Posts Tagged ‘malware protection’

Using Folder Guard to protect from the “social engineering” attacks

Friday, July 29th, 2011

The U.S. Department of Homeland Security ran a test recently to see how easy it could be to trick people into plugging random USB sticks into their computers and potentially infect them with malware. The test showed that the human factor is possibly the weakest link in the computer security: your network may have the best firewall, you can have the strongest policies prohibiting the users from downloading random files from the Internet, yet all that is useless when people have little hesitation in using the USB sticks they find on the company parking lot.

Password-protect and hide personal files and folders with Folder Guard for Windows 8,7,Vista, and XP.
User rating: 4.7/5

Or download a free trial. Read more…

Microsoft has attempted to address such a problem somewhat by disabling the AutoRun feature for the USB sticks in Windows 7. Still, it leaves a rouge program on the USB stick just a few clicks away from running. Wouldn’t it be nice to be able to stop running programs form the USB sticks completely?

It’s possible to achieve that with our software Folder Guard, by creating a file access filter that would restrict the use of the executable files off the the removable drives. Let us show how to do that in detail:

Run Folder Guard, and switch to the window that shows the existing filters, by choosing View – Filters from the menu. If you use Folder Guard version 8.3 or later, you should see a filter that we need already in the list, it’s called Lock external drives:

If you don’t see this filter in the list, it’s easy to create it: choose Filter – New from the menu, and then enter the properties of the filters as follows:

The most important part of this filter is the content of the Except for folders box: it contains the mask C:* . Why it is there? Because we don’t want the restrictions that this filter will create to apply to the files located on the main drive of your computer (which is most probably the drive C:). We only want the restrictions to apply to other drives, which would have drive letters other than C:. The star character (*) in the mask means any set of characters, so the mask C:* would match any folder located on the C: drive. As a result, the filter would not apply to any file or folder on the C: drive, just what we want.

Now, if there are other drives permanently attached to the computer and you want the users to be able to use such drives without restrictions, you should add the appropriate masks to the Except for folders box, too. (You can separate masks with comas, semicolons, or line breaks). For example, if your computer has a DVD drive that has the drive letter D: and you want the users to use the DVD drive without restrictions, modify the content of the Except for folders box to read as follows: (Press the [...] button to modify the content of the box.)

C:*;D:*

The rest of the filter properties can be left empty. An empty Apply to box means Apply to all and an empty Except for box means Except for none. We have entered a star character in the Apply to files box, to emphasize that it should apply to all files, but we could have left the box empty, it would produce the same result as the star character.

Now that we have created the filter that we need, it’s time to apply a restricting attribute to it. If you want to completely lock access to the removable drives, assign the No access attribute to the filter:

The result of the No access attribute would be that the users would be prevented from both opening the files from the external devices, and saving the files to them. This way, if someone attaches a USB stick to the computer protected with such a filter, he or she would not be able to use the stick at all.

What if at some point you do need to access a removable drive? Just disable the protection of Folder Guard, perform the task, then re-enable the protection back (no Windows restart required).

More information