arkon

First, so you know I work for the company that makes DeviceWall. It does install as a service, but I have not noticed the transfer being slower than without it with DeviceWall, it will be a little bit slower if the automatic encryption is enabled however. Try the 30 day trial, I would be interested to hear any feedback.

Sorry, didn't mean to mislead, yes I work for the company that makes DeviceWall, should have mentioned that earlier, just added a lit to my profile. I will try not to mention it again...just couldn't help myself when folks are discussing ways of mitigating these tools by shutting down all USB ports, which in most cases is the only way to keep these tools from being run, it causes quite a few problems in terms of convenience....Windows (even Vista) do a poor job of managing removable media devices in a way that provides admins granular control over devices and groups.

Sorry to keep mentioning it, but you might want to look at DeviceWall ( http://www.devicewall.com ) it allows admins to specify what devices connected to systems, for example allowing all keyboards and mice, but no USB thumb drives and only read access to iPods etc.

There is always a way, but the approach would need to be very different. These tools take advantage of security shortcomings of Windows, ie LM hashes, U3 autorun hack etc. There is probably some debate regarding this, but I think OSX is more secure than Windows, at least with default configurations.

Well there is a free 30 day trial.

May want to check out DeviceWall (http://www.devicewall.com), it has whitelisting, it also has connection and file audits and built in USB encryption as well as measures to prevent tampering. You can block all U3 drives for example, only allow a certain group read access to iPods etc

This just keeps getting scarier. If you now take the code used for "podslurping" you can run a routine that searches for all Excel files, PDF documents, Word docs etc and email those off as well. To get really blackhat it would not take much to then also automatically run these security applications that run off of a USB drive: http://www.watchyourend.com/2006/03/22/por...on-a-usb-drive/ And email the results off scans outside the network.