RealTime IT News

Symantec: USB Keys Threaten the Enterprise

NEW YORK -- Experts from security firm Symantec (NASDAQ:SYMC) warned that USB drives are a real security threat to enterprise networks. The comments came in the opening speech at Symantec Norton Cyber Crime day here.

In this case, an old threat is new again, according to Kevin Haley, Symantec Security Response group product manager. He pointed out that the first viruses were transmitted by floppy drives and Symantec fought them on Macintosh computers in 1982.

Now, removable USB drives can carry viruses.

He added that network drives can also be vulnerable.

"We're really seeing USB drives as a propagation method in enterprise threats," Haley said.

He added that when an infection is brought in to the enterprise on a USB drive and then stored on a network drive, it can be especially difficult to get rid of, and can cause headaches for IT even if no endpoints are infected.

If a file server is not protected and it gets infected, users can be reinfected or attacked again when they log on if that drive is mapped to their desktop.

With security software, the enterprise manager can choose to now allow programs to run from the USB drive or can even not allow endpoints to read USB drives, he added.

Haley recommended that IT managers not automatically map network drives to user desktops.

Threats are growing

Threats are exploding as malware writers are able to release more nasty software than ever before. Haley noted that in 2000, Syamtec issued 1,500 signatures. In 2009, he added, the company expects to issue over 2.5 million signatures that will protect users against over 120 million unique threats.

Furthermore, malware writers have figured out how to compromise the PCs of even those with the most innocuous browsing habits, leading some to say that legitimate sites are more dangerous than the Web's back alleys.

Symantec experts noted that scams are looking more legitimate as scammers appropriate graphics from Web sites that users trust. This tactic made the stimulus scams earlier this year particularly effective.

IT managers cannot expect Microsoft's Vista operating system to provide protection by itself, said Mark Kanok, Symantec product manager for the Norton 360. "As the install base of Vista grows, the bad guys will find vulnerabilities even if there are less there."

Symantec showed that as attackers create new threats, the security company responds. For example, malware often attacks anti-virus software. "One feature we have is called tamper protect. When the threats try to undercut our protection, this feature defends our processes against that," said Kanok.