+BudMan MVC Posted June 7, 2012 MVC Share Posted June 7, 2012 As falsepositive already pointed out - just connecting the drive would not run any code that could be sitting on that drive. So there would be no risk, unless you have autoplay/autorun enabled?? Why?? Then again why would the guy be using his billing/office PC for this? Wouldn't have have work machine for this sort of thing - for starters this machine should be able to dual boot for troubleshooting working on different filesystem disks. Say linux and Windows just for starters. I would assume it should be locked down and patched and etc.. For example autoplay/autorun Disabled! And while working on infected disks - prob good idea to not have directly connected to your network, or atleast isolated via vlan, etc. You never know when you might accidentally execute some code off the disk that might be bad, etc. So no I would not connected to my normal day to day office machine that I do my billing on, etc. But generally speaking -- no there should be no issues with code running off that disk you connect, unless you run it!! Or have your OS setup to auto run stuff, etc. Link to comment Share on other sites More sharing options...
giantpotato Posted June 7, 2012 Share Posted June 7, 2012 As others have pointed out code will not run on its own just by plugging in a hard-drive. I don't see the harm in doing so. This isn't hollywood where viruses are alive and jump from computer to computer on their own magically. TEX4S and morphen 2 Share Link to comment Share on other sites More sharing options...
mrp04 Posted June 7, 2012 Share Posted June 7, 2012 As others have pointed out code will not run on its own just by plugging in a hard-drive. I don't see the harm in doing so. This isn't hollywood where viruses are alive and jump from computer to computer on their own magically. Yeah, I've done it before with no issues. Just don't run anything on the drive and you'll be fine. Link to comment Share on other sites More sharing options...
Hum Posted June 7, 2012 Share Posted June 7, 2012 As others have pointed out code will not run on its own just by plugging in a hard-drive. I don't see the harm in doing so. This isn't hollywood where viruses are alive and jump from computer to computer on their own magically. Therefore, Hum's answer was correct. :shifty: Link to comment Share on other sites More sharing options...
c.grz Posted June 7, 2012 Share Posted June 7, 2012 1. Pull infected HDD from PC. 2. Update anti-virus and anti-malware on main PC 3. Disable network connection on main PC 4. Plug infected HDD via external USB 5. Scan and clean infected HDD I've done this so many times I've lost count and have never had a problem. TEX4S 1 Share Link to comment Share on other sites More sharing options...
Midnight Mick Posted June 7, 2012 Share Posted June 7, 2012 I do. Have a system built specific for it. Acronised but also Time freezed. USB Sata the drive into it, then Kaspersky/MBAM the hell out of it. Generally after though (Once plugged back into original system) I'll Cclean it then run Hitman/Combo just to be sure. Autoruns to finish off. But I diverse... ;) Link to comment Share on other sites More sharing options...
goretsky Supervisor Posted June 8, 2012 Supervisor Share Posted June 8, 2012 Hello, I used to do this all the time, but, then again, I had a lab of computers with some designated specifically for this purpose (e.g., connecting up an infected hard disk drive). It has become a lot less necessary these days, though. It has proably been a couple of years since I last did this. Oh, the comments about this being safe on a Windows-based system as long as you did not click anything or disabled autoplay are completely incorrect. Consider the .LNK parsing vulnerability introduced by Win32/Stuxnet. Simply viewing a USB flash drive Windows Explorer executed the malware. If you are going to do this sort of thing, you need to use either a different OS (Linux, BSD, OS X, etc.) or a HDD-less system that boots from write-protected media (optical drive, USB flash drive with hardware write-protect swith and so forth). Regards, Aryeh Goretsky neo1911, +Warwagon and The Laughing Man 3 Share Link to comment Share on other sites More sharing options...
neo1911 Posted June 8, 2012 Share Posted June 8, 2012 Some virus are totally alive ala Hollywood style. Link to comment Share on other sites More sharing options...
+Frank B. Subscriber² Posted June 8, 2012 Subscriber² Share Posted June 8, 2012 Connect it to a secondary machine - yes. Connect an infected HDD to my primary machine? I'd rather not. Link to comment Share on other sites More sharing options...
Lee G. Veteran Posted June 8, 2012 Veteran Share Posted June 8, 2012 Connect it to a secondary machine - yes. Connect an infected HDD to my primary machine? I'd rather not. I would do the same. Link to comment Share on other sites More sharing options...
Noir Angel Posted June 8, 2012 Share Posted June 8, 2012 Sure. Windows 7 doesn't autorun content on hard drives that you plug into your computer so scanning for viruses from within Windows should be completely safe. Wouldn't be so keen on doing it with an older version of Windows though Link to comment Share on other sites More sharing options...
The Teej Posted June 8, 2012 Share Posted June 8, 2012 This would be like purposefully eating partially cooked chicken. Yes, you might be okay, or you could be throwing your guts up within 24 hours. While I -could- make it secure enough to plug into my main PC, I'd really rather not. I'd be better off either livebooting or using a dedicated machine for virus killing. Link to comment Share on other sites More sharing options...
Typhoon87 Posted June 8, 2012 Share Posted June 8, 2012 We kind of do this in our office at work. We have the "infection box" which runs three diffrent av's plus malwarebytes (paid version) as well as EaseUSData Recovery. Its basically a swiss army knife for infected machines, it sits on our no resource guest network and can only go out the the internet cant talk to any other machines, cant talk to the internal network. It really works out quite well has saved us from reloading countless machines. Link to comment Share on other sites More sharing options...
Open Minded Posted June 8, 2012 Share Posted June 8, 2012 I do it all the time. Never been an issue . Link to comment Share on other sites More sharing options...
Aergan Posted June 8, 2012 Share Posted June 8, 2012 I use: Spare HP laptop (No local storage or optical drive) BIOS is set to read-only, system password enabled and HP Security enabled 4GB Flash drive with HW Read-only switch ON Windows PE 3.1 and Microsoft System Sweeper/Defender Offline (Security Essentials "to go" with latest definitions) USB coffin for the victim drive These days I tend to just destroy the file system and (if possible) reflash the firmware most of the time though as once infected you can't always restore it to a 100% perfect state. goretsky 1 Share Link to comment Share on other sites More sharing options...
painejake Posted June 8, 2012 Share Posted June 8, 2012 Come on guys, it's just a hardrive with data, have done it for almost 10 years, no problem as you "OPEN" the harddrive and don't double click just on the icon... This. Link to comment Share on other sites More sharing options...
articuno1au Posted June 8, 2012 Share Posted June 8, 2012 I have a Linux disk (second HDD) with Clam AV and Bitdefender on it for just these occasions. Whilst I am aware there is very little risk connecting it directly to my system, I'd also not have sex with someone who had aids, regardless of condoms >.> It's just not worth the risk that there is something on there that is really REALLY nasty. Link to comment Share on other sites More sharing options...
Hardcore Til I Die Posted June 8, 2012 Share Posted June 8, 2012 As others have said, it won't do any harm as long as you don't go around running things. Disable autorun and autoplay just to be safe. Link to comment Share on other sites More sharing options...
Hardcore Til I Die Posted June 8, 2012 Share Posted June 8, 2012 It's just not worth the risk that there is something on there that is really REALLY nasty. ...that can't run itself :p It's like seeing a shark on land! Link to comment Share on other sites More sharing options...
articuno1au Posted June 8, 2012 Share Posted June 8, 2012 You know that the first computer virus was a computer game that replicated itself across a filesystem into every directory. I believe there was also a networked version. At the time, people thought that kind of thing was impossible. Like I said, I know there is very little risk of anything being executed.. At the same time, why take the risk when it takes me less than 30 seconds to flick a switch and boot off a secondary drive? It's not like I can't watch porn on a Linux box while it scans.. Link to comment Share on other sites More sharing options...
Geoffrey B. Veteran Posted June 8, 2012 Veteran Share Posted June 8, 2012 Using a live CD Yes I would using my actual Production Windows No I would not. Link to comment Share on other sites More sharing options...
n_K Posted June 8, 2012 Share Posted June 8, 2012 Absolutely. Malware just sitting on a drive poses no risks whatsoever. I have a folder full of trojans, virus,etc that I play with in a sandbox. Anybody that thinks otherwise is just plain wrong. Incorrect, it is you that is plain wrong. Exploits and 0days exist that will trigger when data is read that shoudln't be there, for example you might have something in ntfs-3g for linux that expects a number and reads the data given as a number, but the data given is more than 64 bits long (a string) and it might triggers a buffer overflow. Such things can be places maliciously and made to trigger like that. There is a VERY good reason why the company that provides ntfs-3g gives you a very huge warning NOT to have it in the kernel running as root. ahhell 1 Share Link to comment Share on other sites More sharing options...
articuno1au Posted June 8, 2012 Share Posted June 8, 2012 One would hope the AV would detect this. That is, however, the point of my Linux choice :) EDIT:: Completely rewrote this because it didn't quite say what I wanted it to >.> Link to comment Share on other sites More sharing options...
+jamwheat Subscriber² Posted June 8, 2012 Subscriber² Share Posted June 8, 2012 I have in the past, but that was only if I couldn't run a scan any other way, or other scans through the end user computer turned up negative. Link to comment Share on other sites More sharing options...
TEX4S Posted June 8, 2012 Share Posted June 8, 2012 You know that the first computer virus was a computer game that replicated itself across a filesystem into every directory. I believe there was also a networked version. At the time, people thought that kind of thing was impossible. Like I said, I know there is very little risk of anything being executed.. At the same time, why take the risk when it takes me less than 30 seconds to flick a switch and boot off a secondary drive? It's not like I can't watch porn on a Linux box while it scans.. And the first viruses were nothing more than office pranks - this changed. As well as the way a virus is delivered / spread. As soon as they figured out they can make money from infections - all things changed. It is rare to see an infection hop from machine to machine in the scenario mentioned in this thread. Link to comment Share on other sites More sharing options...
Recommended Posts