back to article US Army bans USB devices to contain worm

The US Army has reportedly suspended the use of USB and removable media devices after a worm began spreading across its network. Use of USB drives, floppy discs, CDs, external drives, flash media cards and all other removable media devices has been placed on hold in order to contain the spread of Agent-BTZ, a variant of the …

COMMENTS

This topic is closed for new posts.
  1. Donald Miller

    U3 bypasses disabled Autorun

    I found the hard way that SanDisks U3 writes a segment to appear to be another CD player, and all Windows before Vista install it as such with Autorun Enabled BY DEFAULT, so that crap U3 is then installed and changes your disk assignments while it hunts for stuff to put on your SanDisk web account! There a lot of old sticks out there with the shit still on them, but I remove them from service with a hammer when I find them. And if your data disappears, tough tittie.

  2. A J Stiles
    Stop

    Huh?

    Surely the US Army would have specified "access to the Source Code" as a show-stopping precondition when they ordered their Operating Systems. So why can't they just compile Windows without USB support and have done with it?

  3. Anonymous Coward
    Linux

    Oh dear

    The muppets (aka US DoD) came up with SElinux but still bloody insist on using that Chinese/Russian friendly OS Windaz.

    To quote an old song (anti war song too):

    "Where have all the flowers gone, when will they ever learn"

  4. G2
    Boffin

    autorun can be globally disabled

    @Donald Miller above

    you can disable autorun globally for any windows system you can use group policies on, even if it is not joined into a domain.

    start-> run -> gpedit.msc

    (if youre running xp home... tough luck.. no such file exists... didn't try on vista home, maybe you're SOL here too)

    so.. in GPedit

    navigate to Local Computer policy -> Computer Configuration -> Administrative Templates -> System

    and set the entry named "Turn off Autoplay" to enabled, with autoplay disabled globally for ALL DRIVES (default is only cdrom drives but with policy not applied)

    if you set autoplay disabled for all drives it will stay disabled even for yet-unknown devices that will be connected in the future.

    Simple, no?

  5. Steve

    TANSTAAFL

    This is exactly why off the shelf devices need to be used with care. If there is really a need for USB connectivity the military should just define their own incompatible USB connector, and provide suitable devices (with built-in crypto?) for those who need them. That, and fill the standard USB ports on their PCs with epoxy glue...

    Of course, that is why they end up paying $400 for a hammer, but security doesn't come free...

  6. It wasnt me

    @A J Stiles

    Did the steam start venting form your ears before you reached the end of the article? Ill explain.

    It said that USB drives were a necessity, what with networks and email being unavailable in theatre. To get rid of them would be an encumbrance.

    Why not get rid of bullets as well, they keep killing people ?

  7. Anonymous Coward
    Thumb Down

    What does the subject of this article actually mean?

    "US Army bans USB devices to contain worm"

    Looks like some words missing, or, perhaps, the words 'to contain worm' should have read 'because they might contain a worm'.

    Or is there some subtle nuance of Leydenism that I have missed?

  8. Anonymous Coward
    Black Helicopters

    Another way to disable autorun globally

    For those who prefer registry settings (and those with Home versions that can't use GPedit.msc), set the

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun

    registry key to dword 0xFF.

    However, Vista users may still be vulnerable to malware spread this way, see http://secunia.com/advisories/29458/

  9. Tanuki
    Jobs Horns

    Stage One of cleanup.

    Deleting 'itunes.exe' wherever it's found on US DoD computers would be a good start.

  10. Jason Togneri
    Stop

    @ autorun can be globally disabled

    I'm amazed that people constantly forget about the useful and sometimes extremely powerful built-in diagnostic and administrative tools in Windows (2000 and up, particularly XP, don't know about Vista), such as gpedit.msc, services.msc, msconfig, etc. While it's true that I don't widely advertise these to users who are likely to do more harm than good, any sysadmin worth his/her/its salt surely knows about and how to use these tools. They can do most things that any third-party admin utility can do; granted, the interfaces aren't always intuitive or user-friendly, but you'd think they'd tweak the settings (via reg or bat, maybe) and either make a profile or a user image that they'd roll out on new machines with these settings already in place. It's not like any of this is new; welcome to 2002 (XP) or 1999 (Win2K).

  11. Geoff Mackenzie

    Two points...

    First, @AC 1545: there is nothing wrong with "US Army bans USB devices to contain worm". Contain is a verb.

    Secondly, @Steve, Re: "security doesn't come free" - see OpenBSD.

  12. Anonymous Coward
    Anonymous Coward

    @ ac - What does the subject of this article actually mean?

    contain in this sense it to prevent it spreading, like you quarantine people to contain a disease.

    because usb drive may begin not having the worm but plug it into a computer which does then it gets it and it can spread onto any other computers that may not be infected

  13. Michael Fremlins
    Stop

    Stop using Windows

    Why doesn't the DoD just ban Windows? Use UNIX/Linux.

  14. Nick Lord
    Thumb Up

    @AC "What does ... mean?"

    John Leyden is obviously better educated than you. My (online) dictionary has the following definitions of "to contain":

    lessen the intensity of; temper; hold in restraint; hold or keep within limits

    hold back, as of a danger or an enemy; check the expansion or influence of

  15. Charles
    Stop

    @Michael Fremlins

    Custom software that runs on Windows and Windows only (as in it's a WINO--WINE is NOT an OPTION). And getting all the existing Windows-custom software recoded may be difficult if not impossible due to either technical restrictions (since the firm that made it may not do Unix or may not exist anymore) or contractual obligations.

  16. Donald Miller

    gpedit.msc

    GPedit.msc is in both XP Pro and XP MediaCenter, and it didn't work against U3 on either system. As I said, Vista asks (IF you've not disabled this prompt) if you want to allow U3 to run, so I never bothered to look for GPedit until now. Anybody have any idea what version of Windows the Army uses? Anybody want to bet most of their IT management staff has heard of GPedit.msc? And on this Vista Home Premium SP1 machine neither GPedit.msc or HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun exists, and I'm not going to experiment with adding it since U3 can be killed without it.

    Simple, not, G2.

  17. Chris Miller
    Paris Hilton

    They allow USB on classified networks?

    Really? Paris would know better than that!

  18. Andy Bright

    Anyone else thinking..

    .. too late, why bother? And seeing as 99.99% of worms are caught via un-firewalled internet connections, banning the use of usb thumb drives doesn't seem likely to prevent another infection.

  19. Sooty

    Such a temporary ban would cause inconvenience in any organisation

    not in any vaguely security conscious organisation at least, as they already have a ban on these sorts of things.

  20. John Williams

    TeakUI Anyone?

    So far, nobody's mentioned TweakUI, which makes it easy to turn off autorun on selected drive types or letters. One caveat is that if you deselect removable drive types it will still do autorun on external USB drives, which is a PITA if the drive contains many JPG files. The best solution is to deselect autorun on all drive letters which may mount USB drives.

    Check out:

    http://www.microsoft.com/windowsxp/Downloads/powertoys/Xppowertoys.mspx

    I had to fix a laptop infected w/a USB drive worm and it can be a nasty problem.

  21. Anonymous Coward
    Anonymous Coward

    Secure your data!

    I’m sure there is a better way to tackle this issue.

    I have read of a new SanDisk secure USB drive, with McAfee malware protection, that seems to be a good solution to securing sensitive data.

    You can read more about it: http://www.sandisk-enterprise.com/blog

This topic is closed for new posts.