Home > Protecting Your USB, Smart Tip, Win XP > Protecting Your USB – 3 : Disabling autorun on your PC

Protecting Your USB – 3 : Disabling autorun on your PC

This is Part three of the USB Infection Prevention Series…..

Scenario : You own a pen drive and wont it be great if you could just make sure that even if the pen drive is infected, it does not spread to your PC.

Solution : A Simple solution to this is to disable Autorun option.

What?! Disable autorun ?? but its so useful….Agreed..Autorun can be useful but it can be dangerous too. Your computer can be easily compromised within seconds if autorun is enabled. Its just a matter of  programming autorun.inf to load the trojan whenever it’s being autoplayed. Apart from these security issues, autorun can also be frustrating when you load a very old/damaged CD and it will try to read and process autorun.inf file. At that point,windows will just freeze and you can’t do anything until you manually eject the disc. I used to be really frustrated by all this back when i used windows XP but ever since i switched to Win7, i have had one less thing to worry….atleast about USB drives cos wonders of wonders….Microsoft has removed the autorun.inf feature from Windows 7.

Unfortunately for those still using XP, there is no simple way for you to enable or disable autorun. However i will share with you some of the methods i collected when i used XP.

Method 1: The trick is to stop auto run by pressing the SHIFT key and hold the key for a while when you load a removable media(i.e USB/CD/DVD ). Simple and Sweet huh?? but we tend to forget things such as holding the key down and that’s why we have method 2….

Method 2: The next method uses Group Policy settings to disable Autorun

  1. Click Start, click Run, type Gpedit.msc in the Open box, and then click OK.
  2. Under Computer Configuration, expand Administrative Templates, and then click System.
  3. In the Settings pane, right-click Turn off Autoplay, and then click Properties.
  4. Click Enabled, and then select All drives in the Turn off Autoplay box to disable Autorun on all drives.
  5. Click OK to close the Turn off Autoplay Properties dialog box.
  6. Restart the computer

Method 3 : This method involves some registry modifications.

1.     Go to Start-> Run , then type REGEDIT and press enter to open registry editor.

2.     Navigate to the following Key :  HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Policies\Explorer. Here you will find a key named “NoDriveTypeAutoRun” then double click it. If not found, create it.

3. For a general change,  Change the value for the setting to 95 0 0 0 (for disable). Change the first byte to 91 to enable autorun.

The value of the NoDriveTypeAutoRun registry entry determines which drive or drives the Autorun functionality will be disabled for.For example, if you want to disable Autorun for network drives only, you must set the value of NoDriveTypeAutoRun registry entry to 0x10. If you want to disable Autorun for multiple drives, you must add the corresponding hexadecimal values to the 0x10 value. For example, if you want to disable Autorun for removable drives and for network drives, you must add 0x4 and 0x10, which is the mathematical addition of 2 hexadecimal values, to determine the value to use. 0x4 + 0x10 = 0x14. (in a similar way we got 95 above by summing: 0x1 (unknown types), 0x80 (unknown types), 0x4 (floppy drives), and 0x10 (network drives)) Therefore, in this example, you would set the value of the NoDriveTypeAutoRun entry to 0x14. To selectively disable specific drives, use a different value as described below

Value Meaning
0x1 or 0x80 Disables AutoRun on drives of unknown type
0x4 Disables AutoRun on removable drives
0x8 Disables AutoRun on fixed drives
0x10 Disables AutoRun on network drives
0x20 Disables AutoRun on CD-ROM drives
0x40 Disables AutoRun on RAM disks
0xFF Disables AutoRun on all kinds of drives

Restart the computer to make the new setting take effect.

NOTE : If you want to disable Autorun functionality for all users in your system, use the “HKEY_LOCAL_MACHINE” instead of “HKEY_CURRENT_USER

We discuss some more methods in my next post…..till then…Stay Sharp….

  1. Silence
    October 24, 2010 at 12:51 am

    can you suggest some tool rather than making these registry changes manually….

    • October 24, 2010 at 2:06 pm

      Yes…i could but i’m more in favour of using available resources and not relying on tools created by someone else….if you still want suggestions get back to me….

  2. Dinham
    November 8, 2010 at 9:57 am

    You can’t consider how lengthy ive been searching for something like this. Scrolled through 5 pages of Google results couldnt discover diddly squat. Fast search on bing. There this is…. Really gotta start using that extra often Thank you.

    • November 8, 2010 at 9:30 pm

      Glad i could help you…and yes, Bing is not as bad as people think it to be…:)

  3. Blazina1992
    November 18, 2010 at 9:46 am

    My buddy and I had been debating this issue, he is usually trying to prove me wrong. Your view on this is excellent and exactly how I really believe. I just now mailed him this web site to show him your own point of view. After looking over your website I book marked and will be back to learn your updates!

    • November 21, 2010 at 9:39 pm

      glad my log was useful to you…..

  4. Foucha5470
    November 21, 2010 at 5:41 am

    I cannot thank you enough for the article.Really thank you! Great

    • November 21, 2010 at 1:39 pm

      Glad i could help you….

  5. bukmacher
    December 2, 2010 at 2:43 am

    Hello buddy, can i post articles to your blog ? Let me know if you are interested

  6. Donald
    December 2, 2010 at 7:31 pm

    It is good too read your blog again!, i see some interesting updates here..

  7. Sayroth
    December 7, 2010 at 1:36 am

    hi thanks for the blog.

  8. Eric Shiflet
    December 10, 2010 at 3:39 am

    I understand this isn’t exactly on topic, but i run a website using the similar system too and i am having errors with the comments showing. is there a setting i am losing? probably you may help me out? thanks.

  9. Claudio Poortinga
    December 10, 2010 at 12:26 pm

    considerable chart you’ve acquire

  10. December 15, 2010 at 5:25 am

    This is really interesting. Thanks for posting it. By the looks of the comments, many others think so too.

  11. mccraryck
    December 18, 2010 at 12:15 am

    Has casually come on a forum and has seen this theme. I can help you council.

  12. mapleDyerghoj
    December 19, 2010 at 7:33 pm

    Apart from the lack of sources, I like it. Keep up the good job.

  13. fresnofan
    December 20, 2010 at 7:14 am

    Thank you for taking the time to write this

  14. Jeannie Floras
    December 20, 2010 at 8:27 pm

    Hello.This article was extremely interesting, particularly since I was investigating for thoughts on this topic last Monday.

  15. December 20, 2010 at 11:35 pm

    Thank you all for the kind words…It makes me work more hard to get all the info under one place…..:)

  16. melaniemyer
    December 21, 2010 at 6:36 am

    You completed various good points there. I did a search on the topic and found the majority of people will agree with your blog.

  17. RSC
    December 30, 2010 at 12:17 pm

    I ran into this page mistakenly, surprisingly, this is a wonderful website. The site owner has carried out a superb job of putting it together, the info here is really and helpful when i do research. You just secured yourself a guarenteed reader.

  1. October 25, 2010 at 4:32 pm
  2. November 2, 2010 at 11:03 pm

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: