I found the hard way that SanDisks U3 writes a segment to appear to be another CD player, and all Windows before Vista install it as such with Autorun Enabled BY DEFAULT, so that crap U3 is then installed and changes your disk assignments while it hunts for stuff to put on your SanDisk web account! There a lot of old sticks out there with the shit still on them, but I remove them from service with a hammer when I find them. And if your data disappears, tough tittie.

This is exactly why off the shelf devices need to be used with care. If there is really a need for USB connectivity the military should just define their own incompatible USB connector, and provide suitable devices (with built-in crypto?) for those who need them. That, and fill the standard USB ports on their PCs with epoxy glue...

Of course, that is why they end up paying $400 for a hammer, but security doesn't come free...

Did the steam start venting form your ears before you reached the end of the article? Ill explain.

It said that USB drives were a necessity, what with networks and email being unavailable in theatre. To get rid of them would be an encumbrance.

Why not get rid of bullets as well, they keep killing people ?

First, @AC 1545: there is nothing wrong with "US Army bans USB devices to contain worm". Contain is a verb.

Secondly, @Steve, Re: "security doesn't come free" - see OpenBSD.

contain in this sense it to prevent it spreading, like you quarantine people to contain a disease.

because usb drive may begin not having the worm but plug it into a computer which does then it gets it and it can spread onto any other computers that may not be infected

GPedit.msc is in both XP Pro and XP MediaCenter, and it didn't work against U3 on either system. As I said, Vista asks (IF you've not disabled this prompt) if you want to allow U3 to run, so I never bothered to look for GPedit until now. Anybody have any idea what version of Windows the Army uses? Anybody want to bet most of their IT management staff has heard of GPedit.msc? And on this Vista Home Premium SP1 machine neither GPedit.msc or HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun exists, and I'm not going to experiment with adding it since U3 can be killed without it.

Simple, not, G2.

.. too late, why bother? And seeing as 99.99% of worms are caught via un-firewalled internet connections, banning the use of usb thumb drives doesn't seem likely to prevent another infection.

not in any vaguely security conscious organisation at least, as they already have a ban on these sorts of things.

So far, nobody's mentioned TweakUI, which makes it easy to turn off autorun on selected drive types or letters. One caveat is that if you deselect removable drive types it will still do autorun on external USB drives, which is a PITA if the drive contains many JPG files. The best solution is to deselect autorun on all drive letters which may mount USB drives.

Check out:

http://www.microsoft.com/windowsxp/Downloads/powertoys/Xppowertoys.mspx

I had to fix a laptop infected w/a USB drive worm and it can be a nasty problem.

I’m sure there is a better way to tackle this issue.

I have read of a new SanDisk secure USB drive, with McAfee malware protection, that seems to be a good solution to securing sensitive data.

You can read more about it: http://www.sandisk-enterprise.com/blog