I only see that drivers are needed for Win 9x/ME, as far as the Autorun feature goes. Yes, there's other functions that may require additional drivers.
> -----Original Message----- > From: Miha Pihler [mailto:[EMAIL PROTECTED] > Sent: Monday, June 19, 2006 5:39 PM > To: McClenon, Braden ([EMAIL PROTECTED]); Focus Microsoft > Subject: RE: Controlling specific USB devices on Windows XP > > Hi, > > I took a quick look at UDRW (your first link). It looks like > this needs to install its own drivers which would require > user to be local administrator on the computer. I don't > believe you can secure the computer as long as users are > local administrators -- well maybe we can still use epoxy > glue to fill out USB ports ;-) ... anything else local admins > will be able to bypass... > > Miha > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Sent: Friday, June 16, 2006 8:44 PM > To: Focus Microsoft > Subject: RE: Controlling specific USB devices on Windows XP > > Unless the USB device emulates a cd-rom: > > http://www.udrw.com/en/tech/index.php > > Another poster sent me this. It's someone try to perform the "hack" > himself. See the second entry: > > http://hackaday.com/ > > > I may not be well versed in this topic, but my logical > assumption that if there was a way for windows to tell the > the difference between a USB cd-rom and a USB removable > storage device, there had to be a way to fool windows in to > thinking a USB removable storage device was a cd-rom. So > wondering if it had been found yet, lead me to try a simple > google search that find the first url. > > > > > -----Original Message----- > > From: Harlan Carvey [mailto:[EMAIL PROTECTED] > > Sent: Friday, June 16, 2006 10:15 AM > > To: McClenon, Braden ([EMAIL PROTECTED]); Greg Merideth; George > > Njoku > > Cc: Focus Microsoft > > Subject: RE: Controlling specific USB devices on Windows XP > > > > Thanks for the info, but most folks are already aware that > be default, > > > the AutoRun function is enabled for CDs, but disabled for > removeable > > storage. A simply query on TechNet supports this: > > http://msdn.microsoft.com/library/default.asp?url=/library/en- > > us/shellcc/platform/Shell/programmersguide/shell_basics/shell_ > > basics_extending/autorun/autoplay_reg.asp > > > > Harlan > > > > --- [EMAIL PROTECTED] wrote: > > > > > Well, I don't have a USB storage dive handy at the moment, but I > > > grabbed the closest CD I knew had an autorun.inf, the > second I open > > > the drive in Explorer, the open=setup.exe line excutes and I have > > > setup.exe executing. Does seem to hard to get it to run > > without user > > > knowledge. > > > > > > > -----Original Message----- > > > > From: Harlan Carvey [mailto:[EMAIL PROTECTED] > > > > Sent: Thursday, June 15, 2006 4:17 PM > > > > To: Greg Merideth; George Njoku > > > > Cc: Focus Microsoft > > > > Subject: Re: Controlling specific USB devices on > > > Windows XP > > > > > > > > > > > > > Given the recent social engineering test with > > > USB devices > > > > left around > > > > > a credit-unions lobby I would disagree. > > > > > > > > That "test" is suspect, as it doesn't provide > > > nearly enough > > > > information. By default, Windows does not parse > > > the "load=" > > > > or "run=" lines of an autorun.inf file from > > > removeable media. > > > > So, the question is, what about the "test" got > > > the users to > > > > run the Trojan on the USB devices? > > > > > > > > > > > > > > > > ------------------------------------------ > > > > Harlan Carvey, CISSP > > > > "Windows Forensics and Incident Recovery" > > > > http://www.windows-ir.com > > > > http://windowsir.blogspot.com > > > > ------------------------------------------ > > > > > > > > > > > > > -------------------------------------------------------------- > > > > ------------- > > > > > > > > > -------------------------------------------------------------- > > > > ------------- > > > > > > > > > > > > > > > > > ------------------------------------------ > > Harlan Carvey, CISSP > > "Windows Forensics and Incident Recovery" > > http://www.windows-ir.com > > http://windowsir.blogspot.com > > ------------------------------------------ > > > > -------------------------------------------------------------- > > ------------- > > -------------------------------------------------------------- > > ------------- > > > > > > -------------------------------------------------------------- > ---------- > --- > -------------------------------------------------------------- > ---------- > --- > > > -------------------------------------------------------------- > ------------- > -------------------------------------------------------------- > ------------- > > --------------------------------------------------------------------------- ---------------------------------------------------------------------------
