Posted this in my thread but I'll post it here too if a mod deletes one of these threads etc:
Ok, lets summarize this about BadUSB
BadUSB cannot execute code without the PC knowing about it, an active anti-virus can detect all software running despite how or where it comes from, how BadUSB works it when you plug it into a USB port, it executes code on the USB stick by simulating keyboard/mouse input to access your OS and change it to allow code to run.
People are freaking out because the researchers in question are going "BadUSB disables the antivirus by shutting it down/uninstalling it, and then executing the code on the USB device"
There is an extremely simple solution to this, instead of having the anti-virus being disabled/uninstalled with a simple click of a button, just have it so when you click disable/uninstall anti-virus have it pop up a 20+ digit randomly generated Captcha that has to be entered correctly before it can be disabled/shutdown.
Then you say "Well, then it just tells the computer to delete/modify key files on a computer" but that's easy to detect because said anti-virus can tell if any of its key files are being modified, and SHOULD stop the OS from doing so, and it would actively monitor the registry for any changes to it being executed to it and you can no longer disable said anti-virus
I know I am probably missing a few things here and there about this, but having simple stuff like the anti-virus protecting its key files and a 20+ digit random captcha to prevent the anti-virus from being disabled/uninstalled without the user knowing about it is all it would take to protect against this.
And furthermore, an easy way to protect against this at the hardware level is to have a sacrificial lamb/man in the middle PC hooked up, you stick the USB drives with the files you need in that PC, and other PC's connect and can grab their text files etc off that PC through wi-fi/ethernet etc, meaning the USB devices never have direct access to vital servers etc, they can mess up the $400 laptop all they want but can't touch the five billion dollar mainframe network
Just thought I would get this out there to give the anti-virus companies some idea's on how to prevent BadUSB from infecting systems, thanks for your time.
In short, a capatcha in the anti-virus will prevent it from being shut down/uninstalled