Using Linux to sandbox USB drives in Windows
 

First, I'll explain the situation..
Many of my friends regularly use USB drives to transfer data between our college comps and their comps.. The problem is that the college comps are a warehouse of all kinds of viruses, many of which run from USB drives. Now, they HAVE to transfer data, and some of the viruses are not recognised by the anti-virus softwares they use. I told them to just disable autorun, but even this didn't stop some of the viruses from infecting their comps. Most of the software that they use is propriety, and will not run on linux, so I can't tell them to install a linux based OS.

The solution I thought of is using qemu to create a virtual console within Windows, to basically create a 'quarantined' area for the USB drives to run.

My questions:
1) Is this feasible? Will running an OS from qemu ensure that each time a pen drive is inserted, the virtual OS will handle its operations, and it won't affect Windows?

2) Which OS would be best suited for this? I've used DSL before, around a year back, but at that time atleast, it didn't recognise the USB ports. Is this true for all?

3) Is there any other way to do this?


Time and again I've used linux to rescue Windows comps, I'm hoping there's a solution for this as well..

1) Not really. A sandbox is there to restrict the actions of processes inside it, not outside it. Perhaps you can try to tell windows not to mount flash drives, but in my experience Windows is not very good at doing what you tell it to when it thinks it knows better.

2) If you were going to try this approach, the OS wouldn't matter very much - probably the smaller the better. Heck, flash drives are not exactly exotic drivers, I might even go for OpenBSD

3) I would try to figure out how these virii are getting off the flash drives and onto the computer. If you disabled autorun, then that attack vector is closed. That's the biggie. If they are getting off another way, it's through the user's actions or from pre-existing malware. By "the user's actions" I don't mean blame the users, I mean they opened the word doc that they thought was clean but actually had malicious macros. There's really no defending against that, because the desired content *is* the virus.

Thanks for replying! I'll look into what you said about figuring out how the viruses get there.. Even I had thought that disabling autorun would pretty much fix the problem, but it didn't work. I'll figure out what else the users do.. The end users are nearly always the weakest link. Windows comes next. :)

I'm also checking out a program that I found after a little googling, called 'Sandboxie'. From what I've read till now, it seems promising..