My comment from another thread on the same subject;
Some have suggested turning off the 'autorun/autoplay' feature in Windows, which really is a good idea regardless of this prob. However, like your sandbox querry, I don't believe that to be satisfactory security and here is an exerpt from a MS TechNet article that explains exactly why;
Many USB controllers are actually Direct Memory Access (DMA) devices. This means they can bypass the operating system and directly read and write memory on the computer. Bypass the OS and you bypass the security controls it provides—now you have complete and unfettered access to the hardware. This renders device control implemented by the OS completely ineffective.
Ref;
http://www.microsoft.com/technet/technetmag/issues/2008/01/SecurityWatch/default.aspx
