RE: Controlling specific USB devices on Windows XP

I only see that drivers are needed for Win 9x/ME, as far as the Autorun
feature goes. Yes, there's other functions that may require additional
drivers.

-----Original Message-----
From: Miha Pihler [mailto:Miha.Pihler@xxxxxx]
Sent: Monday, June 19, 2006 5:39 PM
To: McClenon, Braden (mcclenbw@xxxxxxxxxxx); Focus Microsoft
Subject: RE: Controlling specific USB devices on Windows XP

Hi,

I took a quick look at UDRW (your first link). It looks like
this needs to install its own drivers which would require
user to be local administrator on the computer. I don't
believe you can secure the computer as long as users are
local administrators -- well maybe we can still use epoxy
glue to fill out USB ports ;-) ... anything else local admins
will be able to bypass...

Miha

-----Original Message-----
From: mcclenbw@xxxxxxxxxxx [mailto:mcclenbw@xxxxxxxxxxx]
Sent: Friday, June 16, 2006 8:44 PM
To: Focus Microsoft
Subject: RE: Controlling specific USB devices on Windows XP

Unless the USB device emulates a cd-rom:

http://www.udrw.com/en/tech/index.php

Another poster sent me this. It's someone try to perform the "hack"
himself. See the second entry:

http://hackaday.com/


I may not be well versed in this topic, but my logical
assumption that if there was a way for windows to tell the
the difference between a USB cd-rom and a USB removable
storage device, there had to be a way to fool windows in to
thinking a USB removable storage device was a cd-rom. So
wondering if it had been found yet, lead me to try a simple
google search that find the first url.



-----Original Message-----
From: Harlan Carvey [mailto:keydet89@xxxxxxxxx]
Sent: Friday, June 16, 2006 10:15 AM
To: McClenon, Braden (mcclenbw@xxxxxxxxxxx); Greg Merideth; George
Njoku
Cc: Focus Microsoft
Subject: RE: Controlling specific USB devices on Windows XP

Thanks for the info, but most folks are already aware that
be default,

the AutoRun function is enabled for CDs, but disabled for
removeable
storage. A simply query on TechNet supports this:
http://msdn.microsoft.com/library/default.asp?url=/library/en-
us/shellcc/platform/Shell/programmersguide/shell_basics/shell_
basics_extending/autorun/autoplay_reg.asp

Harlan

--- mcclenbw@xxxxxxxxxxx wrote:

Well, I don't have a USB storage dive handy at the moment, but I
grabbed the closest CD I knew had an autorun.inf, the
second I open
the drive in Explorer, the open=setup.exe line excutes and I have
setup.exe executing. Does seem to hard to get it to run
without user
knowledge.

-----Original Message-----
From: Harlan Carvey [mailto:keydet89@xxxxxxxxx]
Sent: Thursday, June 15, 2006 4:17 PM
To: Greg Merideth; George Njoku
Cc: Focus Microsoft
Subject: Re: Controlling specific USB devices on
Windows XP


Given the recent social engineering test with
USB devices
left around
a credit-unions lobby I would disagree.

That "test" is suspect, as it doesn't provide
nearly enough
information. By default, Windows does not parse
the "load="
or "run=" lines of an autorun.inf file from
removeable media.
So, the question is, what about the "test" got
the users to
run the Trojan on the USB devices?



------------------------------------------
Harlan Carvey, CISSP
"Windows Forensics and Incident Recovery"
http://www.windows-ir.com
http://windowsir.blogspot.com
------------------------------------------



--------------------------------------------------------------
-------------


--------------------------------------------------------------
-------------





------------------------------------------
Harlan Carvey, CISSP
"Windows Forensics and Incident Recovery"
http://www.windows-ir.com
http://windowsir.blogspot.com
------------------------------------------

--------------------------------------------------------------
-------------
--------------------------------------------------------------
-------------



--------------------------------------------------------------
----------
---
--------------------------------------------------------------
----------
---


--------------------------------------------------------------
-------------
--------------------------------------------------------------
-------------



---------------------------------------------------------------------------
---------------------------------------------------------------------------

Relevant Pages

  • RE: Controlling specific USB devices on Windows XP
    ... Controlling specific USB devices on Windows XP ... specific USB storage devices are allowed on a system? ...
    (Focus-Microsoft)
  • Re: computer doesnt detect USB items
    ... assume you can see them but windows reports they are working correctly. ... Although XP does have support for USB 1 & 2 you sometimes need drivers ... >> What is the status of the USB devices in device manager and does it need ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: WinTV PVR 2 not recognised
    ... As with most USB devices, the drivers must be in Windows before connecting ... > Windows does not recognise it. ...
    (microsoft.public.windowsxp.hardware)
  • RE: Controlling specific USB devices on Windows XP
    ... Controlling specific USB devices on Windows XP ... only specific USB storage devices are allowed on a system? ...
    (Focus-Microsoft)
  • Re: USB devices slow boot time of Windows XP Professional
    ... I found that the pc would take excessive time between the text boot ... of windows xp and the gui during the inialization of the usb devices only ... Then when in windows the mouse wouldnt ... the standard hid compliant drivers. ...
    (microsoft.public.windowsxp.hardware)
Loading