LaptoniC Posted October 12, 2009 Share Posted October 12, 2009 Hi,I am trying to find a solution to protect school computers from malware. We have netsupport school and deepfreeze in every students computer to manage students computers remotely and keeping hard disk virus free respectively. Even there is a deepfreeze during the lecture students plug USB drives and worms slow down the system and this affects overall performance of network during the lesson. Even though we disabled autorun and autorun.inf by using famous autorun.inf sys doesnotexist trick, they still manage to run worms from flash drives. Is there a any simple program which disables running executables from any drive letter I choose? I tried netsupport protect but it is too complex and besides I dont want netsupport protect and deepfreeze together. I tried Trust-No-exe but it has some compatibility issues and it is no longer maintained. Any help will be appreciated.Student computer has windows xp sp3 installed and we don't have any server installed. Link to comment Share on other sites More sharing options...
DigeratiPrime Posted October 12, 2009 Share Posted October 12, 2009 Um dont give users administrator rights? Link to comment Share on other sites More sharing options...
flyingonempty Posted October 12, 2009 Share Posted October 12, 2009 seems to easy but I agree no admin. Link to comment Share on other sites More sharing options...
Tripredacus Posted October 12, 2009 Share Posted October 12, 2009 You could also disable autorun, which may save you from some of those USB Key issues. Link to comment Share on other sites More sharing options...
LaptoniC Posted October 13, 2009 Author Share Posted October 13, 2009 We have couple of drives C:\OSD:\ProgramsE:\StorageSo making them guest account will disable running exe from F:\ G:\ and so on? I don't get it. I also disabled autorun as I said but it doesn't help so much. Yes it doesn't autorun but they can still run executables from USB drives. Link to comment Share on other sites More sharing options...
Tripredacus Posted October 13, 2009 Share Posted October 13, 2009 It seems at least, with Deep Freeze, you are on the right track as far as administration goes. If the problem is that your students are using USB Keys, are these allowed or used for the actual class? I mean are they required for the curriculum? If not then this wouldn't necessarily have to have an IT solution. Link to comment Share on other sites More sharing options...
jaclaz Posted October 13, 2009 Share Posted October 13, 2009 Maybe out of the scope, but have you had a look at ninja pen disk:http://nunobrito.eu/ninja/http://www.boot-land.net/forums/index.php?showtopic=4350Are you looking for Freeware only or Commercial would be acceptable? I think there are solutions in the "Commercial" world.jaclaz Link to comment Share on other sites More sharing options...
iamtheky Posted October 13, 2009 Share Posted October 13, 2009 http://www.msfn.org/board/custom-gpo-adm-file-t126922.htmlThe setup worked well for disabling the ability to use usb storage devices, while still allowing other usb devices proper functionality. Link to comment Share on other sites More sharing options...
PC_LOAD_LETTER Posted October 13, 2009 Share Posted October 13, 2009 I run our labs using DF and i just freeze the whole disc. if thats not an option, your infections may not be coming in over USB drives they could be getting infected via the browser. in which case you have 2 options:1. harden/replace the browser, 2. limit the network. we use a product called untangle which filters out the traffic and lets us see where they are going and block if needed. all you need is a decent spec PC with 2 nics, place it in between your labs network switch or access point and their net connection Link to comment Share on other sites More sharing options...
LaptoniC Posted October 14, 2009 Author Share Posted October 14, 2009 @jaclazIf it is affordable we can also go for commercial solution. I hope there are trials of that softwares to try it first.@iamthekyI do not want to disable the USB. Students need to copy some work from or to the computers. I just want to disable execute from USB drive. Trust-No-Exe works very well but it is not developed anymore and I am afraid that we may end up with problems. For example it gives BSOD with windows 7.@PC_LOAD_LETTERWhen we restart the computers, there are no problems. Our problems when they try to run some programs from flash drive. Let's say you are lecturing and one sneaky student opened a worm from his flash drive. Sometimes it blocks the network or degrades the performance of controlling software.Thanks again for all the help. Link to comment Share on other sites More sharing options...
jaclaz Posted October 14, 2009 Share Posted October 14, 2009 @jaclazIf it is affordable we can also go for commercial solution. I hope there are trials of that softwares to try it first.Mind you, completely UNLIKE tested :COMMERCIAL:http://www.ranum.com/security/computer_sec...irus/index.htmlhttp://www.horizondatasys.com/169602.ihtmlhttp://www.horizondatasys.com/169604.ihtmlhttp://www.nextlabs.com/html/?q=applicatio...-device-controlhttp://www.myusbonly.com/usb-security-devi...ntrol/index.phphttp://www.systemusbmonitor.com/Freeware: (only a solution for autorun.inf):http://blog.didierstevens.com/http://blog.didierstevens.com/programs/ariad/A triggering device for USB:http://blog.didierstevens.com/2006/10/16/usbvirusscan/http://www.net-studio.org/application/usb_firewall.phpjaclaz Link to comment Share on other sites More sharing options...
LaptoniC Posted October 14, 2009 Author Share Posted October 14, 2009 Thanks for the huge list. I knew couple of them but some of them are interesting maybe I can change source code of of ariad to do something. Link to comment Share on other sites More sharing options...
PC_LOAD_LETTER Posted October 15, 2009 Share Posted October 15, 2009 have you looked into something like Faronics Antitexecutable ive never used it (our Mcafee Ent so far has filtered out 99% of this type of stuff) but i really like faronics as a company so id say give it a look. there is also process guard and sudown to look at. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now