Laptop on Space Station without Internet Access Gets Malware Infestation
by Eirik Iverson, Product Management
How far from the planet does a laptop have to get to be safe from malware attacks? NASA believes that one of their laptops currently in orbit became infected when one of the astronauts plugged a personal USB thumb drive into it.
The AntiVirus vendor, ESET Inc., recently reported that roughly 10% of detected malware originates from USB thumb drives.
Just as all automobiles have windows and radios, soon, all malware will feature mechanisms to deposit stealthy malware attack code on any USB drive inserted into a PC. This attack can infest other endpoints without the end-user doing anything but inserting the infected USB thumb drive.
Not only do NASA’s orbiting laptops not have AntiVirus software installed but they also do not have any device control software either. BTW, device control software is a subset of data leak prevention (DLP), which addresses leaks that occur from devices (e.g., USB thumb drive) as well as other means (e.g., email, instant messengers, etc.).
Desktop administrators can employ group policy or registry settings to disable auto-run. This approach helps prevent malware infestations from USB thumb drives but it is far from bulletproof. There’s a clever but non-traditional registry setting that is more effective but it prevents auto-run for legitimate CDs and DVDs as well. No registry setting prevents end-users from foolishly double-clicking on an executable from removable media. My suggestion to you: never assume end-users won’t double click on them. BTW, this paragraph represents an example of security configuration management.
Ultimately, enterprise level protection from removable media risks is best achieved with client security software that delivers device control. There are many solutions out there. If you have end-users that run their laptops with admin rights, consider this another required feature in making your selection. Until then, if you’d like more information about registry settings, let me know.
