Would you connect an infected hard drive to your computer to scan it?


Would you connect an infected hard drive to your computer to scan  

76 members have voted

  1. 1. Would you connect an infected hard drive to your computer to scan it from inside windows??

    • Yes
      42
    • No
      14
    • NO!! Are you crazy?!!
      20


Recommended Posts

As falsepositive already pointed out - just connecting the drive would not run any code that could be sitting on that drive. So there would be no risk, unless you have autoplay/autorun enabled?? Why??

Then again why would the guy be using his billing/office PC for this? Wouldn't have have work machine for this sort of thing - for starters this machine should be able to dual boot for troubleshooting working on different filesystem disks. Say linux and Windows just for starters.

I would assume it should be locked down and patched and etc.. For example autoplay/autorun Disabled! And while working on infected disks - prob good idea to not have directly connected to your network, or atleast isolated via vlan, etc. You never know when you might accidentally execute some code off the disk that might be bad, etc. So no I would not connected to my normal day to day office machine that I do my billing on, etc.

But generally speaking -- no there should be no issues with code running off that disk you connect, unless you run it!! Or have your OS setup to auto run stuff, etc.

Link to comment
Share on other sites

As others have pointed out code will not run on its own just by plugging in a hard-drive. I don't see the harm in doing so. This isn't hollywood where viruses are alive and jump from computer to computer on their own magically.

  • Like 2
Link to comment
Share on other sites

As others have pointed out code will not run on its own just by plugging in a hard-drive. I don't see the harm in doing so. This isn't hollywood where viruses are alive and jump from computer to computer on their own magically.

Yeah, I've done it before with no issues. Just don't run anything on the drive and you'll be fine.

Link to comment
Share on other sites

As others have pointed out code will not run on its own just by plugging in a hard-drive. I don't see the harm in doing so. This isn't hollywood where viruses are alive and jump from computer to computer on their own magically.

Therefore, Hum's answer was correct. :shifty:

Link to comment
Share on other sites

1. Pull infected HDD from PC.

2. Update anti-virus and anti-malware on main PC

3. Disable network connection on main PC

4. Plug infected HDD via external USB

5. Scan and clean infected HDD

I've done this so many times I've lost count and have never had a problem.

Link to comment
Share on other sites

I do.

Have a system built specific for it.

Acronised but also Time freezed.

USB Sata the drive into it, then Kaspersky/MBAM the hell out of it.

Generally after though (Once plugged back into original system) I'll Cclean it then run Hitman/Combo just to be sure.

Autoruns to finish off.

But I diverse... ;)

Link to comment
Share on other sites

Hello,

I used to do this all the time, but, then again, I had a lab of computers with some designated specifically for this purpose (e.g., connecting up an infected hard disk drive). It has become a lot less necessary these days, though. It has proably been a couple of years since I last did this.

Oh, the comments about this being safe on a Windows-based system as long as you did not click anything or disabled autoplay are completely incorrect. Consider the .LNK parsing vulnerability introduced by Win32/Stuxnet. Simply viewing a USB flash drive Windows Explorer executed the malware.

If you are going to do this sort of thing, you need to use either a different OS (Linux, BSD, OS X, etc.) or a HDD-less system that boots from write-protected media (optical drive, USB flash drive with hardware write-protect swith and so forth).

Regards,

Aryeh Goretsky

  • Like 3
Link to comment
Share on other sites

Connect it to a secondary machine - yes.

Connect an infected HDD to my primary machine? I'd rather not.

Link to comment
Share on other sites

Connect it to a secondary machine - yes.

Connect an infected HDD to my primary machine? I'd rather not.

I would do the same.

Link to comment
Share on other sites

Sure. Windows 7 doesn't autorun content on hard drives that you plug into your computer so scanning for viruses from within Windows should be completely safe. Wouldn't be so keen on doing it with an older version of Windows though

Link to comment
Share on other sites

This would be like purposefully eating partially cooked chicken. Yes, you might be okay, or you could be throwing your guts up within 24 hours.

While I -could- make it secure enough to plug into my main PC, I'd really rather not. I'd be better off either livebooting or using a dedicated machine for virus killing.

Link to comment
Share on other sites

We kind of do this in our office at work. We have the "infection box" which runs three diffrent av's plus malwarebytes (paid version) as well as EaseUSData Recovery. Its basically a swiss army knife for infected machines, it sits on our no resource guest network and can only go out the the internet cant talk to any other machines, cant talk to the internal network. It really works out quite well has saved us from reloading countless machines.

Link to comment
Share on other sites

I use:

  • Spare HP laptop (No local storage or optical drive)
  • BIOS is set to read-only, system password enabled and HP Security enabled
  • 4GB Flash drive with HW Read-only switch ON
  • Windows PE 3.1 and Microsoft System Sweeper/Defender Offline (Security Essentials "to go" with latest definitions)
  • USB coffin for the victim drive

These days I tend to just destroy the file system and (if possible) reflash the firmware most of the time though as once infected you can't always restore it to a 100% perfect state.

Link to comment
Share on other sites

Come on guys, it's just a hardrive with data, have done it for almost 10 years, no problem as you "OPEN" the harddrive and don't double click just on the icon...

This.

Link to comment
Share on other sites

I have a Linux disk (second HDD) with Clam AV and Bitdefender on it for just these occasions.

Whilst I am aware there is very little risk connecting it directly to my system, I'd also not have sex with someone who had aids, regardless of condoms >.>

It's just not worth the risk that there is something on there that is really REALLY nasty.

Link to comment
Share on other sites

As others have said, it won't do any harm as long as you don't go around running things. Disable autorun and autoplay just to be safe.

Link to comment
Share on other sites

It's just not worth the risk that there is something on there that is really REALLY nasty.

...that can't run itself :p

It's like seeing a shark on land!

Link to comment
Share on other sites

You know that the first computer virus was a computer game that replicated itself across a filesystem into every directory. I believe there was also a networked version.

At the time, people thought that kind of thing was impossible.

Like I said, I know there is very little risk of anything being executed.. At the same time, why take the risk when it takes me less than 30 seconds to flick a switch and boot off a secondary drive?

It's not like I can't watch porn on a Linux box while it scans..

Link to comment
Share on other sites

Using a live CD Yes I would using my actual Production Windows No I would not.

Link to comment
Share on other sites

Absolutely. Malware just sitting on a drive poses no risks whatsoever. I have a folder full of trojans, virus,etc that I play with in a sandbox.

Anybody that thinks otherwise is just plain wrong.

Incorrect, it is you that is plain wrong.

Exploits and 0days exist that will trigger when data is read that shoudln't be there, for example you might have something in ntfs-3g for linux that expects a number and reads the data given as a number, but the data given is more than 64 bits long (a string) and it might triggers a buffer overflow. Such things can be places maliciously and made to trigger like that.

There is a VERY good reason why the company that provides ntfs-3g gives you a very huge warning NOT to have it in the kernel running as root.

Link to comment
Share on other sites

One would hope the AV would detect this.

That is, however, the point of my Linux choice :)

EDIT::

Completely rewrote this because it didn't quite say what I wanted it to >.>

Link to comment
Share on other sites

I have in the past, but that was only if I couldn't run a scan any other way, or other scans through the end user computer turned up negative.

Link to comment
Share on other sites

You know that the first computer virus was a computer game that replicated itself across a filesystem into every directory. I believe there was also a networked version.

At the time, people thought that kind of thing was impossible.

Like I said, I know there is very little risk of anything being executed.. At the same time, why take the risk when it takes me less than 30 seconds to flick a switch and boot off a secondary drive?

It's not like I can't watch porn on a Linux box while it scans..

And the first viruses were nothing more than office pranks - this changed. As well as the way a virus is delivered / spread.

As soon as they figured out they can make money from infections - all things changed.

It is rare to see an infection hop from machine to machine in the scenario mentioned in this thread.

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.