Slashdot Mirror

← Back to Stories (view on slashdot.org)

Stand-Alone Antivirus Software?

Posted by timothy on from the lonely-job dept.

An anonymous reader writes "I work for a company that repairs specialty devices that have an embedded Mini-ATX motherboard without a CD-ROM drive and run Windows XP Home. And while the USB flash drives we insert into them have a physical write-protect tab, we still encounter a (rather annoying) display dialog from malware/viruses to remove the write-protect so the malware can infect the flash drive. We don't remove the write-protect, obviously, but would like to offer our customers the option of removing the malware/virus without having to install any software. We would rather not install/uninstall antivirus software even for one-time use, due to various licensing issues, nor do we want to connect to the Internet to use web-based online scanners. Is there any stand-alone anti-virus/anti-malware software for Windows that can be run directly from the write-protected flash drive itself?"

18 of 159 comments (clear)

  1. Plenty by Anonymous Coward · · Score: 5, Informative

    ClamWin, Dr. Web CureIt: etc http://thepcsecurity.com/ultimate-list-of-portable-antiviruses-for-your-usb/

    1. Re:Plenty by The+MAZZTer · · Score: 4, Informative

      ClamWin Portable from http://portableapps.com/

    2. Re:Plenty by RDW · · Score: 2, Informative

      'Surely the only way to really scan a computer is by booting into a guaranteed-clean OS?'

      Yes, and there are a bunch of different, generally Linux-based, bootable CDs that do exactly this. Several of the major antivirus companies make these available, and I tried about half a dozen last year. Not all of them worked well (out of date, or ran slowly, or found too many false positives and deleted them without asking!), but I was happy with the Avira Rescue System:

      http://www.free-av.com/en/tools/12/avira_antivir_rescue_system.html

      One nice thing about this one is that they update the image 'several times a day' so you don't have to rely on the target system being networked to do an up to date scan (though a net update option is available if you can use it). Hardware support could be more complete (I had to revert to a VGA connection on one system) but otherwise no problems. I haven't tried running this from a flash drive, but there's a guide here:

      http://forum.avira.com/wbb/index.php?page=Thread&threadID=94935

  2. UBCD by 0racle · · Score: 5, Informative

    http://www.ubcd4win.com/

    There are several AV products that can be slipstreamed into it, and there are instructions on installing the Ultimate Boot CD onto a thumbdrive, which is handy for keeping AV signatures up to date.

    --
    "I use a Mac because I'm just better than you are."
  3. One option might be... by coerciblegerm · · Score: 2, Informative

    You could try something like F-Prot or Panda Commandline scanner, and just update the definition files on your USB drive manually from time to time.

  4. Re:ClamWin by Anonymous Coward · · Score: 3, Informative

    Yes it does, but you have to turn on the removal feature first (defaults to report-only). SuperAntiSpyware and MalwareBytes also have portable versions (I think MalwareBytes' portable version may be an unsupported mod, though.)

  5. Bitdefender is a darn good product by jeffmeden · · Score: 2, Informative

    How about using the BitDefender rescue disk, (available in ISO format, but portable to a USB key) and asking the customer to reboot the PC and allow it to boot entirely from the USB key?

    Licensing may be a grey area on that one though, depending on how widely you are distributing it.

    One problem with using a windows application is that it may be up against a virus that is entrenched and will simply stop the cleaning from taking place. If this is the case, you need something that will activate on boot, or better yet boot on it's own (like the Bitdefender.)

    There is probably a more elegant solution though, since this is a highly controlled environment. Maybe more restrictive user level controls are in order, forcing the users to log in with minimal privileges?

  6. Re:So let me get this straight... by Anonymous Coward · · Score: 2, Informative

    There's a difference between Service Provider and Solution Provider

  7. AVG and SuperAntiSpyware by at_slashdot · · Score: 2, Informative

    AVG has a "rescue CD" http://free.avg.com/ww-en/kb.pnuid-1267095510 it can be written on a USB flashdrive. Also SuperAntiSpyware has a protable scanner: http://www.superantispyware.com/portablescanner.html

    --
    "It is our choices, Harry, that show what we truly are, far more than our abilities." -- Prof. Dumbledore
  8. SUPERAntiSpyware Portable by DodgeRules · · Score: 3, Informative

    http://www.superantispyware.com/portablescanner.html I have had good luck with this. Hope you do too.

  9. Re:Use Windows Embdded, not XP Home by crakbone · · Score: 2, Informative

    google steadystate from microsoft

  10. Re:Use Windows Embdded, not XP Home by Ramze · · Score: 3, Informative

    I've found the "Shared Computer Toolkit for Windows XP" can be very helpful at locking down exactly what can be changed on an XP build... including allowing changes, but wiping them after a reboot.
    http://www.microsoft.com/presspass/newsroom/winxp/SharedToolkitFS.mspx
    It's now called "Windows SteadyState 2.5"
    http://www.microsoft.com/downloads/details.aspx?familyid=d077a52d-93e9-4b02-bd95-9d770ccdb431&displaylang=en

  11. Yes! The old school SCAN.EXE and CLEAN.EXE by Saint+Stephen · · Score: 5, Informative

    Back in the BBS days, from MacAffee, you could download SCAN.EXE and CLEAN.EXE and run them on DOS.

    And - you still can!

    Go to their website and find the command line scanner for win32. It claims to be a trial version, but with no install routine and being a command line program, that doesn't mean much. It uses the same .DAT files that you download for any other VirusScan program.

    I get a huge chuckle when I run it, because it's exactly the same way it was in 1988 and that's the way it oughta be. all this other crap is fer lamos :-)

  12. Re:Use Windows Embdded, not XP Home by saverio911 · · Score: 2, Informative

    I use EWF (which stands for Enhanced Write Filters) on my XP machine in my car. It works very well up to the point where the tempory space when the cached disk writes overrun the memory buffer. It has only happened once when I forgot to turn off EWF to install something. The directions I used are located on MP3Car.com. (http://www.mp3car.com/vbulletin/winnt-based/38484-new-ewf-minlogon-cf-instructions.html)

  13. Re:clamav by csrjjsmp · · Score: 4, Informative

    Other programs will catch 98-99%. Clamwin is lucky to catch 30.

  14. and spyware detected/removed this way by Ilgaz · · Score: 2, Informative

    It isn't very widely known but, clamav doesn't detect "spyware" by default. If you pass '--detect-pua' (potentially unwanted apps) to its arguments, it will detect them too.

    Of course, in this situation, if he "fixes" the computer via removing spyware and idiot customer jumps up and down saying "his mp3 downloader is broken", it will cause some issues. That is why most antiviruses stay away from detecting spyware by default.

  15. Re:ClamWin by aiht · · Score: 2, Informative

    Plus, if your flash drive is write-protected, then how can you update to the latest definitions?

    Turn off the write-protect?
    You only need it on when you connect it to a possibly-infected customer computer.

  16. Stinger by jdimpson · · Score: 2, Informative

    McAfee Stinger

    http://vil.nai.com/vil/stinger/