How and Why To Disable Autorun

Lee Clemmer
Categories : Smb security ,Computing
Tags : Computing smb security topics smb security

Page content

What Is Autorun?

As you might guess from the name, the Autorun feature allows programs on removable media to start automatically. This might be desirable for media types like video, marketing presentations, educational interactive content, or music. The convenience of inserting a CD to listen to music and having it start playing, or seeing the main menu of a DVD appear on the desktop, is compelling. Similarly, installing new software or even an operating system upgrade is possible. Such installs are easier for less literate computer users, because they don’t have to look for a setup.exe or install.exe file, or even read instructions on what setup steps to take for different operating system versions. Along with these potential benefits, you can begin to imagine the possible risks.

Autorun Risks

Unfortunately, this same automatic execution of programs allows for any sort of executable code to run, including viruses, worms, or other malware. With Autorun, Windows runs a program on the drive immediately when the media is inserted (or attached) and accessed by the operating system. There is no time for you, the user, to see what program is there and make any decision-it’s automatic, remember? All that’s needed is the file autorun.inf present on the media and that Autorun is enabled. Read only media that comes from an unknown source may have a program that has been compromised, but this is relatively unlikely. Instead, consider the possible danger of writeable and rewritable media, such as thumb drives, USB drives, and portable drives. Completely unknown and unintended program content could be present. A number of viruses, including Conficker can spread this way. The prudent course of action is to disable Autorun. So, how do we do that?

How To Disable It

First, make sure your system is up to date on system updates and security patches.

For Windows 2000, XP Pro, and Windows Server 2003

1. Start-->Run, type gpedit.msc in the Open box and click OK.

2. Below Computer Configuration double-click Administrative Templates, double-click System.

3. In the right-hand pane, find Turn off Autoplay (or Disable Autoplay) and double-click it.

4. Click the Enabled radio button, then select All Drives in the pull-down box. Click OK.

5. Exit the Group Policy editor and restart the computer.

For Windows Vista and Windows Server 2008

1. Click Start and type gpedit.msc in the Start Search box, and press ENTER. If you are prompted for an administrator password, enter it.

2. Below Computer Configuration, double-click Administrative Templates, double-click Windows Components, and click Autoplay Policies.

3. Find Turn off Autoplay in Details and double-click it.

4. Click Enabled, select All drives in the pull-down box.

5. Close the Group Policy editor and restart the computer.

For operating system versions without the Group Policy Editor

1. Back up the registry.

2. Start-->Run, type regedit in the Open box and click OK.

3. Find the following registry entry and click it:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoDriveTypeAutorun

4. Right-click NoDriveTypeAutorun and click Modify.

5. In the Value box, type 0xFF, click OK, and exit the Registry Editor

6. Restart the computer.

For more information see this Microsoft support article.

Additional Information

Microsoft released some patches to ensure that the disable Autorun control worked properly in all cases. Check out the Microsoft Suport article https://support.microsoft.com/kb/967715 for more information on the patches and on the instructions given above.