How To Disable USB Ports To Prevent Malware Infection

Ads by Google

A Reader writes in:
My PC is being shared by my roomies – they mainly use it for watching films – virus threats from USB is paramount. I have no issue with CD drives. But USB’s are a no-no. So its really important that I do this (block or lockdown USB ports).

There are plenty of ways to disable usb ports and you don’t need any special software.

Disable USB Ports By Disabling Autorun

Most of the malware that spreads through USB devices spreads because of the Autorun feature which automatically executes a said file mentioned in the autorun.inf file located at the root of the USB device folder tree. Something as unsuspicious as “Open folder to view files” to the untrained eye can be easily made to run any desired file on the drive and can thus infect your computer. So disabling autorun is always one of the better options. To do so:

  • First, the key combination Win + R and type Gpedit.msc
  • Navigate to Computer Configuration > Administrative Templates > Windows Components, then click Autoplay Policies. (XP users should try Computer Configuration > Administrative Templates > System
  • In the Details pane, double-click Turn off Autoplay.
  • Click Enabled, select All drives in the Turn off Autoplay box to disable Autorun on all drives.

Microsoft Help and Support has more details and methods

Ads by Google

Option 1. Disable users from connecting USB devices

You can prevent selected user accounts from connecting USB devices to your computer. So if you share your laptop/computer with a friend, you should create a separate user account and deny his/her account the ability to connect USB devices. Microsoft Help and Support provides steps to obtain such fine grain control.

Or you can simply navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UsbStor and set the value of Start to 4. To enable access again change the value back to 3

Although the site mentions that this applies to Windows XP, 2000 and 2003 it worked just fine on Windows Vista and Windows 7 as well.

Option 2. Change BIOS, disable USB ports, password protect BIOS

Enter your system’s BIOS, just when you press the Power On button. Look for anything that allows you to disable USB ports, disable them and make sure you add a BIOS password.

Option 3. User Device Manager to disable USB

  • Go to Device Manager (Right click My Computer, choose Manage, choose Device Manager in left pane)
  • Now look for USB Devices in the right pane, right click on the device and choose disable.

Of course you would like to make it a little easier to enable/disable the USB ports. For that you need to create a reg file that modifies the appropriate registry key. Here is an example (make sure to spell everything correctly):

Now double clicking on this file will enable access, similarly you can change 00000003 to 00000004 to create a reg file for disabling access.

None of these are fool proof, there is always someone smart enough to find a way around. If you really want to go all the way you can fill the ports with some epoxy or a similar substance! This is of course not a recommended solution for your personal computer but might come in handy for large organizations trying to prevent employees from using USB devices.

All in all the options are good enough to stop accidental, non intentional spread of malware/compromise of your computer as mostly happens when a USB device is plugged into different computers. However don’t bet your life on these if some one is really determined to use a USB device on your computer for whatever reason.

How do you protect your computer from malware spread via USB drives?

Join live MakeUseOf Groups on Grouvi App Join live Groups on Grouvi
Windows_10
Windows_10
650 Members
Windows Tips
Windows Tips
608 Members
Windows Troubleshooting
Windows Troubleshooting
561 Members
Best Windows Software
Best Windows Software
553 Members
Computer Hardware Talk
Computer Hardware Talk
498 Members
Affiliate Disclamer

This article may contain affiliate links, which pays us a small compensation if you do decide to make a purchase based on our recommendation. Our judgement is in no way biased, and our recommendations are always based on the merits of the items.

For more details, please read our disclosure.
New comment

Please login to avoid entering captcha

Log In