Understanding USB access and security issues

[rob.g]

The extensions pack must be installed to enable USB access by a guest.

It seems that administrator rights are required not merely to install the extensions pack in Win8.1, but
also at runtime for any user to use USB with a guest.

1. What is the minimal set of rights that could enabled for a user to enable USB access in a guest?
2. Is there an extensions pack alternative which only installs USB access, but not the other (riskier?) elements like VRDP?
3. Can anyone recommend some reading on the subject of security issues for VirtualBox on the host when enabling USB for a guest?

Thanks!

[frank]

Adaministrator privileges are only required for the installation of the Extension Pack, not for using it. There are no alternative flavours of the Extension Pack available.

Security issues: A user has full control over USB devices which are physically plugged to the host he is working on. He can pass any USB device to his guest. In normal cases this isn't a problem because he would also be able to access USB devices from the host.

I don't see why VRDP is a risky feature. From the security point of view it allows someone else to access the VM of the VM owner (the user who started the VM). But VRDP is disabled by default. If the user enabled it, proper network settings still can prevent other users to access this open port (by default 3389).