Slashdot Mirror

← Back to Stories (view on slashdot.org)

Stand-Alone Antivirus Software?

Posted by timothy on from the lonely-job dept.

An anonymous reader writes "I work for a company that repairs specialty devices that have an embedded Mini-ATX motherboard without a CD-ROM drive and run Windows XP Home. And while the USB flash drives we insert into them have a physical write-protect tab, we still encounter a (rather annoying) display dialog from malware/viruses to remove the write-protect so the malware can infect the flash drive. We don't remove the write-protect, obviously, but would like to offer our customers the option of removing the malware/virus without having to install any software. We would rather not install/uninstall antivirus software even for one-time use, due to various licensing issues, nor do we want to connect to the Internet to use web-based online scanners. Is there any stand-alone anti-virus/anti-malware software for Windows that can be run directly from the write-protected flash drive itself?"

6 of 159 comments (clear)

  1. Clamwin by Kissing+Crimson · · Score: 2, Interesting

    I have thumbdrive with Clamwin just for this purpose. I remove the write-protect when I need to update the virus definitions, then flip it back before inserting in a suspect PC. Works great.

    --
    What's that smell? Ah, that's my karma burning...
  2. So let me get this straight... by Marx_Mrvelous · · Score: 2, Interesting

    Instead of protecting the device proactively by using some sort of AV, application whitelist, or other device control, you want to let them keep getting infected, over and over, so your users have to keep using the USB device to remove the malware infections over and over? Brilliant.

    --

    Moderation: Put your hand inside the puppet head!
    1. Re:So let me get this straight... by tinkerghost · · Score: 3, Interesting

      Don't ever underestimate the stupidity of customers.

      Techs doing residential work live on it. Face it, nothing involved in doing a virus removal is rocket science. I had a customer who used to call me every other month to clean up their son's computer. Now the son's at college and it's someone else's goldmine.

  3. Re:One option might be... by Anonymous Coward · · Score: 1, Interesting

    Agree. F-Prot is cross platform. That means you might have success booting a Linux distro on flash with f-prot installed, updating its virus definitions, and then scanning the infected blob, oops, I mean Windows.

    Another option for a standalone scanner is bart-pe. Pay attention to treatment of registry objects, though.

  4. F-Prot by mcrbids · · Score: 2, Interesting

    Why run Antivirus from an O/S that is vulnerable? F-prot has a Linux version that works well on the command line, and detects Windows viruses. Set up a Fedora boot CD/Flash disk and run the latest f-prot on it, and relax in the comfort of knowing that you are virus scanning from a position of relative security.

    --
    I have no problem with your religion until you decide it's reason to deprive others of the truth.
  5. Re:Plenty by SausageOfDoom · · Score: 3, Interesting

    But isn't there a risk with this whole USB-virus-scanner thing that if a computer is infected, you can't be sure that your scanner is being read and executed correctly? If the OS you're scanning is infected, the malware could be monitoring for clamwin.exe etc and running its own version, or intercepting the important IO calls. I know if I was writing a virus and wanted to take control of as many computers as possible, one of the first things I'd do would be to make it look like my virus wasn't there.

    Surely the only way to really scan a computer is by booting into a guaranteed-clean OS? And even then, isn't there a risk that firmware could be compromised? Or am I just being way too paranoid?