RE: Controlling specific USB devices on Windows XP

Hello All,

I have borrowed a UDRW thumb drive from the vendor for testing.

What you mentioned is partially correct. If your Windows OS is anything
older than Windows 2000 SP3, then you need drivers while if it is newer
than Windows 2000 SP3, then no driver would be required. That is, when you
insert the UDRW key into your machine, it works as if you got a CD-ROM and
a USB key.

Thx.

Ricci


Hi,

I took a quick look at UDRW (your first link). It looks like this needs
to install its own drivers which would require user to be local
administrator on the computer. I don't believe you can secure the
computer as long as users are local administrators -- well maybe we can
still use epoxy glue to fill out USB ports ;-) ... anything else local
admins will be able to bypass...

Miha

-----Original Message-----
From: mcclenbw@xxxxxxxxxxx [mailto:mcclenbw@xxxxxxxxxxx]
Sent: Friday, June 16, 2006 8:44 PM
To: Focus Microsoft
Subject: RE: Controlling specific USB devices on Windows XP

Unless the USB device emulates a cd-rom:

http://www.udrw.com/en/tech/index.php

Another poster sent me this. It's someone try to perform the "hack"
himself. See the second entry:

http://hackaday.com/


I may not be well versed in this topic, but my logical assumption that
if there was a way for windows to tell the the difference between a USB
cd-rom and a USB removable storage device, there had to be a way to fool
windows in to thinking a USB removable storage device was a cd-rom. So
wondering if it had been found yet, lead me to try a simple google
search that find the first url.



-----Original Message-----
From: Harlan Carvey [mailto:keydet89@xxxxxxxxx]
Sent: Friday, June 16, 2006 10:15 AM
To: McClenon, Braden (mcclenbw@xxxxxxxxxxx); Greg Merideth; George
Njoku
Cc: Focus Microsoft
Subject: RE: Controlling specific USB devices on Windows XP

Thanks for the info, but most folks are already aware that be default,

the AutoRun function is enabled for CDs, but disabled for removeable
storage. A simply query on TechNet supports this:
http://msdn.microsoft.com/library/default.asp?url=/library/en-
us/shellcc/platform/Shell/programmersguide/shell_basics/shell_
basics_extending/autorun/autoplay_reg.asp

Harlan

--- mcclenbw@xxxxxxxxxxx wrote:

Well, I don't have a USB storage dive handy at the moment, but I
grabbed the closest CD I knew had an autorun.inf, the second I open
the drive in Explorer, the open=setup.exe line excutes and I have
setup.exe executing. Does seem to hard to get it to run
without user
knowledge.

-----Original Message-----
From: Harlan Carvey [mailto:keydet89@xxxxxxxxx]
Sent: Thursday, June 15, 2006 4:17 PM
To: Greg Merideth; George Njoku
Cc: Focus Microsoft
Subject: Re: Controlling specific USB devices on
Windows XP


Given the recent social engineering test with
USB devices
left around
a credit-unions lobby I would disagree.

That "test" is suspect, as it doesn't provide
nearly enough
information. By default, Windows does not parse
the "load="
or "run=" lines of an autorun.inf file from
removeable media.
So, the question is, what about the "test" got
the users to
run the Trojan on the USB devices?



------------------------------------------
Harlan Carvey, CISSP
"Windows Forensics and Incident Recovery"
http://www.windows-ir.com
http://windowsir.blogspot.com
------------------------------------------



--------------------------------------------------------------
-------------


--------------------------------------------------------------
-------------





------------------------------------------
Harlan Carvey, CISSP
"Windows Forensics and Incident Recovery"
http://www.windows-ir.com
http://windowsir.blogspot.com
------------------------------------------

--------------------------------------------------------------
-------------
--------------------------------------------------------------
-------------



------------------------------------------------------------------------
---
------------------------------------------------------------------------
---


---------------------------------------------------------------------------
---------------------------------------------------------------------------






---------------------------------------------------------------------------
---------------------------------------------------------------------------

Relevant Pages

  • RE: USB Device Not Recognized - If u can solve this one, you are truly
    ... I have a computer that gives the following error when I plug in some USB ... Windows does not recognize it. ... |- Unused Port ... I've removed all USB devices from device ...
    (microsoft.public.windowsxp.help_and_support)
  • RE: Controlling specific USB devices on Windows XP
    ... Controlling specific USB devices on Windows XP ...
    (Focus-Microsoft)
  • Re: Unable to type password
    ... You might have an older host that doesn't natively support legacy USB devices (keyboard and mouse). ... Although they work when Windows loads, that requires Windows to first load the USB drivers to support those devices. ... If the BIOS doesn't itself natively support legacy USB devices and if there is a problem with the USB drivers in Windows, their enumeration or setup in the registry, or with the USB controller, ports, or devices themselves, you're not going to be able to use those USB devices to login. ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: Stop 0x000000CA
    ... Two USB hard disks of same size partitions crash the system with the blue ... Try it on your Windows XP, ... Two USB hard disks of different partition sizes, ... Are there any corresponding error reports in Event Viewer? ...
    (microsoft.public.windowsxp.help_and_support)
  • Burning DVD problems -- System lock-up
    ... information along with a Nero text file from Nero Info ... Adapter 1 ... Ricoh 1394 Controller May Not Work with Windows XP ... Windows XP Does Not Detect Your New USB Device ...
    (microsoft.public.windowsxp.general)