Hi malware fighters,
In the old days systems were infected through exchanging diskettes and floppy's,
nowadays this is done through pen drives or USB-sticks and portable hard disks,
that could lead to total chaos. Last year various big institutions and even the American Army
were head news because their networks had been infected through AutoRun.
Since Windows 95 AutoRun is a Windows function to automatically start CD-rom's, USB-sticks,
and other portable media through an autorun.inf file.
This way your computer will start to play music CD's automatically.
AutoRun differs from AutoPlay, that was introduced in Windows XP
and recognizes content like images, music or films.
In some cases developers meant AutoRun, but used the term AutoPlay.
Infections.
AV vendor ESET estimates that ten procent of all malware has been spread through AutoRun.
Also Trojans and other viruses spread through the Internet are capable to infect USB-sticks etc.
so new victims can be made. Especially firms allowing users to use USB sticks are endangered.
The av vendor asked Microsoft to disable Autorun by default for their OS.
More and more apps are appearing that connect to computers via USB.
Disable
In spite of the security risks involved all Window versions since 95 have this feature/function.
Microsoft asked users to disable AutoRun.
This may be old news for many of the readers here, but disabling autorun is still not observed as a security measure of high importance.
"We are surprised here by the large number of people that have no eye for the risks involved here",
according to Microsoft security boss Steve Riley.
Re:
http://blogs.technet.com/steriley/archive/2007/09/22/autorun-good-for-you.aspxWell both firms and individual users are well advised to disable this function, in a way described below".
Windows Server 2003, Windows XP en Windows 2000
Enable/Disable Autorun
How To Enable/Disable Autorun (Windows 95/98/Me)
1. Access the System Properties Dialog. Using Control Panel: My Computer: Properties or Explorer: My Computer: Properties.
2. Select the Device Manager tab.
3. Select the CD-ROM folder.
4. Select the entry for your CD-ROM drive.
5. Select Properties.
6. Select the Settings tab.
7. Turn on or off the Auto insert notification option.
8. Select OK.
9. Select OK
How To Enable/Disable Autorun (Windows NT/2000)
1. Start RegEdit (regedt32.exe).
2. Go to HKEY_LOCAL_MACHINE/System/CurrentControlSet/Services/Cdrom.
3. Edit the Autorun value to '1' to enable autorn, and '0' to disable autorun.
4. Close RegEdit
How To Enable/Disable Autorun (Windows XP)
1. Open Windows Explorer by pressing the Windows + "e" key.
2. Right-click the desired CD-ROM and select Properties from the menu.
3. Select the AutoPlay tab.
4. Select each item from the pulldown list and for the Action to perform, select "Take no action" to disable autorun, or pick the apporpriate action to take if enabling autorun.
5. Select OK.
How To Enable Autorun for Other Removable Media
Autorun can be enabled or disabled for all Removable media types, such as a floppy or Zip disk. Windows systems are configured to enable CD Notification, other removable media are by default disabled.
The System Properties User interface only exposes the CD Enable or Disable selection. The setting reflected in this dialog makes an entry in the System Registry. It is in this same location that other media types are configured.
Notes:
1. Modifiying the Registry is not for the inexperienced user. Anyone will tell you, be VERY careful.
2. The modifications made in this case use Hex not Decimal numbers. If you are unfamiliar with the Registry or the characteristics of base numbering and Hex, studying these topics prior to making these modifications is advisable.
To Modify these Registry Settings, Use Regedit and navigate to the following Key:
HKEY_CURRENT_USER
Software
Microsoft
Windows
CurrentVersion
Policies
Explorer
"NoDriveTypeAutoRun"
The default value for the setting is 95 0 0 0. Change the first byte to 91. Restart the computer to make the new setting take effect. You may have to right-click on the floppy and choose AutoPlay from the menu to see the AutoPlay behavior.
Additional Technical Info
The first byte defines which drive types to EXCLUDE from Autorun behavior. The hex value of the byte is the sum of all of the drive type values to exclude + 128.
DRIVE_UNKNOWN 1
DRIVE_NO_ROOT_DIR 2
DRIVE_REMOVABLE 4 (floppy disks and removable cartridges)
DRIVE_FIXED 8 (hard disks)
DRIVE_REMOTE 16 (network drives)
DRIVE_CDROM 32 (CD-ROMs)
DRIVE_RAMDISK 64
The default configuration excludes UNKNOWN (1), REMOVABLE (4) and REMOTE (16) which would be 16 + 4 + 1 + 128 = 149, which is hex 95. If you take out REMOVABLE you get 16 + 1 + 128 = 145, which is hex 91.
The calculation for this value is 1 + 4 + 16 + 128 = 149. 149 Decimal is 95 Hex
The new calculation is 1 + 16 + 128 = 145. 149 Decimal is 91 Hex
You may have to restart for the system to recognize a floppy or Zip as an Autoplay drive. If your floppy drive does not show a custom icon or AutoPlay in the menu when right-clicked, double-click on the icon for your computer on the desktop and press F5 to refresh the information in the Explorer window. Zips and floppies will not autolaunch when media is inserted. You must double-click their icon or right-click and choose AutoPlay from the menu.
Another way for XP:
Windows XP Home
Start Notepad and copy the txt below. Save the fileas autorun.reg.
Double click now this file and AutoRun has been disabled. NOTE! adaptations of the registry can
damage your OS. Use the following solution for your own risk.
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=dword:000000b5
For vista:
http://www.howtogeek.com/howto/windows-vista/disable-autoplay-in-windows-vista/polonus
