Author Topic: 2nd layer protection for USB drives: MCShield  (Read 45274 times)

0 Members and 1 Guest are viewing this topic.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 65987
2nd layer protection for USB drives: MCShield
« on: August 27, 2012, 03:17:32 AM »
Would you go for MCShield?
Seems very good (in performance and protection).
What do you think?

amf.mycity.rs/mcshield
http://amf.mycity.rs/mcshield/Doc/MCShield_Help_EN.pdf

Oh, it runs side-by-side with avast!
Completely freeware.
The best things in life are free.

Offline schmidthouse

  • VIRUS FREE A Long Time
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3916
  • When you think you know, Think Again
Re: 2nd layer protection for USB drives: MCShield
« Reply #1 on: August 27, 2012, 04:34:16 AM »
Would you go for MCShield?
Seems very good (in performance and protection).
What do you think?

amf.mycity.rs/mcshield
http://amf.mycity.rs/mcshield/Doc/MCShield_Help_EN.pdf

Oh, it runs side-by-side with avast!
Completely freeware.

I am presently using USB Vacine by Panda Security. I wonder if MC Shield would be better?? ???
***HP ENVY 15K LT  W10 Pro 64Bit/750GB HD/ 16GB Ram/Avast Secureline
**HP Compaq Buisness LT W8.1 Pro 64Bit/1TB HD/ 8GB Ram/Avast Secureline     
*Dell Inspiron  xpSP4 PRO 32 Bit/Avast Premier 2015.10.2.2218
Layered Security Protection on all OS's       Backup & Recovery> WD 500GB HD/Macrium Reflect
Do not confuse Kindness for Weakness

Offline Pondus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 27411
Re: 2nd layer protection for USB drives: MCShield
« Reply #2 on: August 27, 2012, 04:58:06 AM »
you may ask argus and magna86. they use it    ;)
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline SpeedyPC

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2946
  • Avast Free AV shall conquer the whole world
Re: 2nd layer protection for USB drives: MCShield
« Reply #3 on: August 27, 2012, 09:30:52 AM »
I don't need a 2nd layer protection for USB drives because my Outpost Pro FW already has layer protection for USB & DVD drives all in one ;)
ASUS G75VX-T4153H - Avast Internet Security v10.3.2225 R3 SP1 - W8 64bit - Firefox (AOS/NS/LP/VT) - Thunderbird (AdP) - MBAM Premium + MBAE Free - Adguard Premium - Secunia PSI - CryptoPrevent - CCleaner - MCShield - WinPatrol PLUS - Unchecky - Macrium Reflect Home Edition

Offline bob3160

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 28207
  • 55 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: 2nd layer protection for USB drives: MCShield
« Reply #4 on: August 27, 2012, 01:48:24 PM »
Sorry but why use and add on when you can have avast check your USB drive.
Free avast! Security Seminar: http://www.authorstream.com/Presentation/bob3160-1425909-protecting-yourself/    -  Important: http://www.organdonor.gov/
My Blog: http://bob3160.blogspot.com/ - Win 8.1 Pro 64bit, 8 Gig Ram, avast!2015.10.2.2218 Free, MBAM, WinPatrol -- How to Successfully Install Avast http://goo.gl/VLXde

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 65987
Re: 2nd layer protection for USB drives: MCShield
« Reply #5 on: August 27, 2012, 03:39:40 PM »
Sorry but why use and add on when you can have avast check your USB drive.
2nd layer, heuristic and proactive analysis.
The best things in life are free.

Offline bob3160

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 28207
  • 55 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: 2nd layer protection for USB drives: MCShield
« Reply #6 on: August 27, 2012, 03:46:15 PM »
Sorry but why use and add on when you can have avast check your USB drive.
2nd layer, heuristic and proactive analysis.
If it starts out clean and everything you add is clean, why do you need a second layer or the rest ???
Free avast! Security Seminar: http://www.authorstream.com/Presentation/bob3160-1425909-protecting-yourself/    -  Important: http://www.organdonor.gov/
My Blog: http://bob3160.blogspot.com/ - Win 8.1 Pro 64bit, 8 Gig Ram, avast!2015.10.2.2218 Free, MBAM, WinPatrol -- How to Successfully Install Avast http://goo.gl/VLXde

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 65987
Re: 2nd layer protection for USB drives: MCShield
« Reply #7 on: August 27, 2012, 04:04:36 PM »
If it starts out clean and everything you add is clean, why do you need a second layer or the rest ???
If you need (have to) to use other USB sticks in your computer you'll know it...
The best things in life are free.

Offline Charyb

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1974
Re: 2nd layer protection for USB drives: MCShield
« Reply #8 on: August 27, 2012, 04:23:33 PM »
I have Outpost removable media protection set to block autorun.inf and block any application from launching that does not have a digital signature. Plus I use a usb immunizer from a different source since avast doesn't provide this.

Avast should release their own usb immunizer so users do not need to go to other sources. This would help to protect any computer that you plug a usb into from autorun based malware.

Thanks for the suggestion.
« Last Edit: August 27, 2012, 04:31:45 PM by Charyb »
W8.1Pro x64
Avast Pro

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 72331
  • No support PMs thanks
Re: 2nd layer protection for USB drives: MCShield
« Reply #9 on: August 27, 2012, 05:04:37 PM »
Step my Removable protection a notch in Outpost to also block the launch of applications that are not signed by trusted digital signature. I don't Enable CD protection though.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2015 10.3.2225 R3 SP1/ Outpost Firewall Pro9.1/ Firefox 39.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.1.8/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline argus

  • Malware Removal Expert ASAP
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2065
Re: 2nd layer protection for USB drives: MCShield
« Reply #10 on: August 27, 2012, 07:35:23 PM »
Hello,

Original idea for MCShield are came from USBNoRisk ( first USB malware removal that is designed for helpers ) that we used the our malware removal forum to clean ifected USB flash drives.


USB viruses are not spread via autorun.inf just as everyone thinks.
Malware usually comes through using:


* autorun.inf
* Desktop.ini/comment.htt/ActiveX
* user
* Windows Shell-LNK exploit (newest method)

The program can prevent all known vectors attack.

Example:
How malicious program uses the Desktop.ini files?

Content Desktop.ini file

Code: [Select]
[.ShellClassInfo]
HTMLInfoTipFile=file://Comment.htt
ConfirmFileOp = 0

Content Comment.htt file

Code: [Select]
AppleObject.createInstance()
Set WsShell = AppleObject.GetObject()
Wsshell.run(Path + "malicious_file.EXE")

This is just part of the code Comment.htt file, but as you can see, powered by / run the malicious program.

Double click on the folder icon is enough to start a malicious program and do what it is intended for.
Some of the malware uses this method (Stuxnet), without double-clicking on the folder.


MCShield will automatically disable this malware and put it in quarantine.
Panda USB Vaccine not see this infection.
I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.   DONATE

Offline Pondus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 27411
Re: 2nd layer protection for USB drives: MCShield
« Reply #11 on: August 27, 2012, 07:47:36 PM »
as i understand Panda vaccine will only stop the autorun ....not detect the infection ?
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline schmidthouse

  • VIRUS FREE A Long Time
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3916
  • When you think you know, Think Again
Re: 2nd layer protection for USB drives: MCShield
« Reply #12 on: August 27, 2012, 07:58:49 PM »
Good information!
Thanks for the input, I believe I will switch.
I also have OPFW set to protect USB and no digitally signed, but what the heck the resources used are nil and the added protection ( 2nd. layer) can't in my estimation hurt. ;) ;D
***HP ENVY 15K LT  W10 Pro 64Bit/750GB HD/ 16GB Ram/Avast Secureline
**HP Compaq Buisness LT W8.1 Pro 64Bit/1TB HD/ 8GB Ram/Avast Secureline     
*Dell Inspiron  xpSP4 PRO 32 Bit/Avast Premier 2015.10.2.2218
Layered Security Protection on all OS's       Backup & Recovery> WD 500GB HD/Macrium Reflect
Do not confuse Kindness for Weakness

Offline argus

  • Malware Removal Expert ASAP
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2065
Re: 2nd layer protection for USB drives: MCShield
« Reply #13 on: August 27, 2012, 08:00:00 PM »
as i understand Panda vaccine will only stop the autorun ....not detect the infection ?

Panda creates an autorun.inf file that after the change the file attribute which proclaims the partition, thus leading the Windows FAT driver to confusion and thus being unable to access the file (and thus prevents malware and uses standard Windows functions to access the file)

but...

Is not a philosophy that I have malware starts to write directly on the disk, without using Windows driver.
« Last Edit: August 27, 2012, 08:02:23 PM by argus »
I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.   DONATE

Offline schmidthouse

  • VIRUS FREE A Long Time
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3916
  • When you think you know, Think Again
Re: 2nd layer protection for USB drives: MCShield
« Reply #14 on: August 28, 2012, 05:26:26 PM »
Just thought I'd say, I use USB alot with shared Flash Drives as this is how I monitor various aspects of my buisness.
Anyway, I read the pdf file supplied, liked what I read and downloaded/install MCShield.
I think it is compac, and find it a very nice tool. Will use it now ;)
One of the small interesting side benefits of staying in touch with whats going on here on the forum.  8) I've mentioned before, I like to read most everything  :P
Nice little didi Tech :D
***HP ENVY 15K LT  W10 Pro 64Bit/750GB HD/ 16GB Ram/Avast Secureline
**HP Compaq Buisness LT W8.1 Pro 64Bit/1TB HD/ 8GB Ram/Avast Secureline     
*Dell Inspiron  xpSP4 PRO 32 Bit/Avast Premier 2015.10.2.2218
Layered Security Protection on all OS's       Backup & Recovery> WD 500GB HD/Macrium Reflect
Do not confuse Kindness for Weakness