ConsciousVibes.com

Home | Links ( Motorcycles, Computers )

Disable AutoRun / AutoPlay / Auto Insert Notification

All of the information, instructions, and recommendations on this Web site are offered on a strictly "as is" basis. Remember "Murphy's Law." Please take the proper precautions before attempting any of the tips or modifications listed here.

Contents

Why should AutoRun /AutoPlay / Auto Insert Notification be Disabled

AutoRun and the companion feature, AutoPlay are components of the Microsoft Windows operating system that dictate what actions the system takes when you insert a CD-ROM/DVD or plug in a USB Flash Drive or external hard drive.

During AutoPlay, the Autorun.inf file from the newly inserted media is parsed. This file specifies which commands the system runs. Many companies use this functionality to start their installers.

The Conficker (a.k.a. Downadup) worm and other malware use the AutoRun/AutoPlay feature to spread to other computers.

References

Disable AutoRun / AutoPlay in Windows XP

1. Open a Command Prompt
   1. Click the Start button followed by selecting "Run".
   2. Type cmd then click OK or press the enter key.
2. Type "gpedit.msc" and press the enter key
3. Click and expand "Computer Configuration", followed by "Administrative Templates", followed by "System".
4. Double click "Turn autoplay off"
5. Select "Enable"
6. Change "Turn off Autoplay on:" to All drives
7. Clicking "OK" to save.

Windows XP Home

Since Group Policy Editor (gpedit.msc) is not available in XP Home, you'll have to change an entry in the registry to disable autoplay.

1. Click the Start button the click Run
2. type in cmd then press the enter key
3. In the Command windows that opens, type regedit
4. Go to HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
5. Change the decimal value of NoDriveTypeAutoRun to 181
6. Close regedit
7. Restart the computer

Disable AutoRun / AutoPlay in Windows Vista

To disable AutoPlay, otherwise known as Auto Insert Notification, on Windows Vista...

Method 1

1. Go to Control Panel > Hardware and Sound > Play CDs or other media automatically
2. At the top, uncheck "Use Autoplay for all media and devices"
3. Click the Save button

Method 2

1. Open a Command Prompt
   1. Click the Start button followed by selecting "Run".
   2. Type cmd then click OK or press the enter key.
2. Type "gpedit.msc" and press the enter key
   • If you are prompted for an administrator password or for confirmation, type the password, or click Allow.
3. Click and expand "Computer Configuration", followed by "Administrative Templates", followed by "System".
4. Double click "Turn autoplay off"
5. Select "Enable"
6. Change "Turn off Autoplay on:" to All drives
7. Clicking "OK" to save.

Disable AutoRun / AutoPlay in Windows 7

To disable AutoRun / AutoPlay / Auto Insert Notification in Windows 7...

1. Go to Control Panel > Hardware and Sound > AutoPlay
2. At the top, uncheck "Use Autoplay for all devices"
3. Click Save

References

Security Now!, Episode #193

• Conficker: Steve and Leo discuss the week's security news; then they closely examine the detailed operation and evolution of "Conficker," the most technically sophisticated worm the Internet has ever encountered.

Virus alert about the Win32/Conficker worm

• Win32/Conficker has multiple propagation methods. These include the following:
  • Exploitation of the vulnerability that is patched by security update 958644 (MS08-067)
  • The use of network shares
  • The use of AutoPlay functionality

How to disable the Autorun functionality in Windows

• The updates that this article describes fix a problem with the disable Autorun feature. Without these updates, Autorun for a network drive cannot be disabled. Also, the shortcut menu and double-click functionality of Autorun were not disabled even if the steps that were previously provided were followed. This problem is fixed by the updates described in this article.

Update to the AutoPlay functionality in Windows

• This update changes the AutoRun functionality in Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008.
• This update disables AutoRun entries in AutoPlay, and displays only entries that are populated from CD and DVD drives. Effectively, this prevents AutoPlay from working with USB media.

Protecting your Flash and Removable Disks

• Steps to create non-writable folders/directories with names that are commonly used to transport viruses on your drive.
• Also see: Protect your Flash and Removable Drive - Alternate Instructions

How to Maximize the Malware Protection of Your Removable Drives

• Steps to use NTFS file permissions to restrict changes that may protect AUTORUN.INF

Commands

• attrib autorun.inf /s /d –a +s +r +h
• cacls autorun.inf /c /d administrators
• Files and directories to protect: autorun.inf, recycle, recycler, recycled, setup

How Flash Drives and Social Engineering can Compromise Networks

• The technique of island hopping—penetrating a network through a weak link and then hopping around systems within that network—has been around for years. But it continues to take on new dimensions. In today's security-conscious IT environments, people are often the weakest link, and malicious users are finding ways to use this to their advantage (think phishing and other forms of social engineering). This combination of carbon and silicon can prove fatal to your network.