14 DAY TRIAL // Romanian antivirus vendor BitDefender has released a free tool designed to protect computers and removable storage devices from AutoRun malware.
Dubbed BitDefender USB Immunizer the application doesn't require any installation. It comes as a single executable which provides a simple user interface.
There are basically two options. One is to immunize the computer, the equivalent of disabling the malware-abused AutoRun Windows feature.
The control to do this is a bit confusing because the user is asked if they want to immunize the computer and are presented with an ON/OFF switch.
Most people would presume that ON is for "yes, immunize my computer" and OFF is for no, but apparently it's the other way around because the switch refers to the state of AutorRun.
Leaving the interface quirks aside, the computer immunization is achieved by modifying a special registry key to disable AutoRun for all devices except optical ones (CD/DVD-ROMs).
The second option offered by the program is to immunize removable storage devices plugged into the computer. There is a drop-down list which allows users to select the device and press an immunize button.
This creates a folder called autorun.inf with read only, hidden and system attributes on the device. It contains a sub-folder and two empty files. The reasoning behind this procedure is to prevent AutoRun malware from creating the rogue autorun.inf files which it requires for propagation.
The bad news is that bypassing this protection mechanism is as simple as removing the autorun.inf folder created by the tool. Fortunately, BitDefender researchers haven't yet identified any malware that attempts to recursively delete this folder from USB storage devices.
We were told the tool will be improved in the future, but for now it lacks features found in alternatives provided by other antivirus vendors. For example, Panda Security's USB Vaccine can be set to "vaccinate" removable storage devices automatically, can auto-start on Windows reboot and has a resident mode, which means it can run hidden in the background.
Its approach to immunization is also much more solid, because it involves creating a corrupted autorun.inf file that cannot be modified or removed without formatting the device.
BitDefender USB Immunizer can be downloaded from here.
