The Anti-virus Times

Wednesday, April 13, 2022

Removable devices are the trojan horse of the 21st century. Perhaps, every PC user has connected peripherals with USB slots at least once. This could be both a harmless keyboard and mouse and a much more dangerous USB flash drive. In today's issue of the Anti-virus Times, we will talk about how Dr.Web stealthily, but effectively, protects computers from infected removable media.

What should users do if they urgently need to transfer information from one PC to another? Every advanced user will say that today, cloud storages or instant messengers can be used for this purpose. However, a dozen years ago, there was a single answer: flash drives! Today, these devices are no longer so popular, but they are still widely used as an autonomous way to store data. Now external hard drives are really popular. From the point of view of information security, they work in a similar way. The essence remains the same for the end user: yesterday, a USB drive was connected to someone else's computer, and today—to yours.

Users need to be especially careful when it comes to their computers. It bears mentioning that a hacker attack on an enterprise can begin with the banal toss of an infected flash drive, expecting careless employees to pick it up and use it. Such "presents" may contain malicious programs, the launch of which will lead to disastrous consequences on an unprotected computer. Attackers can gain access to a corporate network, compromise it, and stealthily build up an unauthorised presence for a long period of time. Remember that by using a third-party USB drive on your office computer, you put not only yourself at risk but also the entire company.

Of course, we are talking about those companies where cybersecurity rules are not respected: the computers lack anti-virus protection, all the employees have access to work services, and stickers with passwords written on them are taped directly to monitors so they won’t be forgotten.

Ideally, the use of flash drives should be either prohibited or regulated. In any case, even if you use personal devices at home, an anti-virus will serve as reliable protection against infected USB drives.

Dr.Web products incorporate the SpIDer Guard file monitor—in real time, it scans absolutely all the files, including those that get to your computer via USB drives. It is important to make sure that the option "Scan removable media" is enabled in SpIDer Guard. When you connect a USB drive, you can be sure that its contents are carefully scanned in the background, so there is no need to manually check a flash drive every time. Dr.Web does its job silently and will notify a user only when a threat is detected.

At the same time, for both Dr.Web home users and corporate users, the anti-virus’s responses to external devices is the same. Our anti-virus will always run a background scan, without notifying users about this procedure. At the same time, users of many other anti-viruses see a scanning window when the plug in a USB device. Dr.Web will not show any additional window when a flash drive is plugged in, but it will check the USB drive and automatically start scanning when it is connected to a device. A single scan of an external device creates only an illusion of safety, while SpIDer Guard provides constant protection in real time, including through the use of preventive protection mechanisms.

It is also worth mentioning that the "spider" blocks the autorun function by default for removable media. This is especially important because virus writers try to make the infection process so fast and inconspicuous that the user does not have time to do anything. But this is not a problem if Dr.Web is installed. You can be sure that the anti-virus will not miss any file.

In addition to the scanner, Dr.Web incorporate preventive protection tools against exploits and ransomware. The anti-virus also performs behavioural analysis as part of the preventive protection. The component disables the automatic modification of system objects—activity that clearly indicates malicious activities are occurring in a system. Behavioural analysis protects a system from previously unknown malicious programs that can avoid detection by means of traditional signature and heuristic mechanisms.