Stand-Alone Antivirus Software? 159
An anonymous reader writes "I work for a company that repairs specialty devices that have an embedded Mini-ATX motherboard without a CD-ROM drive and run Windows XP Home. And while the USB flash drives we insert into them have a physical write-protect tab, we still encounter a (rather annoying) display dialog from malware/viruses to remove the write-protect so the malware can infect the flash drive. We don't remove the write-protect, obviously, but would like to offer our customers the option of removing the malware/virus without having to install any software. We would rather not install/uninstall antivirus software even for one-time use, due to various licensing issues, nor do we want to connect to the Internet to use web-based online scanners. Is there any stand-alone anti-virus/anti-malware software for Windows that can be run directly from the write-protected flash drive itself?"
Plenty (Score:5, Informative)
UBCD (Score:5, Informative)
There are several AV products that can be slipstreamed into it, and there are instructions on installing the Ultimate Boot CD onto a thumbdrive, which is handy for keeping AV signatures up to date.
One option might be... (Score:2, Informative)
Re:ClamWin (Score:3, Informative)
Yes it does, but you have to turn on the removal feature first (defaults to report-only). SuperAntiSpyware and MalwareBytes also have portable versions (I think MalwareBytes' portable version may be an unsupported mod, though.)
Bitdefender is a darn good product (Score:3, Informative)
How about using the BitDefender rescue disk, (available in ISO format, but portable to a USB key) and asking the customer to reboot the PC and allow it to boot entirely from the USB key?
Licensing may be a grey area on that one though, depending on how widely you are distributing it.
One problem with using a windows application is that it may be up against a virus that is entrenched and will simply stop the cleaning from taking place. If this is the case, you need something that will activate on boot, or better yet boot on it's own (like the Bitdefender.)
There is probably a more elegant solution though, since this is a highly controlled environment. Maybe more restrictive user level controls are in order, forcing the users to log in with minimal privileges?
Re:So let me get this straight... (Score:2, Informative)
There's a difference between Service Provider and Solution Provider
AVG and SuperAntiSpyware (Score:3, Informative)
AVG has a "rescue CD" http://free.avg.com/ww-en/kb.pnuid-1267095510 [avg.com] it can be written on a USB flashdrive. Also SuperAntiSpyware has a protable scanner: http://www.superantispyware.com/portablescanner.html [superantispyware.com]
SUPERAntiSpyware Portable (Score:4, Informative)
Re:Plenty (Score:5, Informative)
Re:Use Windows Embdded, not XP Home (Score:2, Informative)
Re:Use Windows Embdded, not XP Home (Score:4, Informative)
http://www.microsoft.com/presspass/newsroom/winxp/SharedToolkitFS.mspx [microsoft.com]
It's now called "Windows SteadyState 2.5"
http://www.microsoft.com/downloads/details.aspx?familyid=d077a52d-93e9-4b02-bd95-9d770ccdb431&displaylang=en [microsoft.com]
Yes! The old school SCAN.EXE and CLEAN.EXE (Score:5, Informative)
Back in the BBS days, from MacAffee, you could download SCAN.EXE and CLEAN.EXE and run them on DOS.
And - you still can!
Go to their website and find the command line scanner for win32. It claims to be a trial version, but with no install routine and being a command line program, that doesn't mean much. It uses the same .DAT files that you download for any other VirusScan program.
I get a huge chuckle when I run it, because it's exactly the same way it was in 1988 and that's the way it oughta be. all this other crap is fer lamos :-)
Re:Use Windows Embdded, not XP Home (Score:2, Informative)
Re:clamav (Score:4, Informative)
and spyware detected/removed this way (Score:3, Informative)
It isn't very widely known but, clamav doesn't detect "spyware" by default. If you pass '--detect-pua' (potentially unwanted apps) to its arguments, it will detect them too.
Of course, in this situation, if he "fixes" the computer via removing spyware and idiot customer jumps up and down saying "his mp3 downloader is broken", it will cause some issues. That is why most antiviruses stay away from detecting spyware by default.
Re:ClamWin (Score:2, Informative)
Plus, if your flash drive is write-protected, then how can you update to the latest definitions?
Turn off the write-protect?
You only need it on when you connect it to a possibly-infected customer computer.
Re:Plenty (Score:3, Informative)
'Surely the only way to really scan a computer is by booting into a guaranteed-clean OS?'
Yes, and there are a bunch of different, generally Linux-based, bootable CDs that do exactly this. Several of the major antivirus companies make these available, and I tried about half a dozen last year. Not all of them worked well (out of date, or ran slowly, or found too many false positives and deleted them without asking!), but I was happy with the Avira Rescue System:
http://www.free-av.com/en/tools/12/avira_antivir_rescue_system.html [free-av.com]
One nice thing about this one is that they update the image 'several times a day' so you don't have to rely on the target system being networked to do an up to date scan (though a net update option is available if you can use it). Hardware support could be more complete (I had to revert to a VGA connection on one system) but otherwise no problems. I haven't tried running this from a flash drive, but there's a guide here:
http://forum.avira.com/wbb/index.php?page=Thread&threadID=94935 [avira.com]
Stinger (Score:2, Informative)
McAfee Stinger
http://vil.nai.com/vil/stinger/ [nai.com]