Protecting Your USB – 3 : Disabling autorun on your PC
This is Part three of the USB Infection Prevention Series…..
Scenario : You own a pen drive and wont it be great if you could just make sure that even if the pen drive is infected, it does not spread to your PC.
Solution : A Simple solution to this is to disable Autorun option.
What?! Disable autorun ?? but its so useful….Agreed..Autorun can be useful but it can be dangerous too. Your computer can be easily compromised within seconds if autorun is enabled. Its just a matter of programming autorun.inf to load the trojan whenever it’s being autoplayed. Apart from these security issues, autorun can also be frustrating when you load a very old/damaged CD and it will try to read and process autorun.inf file. At that point,windows will just freeze and you can’t do anything until you manually eject the disc. I used to be really frustrated by all this back when i used windows XP but ever since i switched to Win7, i have had one less thing to worry….atleast about USB drives cos wonders of wonders….Microsoft has removed the autorun.inf feature from Windows 7.
Unfortunately for those still using XP, there is no simple way for you to enable or disable autorun. However i will share with you some of the methods i collected when i used XP.
Method 1: The trick is to stop auto run by pressing the SHIFT key and hold the key for a while when you load a removable media(i.e USB/CD/DVD ). Simple and Sweet huh?? but we tend to forget things such as holding the key down and that’s why we have method 2….
Method 2: The next method uses Group Policy settings to disable Autorun
- Click Start, click Run, type Gpedit.msc in the Open box, and then click OK.
- Under Computer Configuration, expand Administrative Templates, and then click System.
- In the Settings pane, right-click Turn off Autoplay, and then click Properties.
- Click Enabled, and then select All drives in the Turn off Autoplay box to disable Autorun on all drives.
- Click OK to close the Turn off Autoplay Properties dialog box.
- Restart the computer
Method 3 : This method involves some registry modifications.
1. Go to Start-> Run , then type REGEDIT and press enter to open registry editor.
2. Navigate to the following Key : HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Policies\Explorer. Here you will find a key named “NoDriveTypeAutoRun” then double click it. If not found, create it.
3. For a general change, Change the value for the setting to 95 0 0 0 (for disable). Change the first byte to 91 to enable autorun.
The value of the NoDriveTypeAutoRun registry entry determines which drive or drives the Autorun functionality will be disabled for.For example, if you want to disable Autorun for network drives only, you must set the value of NoDriveTypeAutoRun registry entry to 0x10. If you want to disable Autorun for multiple drives, you must add the corresponding hexadecimal values to the 0x10 value. For example, if you want to disable Autorun for removable drives and for network drives, you must add 0x4 and 0x10, which is the mathematical addition of 2 hexadecimal values, to determine the value to use. 0x4 + 0x10 = 0x14. (in a similar way we got 95 above by summing: 0x1 (unknown types), 0x80 (unknown types), 0x4 (floppy drives), and 0x10 (network drives)) Therefore, in this example, you would set the value of the NoDriveTypeAutoRun entry to 0x14. To selectively disable specific drives, use a different value as described below
|0x1 or 0x80||Disables AutoRun on drives of unknown type|
|0x4||Disables AutoRun on removable drives|
|0x8||Disables AutoRun on fixed drives|
|0x10||Disables AutoRun on network drives|
|0x20||Disables AutoRun on CD-ROM drives|
|0x40||Disables AutoRun on RAM disks|
|0xFF||Disables AutoRun on all kinds of drives|
Restart the computer to make the new setting take effect.
NOTE : If you want to disable Autorun functionality for all users in your system, use the “HKEY_LOCAL_MACHINE” instead of “HKEY_CURRENT_USER“
We discuss some more methods in my next post…..till then…Stay Sharp….