go for MCShield?
Seems very good (in performance and protection).
What do you think?

amf.mycity.rs/mcshield
http://amf.mycity.rs/mcshield/Doc/MCShield_Help_EN.pdf

Oh, it runs side-by-side with avast!
Completely freeware.
The best things in life are free.

Offline schmidthouse

  • VIRUS FREE A Long Time
  • avast! Evangelist
  • Massive Poster
  • ***
  • Posts: 2596
  • Gender: Male
  • When you think you know, Think Again
    • Personal Message (Offline)
Re: 2nd layer protection for USB drives: MCShield
« Reply #1 on: August 27, 2012, 02:34:16 AM »
Would you go for MCShield?
Seems very good (in performance and protection).
What do you think?

amf.mycity.rs/mcshield
http://amf.mycity.rs/mcshield/Doc/MCShield_Help_EN.pdf

Oh, it runs side-by-side with avast!
Completely freeware.

I am presently using USB Vacine by Panda Security. I wonder if MC Shield would be better?? ???
**W8.1.1PRO 64Bit           *  xpSP3 PRO 32 Bit
Backup & Recovery> WD 500GB HD/ Macrium Reflect/ Dropbox
Do not confuse kindness for weakness

Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21774
  • Gender: Male
    • Personal Message (Offline)
Re: 2nd layer protection for USB drives: MCShield
« Reply #2 on: August 27, 2012, 02:58:06 AM »
you may ask argus and magna86. they use it    ;)
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline SpeedyPC

  • avast! Evangelist
  • Massive Poster
  • ***
  • Posts: 2828
  • Avast Free AV shall conquer the whole world
    • Personal Message (Offline)
Re: 2nd layer protection for USB drives: MCShield
« Reply #3 on: August 27, 2012, 07:30:52 AM »
I don't need a 2nd layer protection for USB drives because my Outpost Pro FW already has layer protection for USB & DVD drives all in one ;)
ASUS G75VX-T4153H - Avast Free v9.0.2018 - Outpost Pro Firewall v9.1 - W8 64bit - Firefox (NS/AdP/LP/TSB/TL/Web/Ghost/VT) - Thunderbird (AdP) - MBAM Premium + MBAE - Secunia PSI - CCleaner - MCShield - Macrium Reflect Free

Offline bob3160

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 23962
  • Gender: Male
  • 53 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
    • Personal Message (Offline)
Re: 2nd layer protection for USB drives: MCShield
« Reply #4 on: August 27, 2012, 11:48:24 AM »
Sorry but why use and add on when you can have avast check your USB drive.
Free avast! Security Seminar: http://www.authorstream.com/Presentation/bob3160-1425909-protecting-yourself/    -  Important: http://www.organdonor.gov/
My Blog: http://bob3160.blogspot.com/ - Win 8.1 Pro 64bit, 4 Gig Ram, avast!2014.9.0.2015 Free, MBAM, WinPatrol -- How to Successfully Install avast! http://goo.gl/VLXde
                     - It's nice to be Important. - It's more important to be Nice. -

Online Tech

  • avast! team
  • Certainly Bot
  • *
  • Posts: 64885
  • Gender: Male
    • Personal Message (Online)
Re: 2nd layer protection for USB drives: MCShield
« Reply #5 on: August 27, 2012, 01:39:40 PM »
Sorry but why use and add on when you can have avast check your USB drive.
2nd layer, heuristic and proactive analysis.
The best things in life are free.

Offline bob3160

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 23962
  • Gender: Male
  • 53 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
    • Personal Message (Offline)
Re: 2nd layer protection for USB drives: MCShield
« Reply #6 on: August 27, 2012, 01:46:15 PM »
Sorry but why use and add on when you can have avast check your USB drive.
2nd layer, heuristic and proactive analysis.
If it starts out clean and everything you add is clean, why do you need a second layer or the rest ???
Free avast! Security Seminar: http://www.authorstream.com/Presentation/bob3160-1425909-protecting-yourself/    -  Important: http://www.organdonor.gov/
My Blog: http://bob3160.blogspot.com/ - Win 8.1 Pro 64bit, 4 Gig Ram, avast!2014.9.0.2015 Free, MBAM, WinPatrol -- How to Successfully Install avast! http://goo.gl/VLXde
                     - It's nice to be Important. - It's more important to be Nice. -

Online Tech

  • avast! team
  • Certainly Bot
  • *
  • Posts: 64885
  • Gender: Male
    • Personal Message (Online)
Re: 2nd layer protection for USB drives: MCShield
« Reply #7 on: August 27, 2012, 02:04:36 PM »
If it starts out clean and everything you add is clean, why do you need a second layer or the rest ???
If you need (have to) to use other USB sticks in your computer you'll know it...
The best things in life are free.

Offline Charyb

  • avast! Evangelist
  • Super Poster
  • ***
  • Posts: 1775
    • Personal Message (Offline)
Re: 2nd layer protection for USB drives: MCShield
« Reply #8 on: August 27, 2012, 02:23:33 PM »
I have Outpost removable media protection set to block autorun.inf and block any application from launching that does not have a digital signature. Plus I use a usb immunizer from a different source since avast doesn't provide this.

Avast should release their own usb immunizer so users do not need to go to other sources. This would help to protect any computer that you plug a usb into from autorun based malware.

Thanks for the suggestion.
« Last Edit: August 27, 2012, 02:31:45 PM by Charyb »

Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69233
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: 2nd layer protection for USB drives: MCShield
« Reply #9 on: August 27, 2012, 03:04:37 PM »
Step my Removable protection a notch in Outpost to also block the launch of applications that are not signed by trusted digital signature. I don't Enable CD protection though.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline argus

  • Anti Malware Fighter _ ASAP_
  • avast! Evangelist
  • Super Poster
  • ***
  • Posts: 1344
  • Gender: Male
    • Personal Message (Offline)
Re: 2nd layer protection for USB drives: MCShield
« Reply #10 on: August 27, 2012, 05:35:23 PM »
Hello,

Original idea for MCShield are came from USBNoRisk ( first USB malware removal that is designed for helpers ) that we used the our malware removal forum to clean ifected USB flash drives.


USB viruses are not spread via autorun.inf just as everyone thinks.
Malware usually comes through using:


* autorun.inf
* Desktop.ini/comment.htt/ActiveX
* user
* Windows Shell-LNK exploit (newest method)

The program can prevent all known vectors attack.

Example:
How malicious program uses the Desktop.ini files?

Content Desktop.ini file

Code: [Select]
[.ShellClassInfo]
HTMLInfoTipFile=file://Comment.htt
ConfirmFileOp = 0

Content Comment.htt file

Code: [Select]
AppleObject.createInstance()
Set WsShell = AppleObject.GetObject()
Wsshell.run(Path + "malicious_file.EXE")

This is just part of the code Comment.htt file, but as you can see, powered by / run the malicious program.

Double click on the folder icon is enough to start a malicious program and do what it is intended for.
Some of the malware uses this method (Stuxnet), without double-clicking on the folder.


MCShield will automatically disable this malware and put it in quarantine.
Panda USB Vaccine not see this infection.

Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21774
  • Gender: Male
    • Personal Message (Offline)
Re: 2nd layer protection for USB drives: MCShield
« Reply #11 on: August 27, 2012, 05:47:36 PM »
as i understand Panda vaccine will only stop the autorun ....not detect the infection ?
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline schmidthouse

  • VIRUS FREE A Long Time
  • avast! Evangelist
  • Massive Poster
  • ***
  • Posts: 2596
  • Gender: Male
  • When you think you know, Think Again
    • Personal Message (Offline)
Re: 2nd layer protection for USB drives: MCShield
« Reply #12 on: August 27, 2012, 05:58:49 PM »
Good information!
Thanks for the input, I believe I will switch.
I also have OPFW set to protect USB and no digitally signed, but what the heck the resources used are nil and the added protection ( 2nd. layer) can't in my estimation hurt. ;) ;D
**W8.1.1PRO 64Bit           *  xpSP3 PRO 32 Bit
Backup & Recovery> WD 500GB HD/ Macrium Reflect/ Dropbox
Do not confuse kindness for weakness

Offline argus

  • Anti Malware Fighter _ ASAP_
  • avast! Evangelist
  • Super Poster
  • ***
  • Posts: 1344
  • Gender: Male
    • Personal Message (Offline)
Re: 2nd layer protection for USB drives: MCShield
« Reply #13 on: August 27, 2012, 06:00:00 PM »
as i understand Panda vaccine will only stop the autorun ....not detect the infection ?

Panda creates an autorun.inf file that after the change the file attribute which proclaims the partition, thus leading the Windows FAT driver to confusion and thus being unable to access the file (and thus prevents malware and uses standard Windows functions to access the file)

but...

Is not a philosophy that I have malware starts to write directly on the disk, without using Windows driver.
« Last Edit: August 27, 2012, 06:02:23 PM by argus »

Offline schmidthouse

  • VIRUS FREE A Long Time
  • avast! Evangelist
  • Massive Poster
  • ***
  • Posts: 2596
  • Gender: Male
  • When you think you know, Think Again
    • Personal Message (Offline)
Re: 2nd layer protection for USB drives: MCShield
« Reply #14 on: August 28, 2012, 03:26:26 PM »
Just thought I'd say, I use USB alot with shared Flash Drives as this is how I monitor various aspects of my buisness.
Anyway, I read the pdf file supplied, liked what I read and downloaded/install MCShield.
I think it is compac, and find it a very nice tool. Will use it now ;)
One of the small interesting side benefits of staying in touch with whats going on here on the forum.  8) I've mentioned before, I like to read most everything  :P
Nice little didi Tech :D
**W8.1.1PRO 64Bit           *  xpSP3 PRO 32 Bit
Backup & Recovery> WD 500GB HD/ Macrium Reflect/ Dropbox
Do not confuse kindness for weakness

 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now