Slashdot Mirror

← Back to Stories (view on slashdot.org)

Stand-Alone Antivirus Software?

Posted by timothy on from the lonely-job dept.

An anonymous reader writes "I work for a company that repairs specialty devices that have an embedded Mini-ATX motherboard without a CD-ROM drive and run Windows XP Home. And while the USB flash drives we insert into them have a physical write-protect tab, we still encounter a (rather annoying) display dialog from malware/viruses to remove the write-protect so the malware can infect the flash drive. We don't remove the write-protect, obviously, but would like to offer our customers the option of removing the malware/virus without having to install any software. We would rather not install/uninstall antivirus software even for one-time use, due to various licensing issues, nor do we want to connect to the Internet to use web-based online scanners. Is there any stand-alone anti-virus/anti-malware software for Windows that can be run directly from the write-protected flash drive itself?"

13 of 159 comments (clear)

  1. Plenty by Anonymous Coward · · Score: 5, Informative

    ClamWin, Dr. Web CureIt: etc http://thepcsecurity.com/ultimate-list-of-portable-antiviruses-for-your-usb/

    1. Re:Plenty by The+MAZZTer · · Score: 4, Informative

      ClamWin Portable from http://portableapps.com/

    2. Re:Plenty by SausageOfDoom · · Score: 3, Interesting

      But isn't there a risk with this whole USB-virus-scanner thing that if a computer is infected, you can't be sure that your scanner is being read and executed correctly? If the OS you're scanning is infected, the malware could be monitoring for clamwin.exe etc and running its own version, or intercepting the important IO calls. I know if I was writing a virus and wanted to take control of as many computers as possible, one of the first things I'd do would be to make it look like my virus wasn't there.

      Surely the only way to really scan a computer is by booting into a guaranteed-clean OS? And even then, isn't there a risk that firmware could be compromised? Or am I just being way too paranoid?

  2. ClamWin by vbraga · · Score: 4, Insightful

    A portable version of ClamWin may do the trick.

    http://www.clamwin.com/content/view/118/89/

    --
    English is not my first language. Corrections and suggestions are welcome.
    1. Re:ClamWin by Anonymous Coward · · Score: 3, Informative

      Yes it does, but you have to turn on the removal feature first (defaults to report-only). SuperAntiSpyware and MalwareBytes also have portable versions (I think MalwareBytes' portable version may be an unsupported mod, though.)

  3. UBCD by 0racle · · Score: 5, Informative

    http://www.ubcd4win.com/

    There are several AV products that can be slipstreamed into it, and there are instructions on installing the Ultimate Boot CD onto a thumbdrive, which is handy for keeping AV signatures up to date.

    --
    "I use a Mac because I'm just better than you are."
  4. Use Windows Embdded, not XP Home by MobyDisk · · Score: 5, Insightful

    I work in a similar environment, and although I can't recommend a virus program, I can suggest ways to prevent it. It sounds like the company is creating an embedded device, but is not using an embedded operating system. Microsoft Windows embedded forbids writes to the C: drive when you enable EWF or FBWF. EWF gives you a memory overlay so software *can* write to C:, but if you get infected, you just reboot the machine. Alternatively, a good Micro-ATX BIOS will support making the drives read-only.

    1. Re:Use Windows Embdded, not XP Home by Ramze · · Score: 3, Informative

      I've found the "Shared Computer Toolkit for Windows XP" can be very helpful at locking down exactly what can be changed on an XP build... including allowing changes, but wiping them after a reboot.
      http://www.microsoft.com/presspass/newsroom/winxp/SharedToolkitFS.mspx
      It's now called "Windows SteadyState 2.5"
      http://www.microsoft.com/downloads/details.aspx?familyid=d077a52d-93e9-4b02-bd95-9d770ccdb431&displaylang=en

  5. SUPERAntiSpyware Portable by DodgeRules · · Score: 3, Informative

    http://www.superantispyware.com/portablescanner.html I have had good luck with this. Hope you do too.

  6. Yes! The old school SCAN.EXE and CLEAN.EXE by Saint+Stephen · · Score: 5, Informative

    Back in the BBS days, from MacAffee, you could download SCAN.EXE and CLEAN.EXE and run them on DOS.

    And - you still can!

    Go to their website and find the command line scanner for win32. It claims to be a trial version, but with no install routine and being a command line program, that doesn't mean much. It uses the same .DAT files that you download for any other VirusScan program.

    I get a huge chuckle when I run it, because it's exactly the same way it was in 1988 and that's the way it oughta be. all this other crap is fer lamos :-)

  7. Re:So let me get this straight... by tinkerghost · · Score: 3, Interesting

    Don't ever underestimate the stupidity of customers.

    Techs doing residential work live on it. Face it, nothing involved in doing a virus removal is rocket science. I had a customer who used to call me every other month to clean up their son's computer. Now the son's at college and it's someone else's goldmine.

  8. Re:clamav by csrjjsmp · · Score: 4, Informative

    Other programs will catch 98-99%. Clamwin is lucky to catch 30.

  9. Re:You need a bigger gun. by b4dc0d3r · · Score: 3, Insightful

    It's a good suggestion, but these are likely random users bringing in an out of warranty computer. They ideally should be keeping their own clean images, but they didn't, and they don't want to lose their stuff. Scan and clean is the way to go here, not reimage.