close What is the new concern raised for USB devices?
- Recent information disclosed on the Internet demonstrates that USB plug-in devices can have their firmware modified and infected with malware, which could allow viruses, spyware, or other malicious software to be spread to any further system that the device is plugged into.
- Each organization should have a policy surrounding who, when, and how USB devices are to be used in their operating environments. Organizations with highly sensitive data, or whom require very stringent access to data and systems, should consider having a policy disallowing personal USB devices in the workplace.
- All types of removable media present risks to computing environments if their nature, history, and means of proper use are not verified. CDs, DVDs, tapes, and even recycled internal hard drives can carry and spread malware.
- Some sources on the Internet recommend preventing USB device use by closing USB ports with glue. Do NOT take this action on any Xerox multi-function print device. USB ports must remain available for technicians to service Xerox equipment.
- It is true that current anti-virus products have difficulty in scanning USB firmware directly for malicious code. Anti-virus products can, however, detect malicious code moved to and from USB devices, or loaded into machine memory when those programs run. Keeping your anti-virus software current may not solve this problem, but it can go a long way to help reduce the risk.
- Consider having a workplace policy preventing use of personal, unapproved USB devices.
- Xerox is continuing to study available information about this issue and will update our recommendations as appropriate.