BitDefender USB Immunizer, Your Ally Against “Autorun” Infections

Taking advantage of the rise of portable devices, an ever-growing number of viruses designed to affect them are being found. By default, whenever you plug in a storage device in your computer, Windows automatically enables a auto-play function, which runs the a file called “autorun.ini”. Such malware uses “autorun.ini” as a vector of transmission and, through that auto-play, infect your computer.

Most paid antivirus suites scan USB devices for viruses as they are plugged into the computer, which does not happen with most free ones. If your antivirus does not provide such feature, USB Immunizer, developed by BitDefender Labs, might be the perfect solution to improve your security, as it automatically disables the auto-play function and injects a vaccine into your device, leaving it perfectly immunized against such infections.

Background

We are changing the way we store our data, developing devices focusing on portability and storage capability. In fact, nowadays new computers are being sold with less storage (as well as new hard drive technologies); the reason behind this is that USB sticks and external hard drives are getting more and more accessible, coupling large storage and small prices. And, last but not least, “cloud computing” obviously plays a key role in the future of storage.

BitDefender Labs is a division of BitDefender in which several free applications are developed. USB Immunizer is one of those applications, and consists of a small 3.9 MB executable file. No installation is required, which is enough to qualify it as a portable application. Just store the downloaded executable in any desired folder and open it from there. Since it triggers Windows User Account Control, it cannot be set to startup with windows. I explained how to work around this issue in a previous article.

USB Immunizer’s “About” prompt.

Features

Autorun in Windows has represented a security breach since its beginning. One of the most well-known infections was the Conficker worm, which infected millions of computers in more than 200 countries back in 2008. USB Immunizer is a tiny app that just sits on your system tray and you forget about. Its action can be divided into two parts: stopping autoruns and immunizing the devices, which helps prevent infections such as Conficker.

The first part is triggered whenever a USB storing device is plugged into your computer. The program will prevent the system from running the autorun.inf file contained within the device, what means that you will not be presented with the classic Windows’ autorun menu. Instead, you will have to navigate to the device’s folder by hand. I recognize that this may be a little bit annoying, but this helps the system’s safety and you can always set shortcuts for the device.

This mechanism represents the first shield against infections provided by USB Immunizer: by not accessing autorun.inf, the system will not be infected. It is always recommended that you run an antivirus software on a newly plugged USB storage device, but it is nice to know that USB Immunizer is there serving as the first security line.

Then, along comes the second part of action: immunization. From this point on you just need to open USB Immunizer from your system tray and start the immunization process. After that simply click the red icon as prompted, and the immunization process is complete (frames #2 and #3 from the following animated .gif).

Immunization process (non-automatic).

Now, what exactly is this immunization I’ve been talking about? Basically, USB storage devices can have (or not) autorun files (autorun.inf), which are usually hidden. They can contain harmless informations such as the device’s name or icon, but some viruses, trojans and other malware are deployed using autorun.inf as vector.

USB Imunnizer’s immunization process securely replaces the autorun.inf file by a clean one (also hidden) which, due to some technical tricks (I’m quoting what a member of BitDefender team told me), Windows cannot mess with – it cannot be deleted or overwritten, unless the drive is formatted or the drive is accessed outside Windows.

As it turns out, there can only be a single autorun.inf inside a drive, which means that there really is no way that Windows creates another autorun.inf file.

Prompt signalling immunization completion.

Once the drive is immunized (and considering you set the system to visualize hidden files and folders), you’ll notice that autorun.inf, which usually is a single file, is now a folder containing -several files, as seen in the following screenshot:

“autorun.inf” created by USB Immunizer.

Instead of having to do this every time you plug a USB device, USB Immunizer offers the option (which comes disabled by default) to automatically immunize all the USB drives, which means that all non-immunized devices will be automatically immunized – you don’t need to do anything else in order to immunize them. Despite of being available in many different languages, you will not find any option to change the language inside USB Immunizer: instead, it automatically reads your Region and Language settings and auto-configures accordingly.

Final Thoughts

Any Windows system not having an antivirus suite with automatic USB drive scanning is vulnerable to autorun-related infections. Since USB storage devices are often used in lots of different machines, they are an excellent vector to propagate infections.

BitDefender’s USB Immunizer is an excellent tool to have in those systems, since it provides free and easy protection: autorun is blocked and, if desired, autorun.inf is replaced by a new and clean one which is protected against deletion or overwriting. BitDefender Labs should really be congratulated for this amazing and useful app.


Summary

A tiny app designed to protect Windows systems against autorun-related infections transmitted by USB storage devices.

9
theatre-aglow
theatre-aglow
theatre-aglow
theatre-aglow