Protecting Your USB – 3 : Disabling autorun on your PC
This is Part three of the USB Infection Prevention Series…..
Scenario : You own a pen drive and wont it be great if you could just make sure that even if the pen drive is infected, it does not spread to your PC.
Solution : A Simple solution to this is to disable Autorun option.
What?! Disable autorun ?? but its so useful….Agreed..Autorun can be useful but it can be dangerous too. Your computer can be easily compromised within seconds if autorun is enabled. Its just a matter of programming autorun.inf to load the trojan whenever it’s being autoplayed. Apart from these security issues, autorun can also be frustrating when you load a very old/damaged CD and it will try to read and process autorun.inf file. At that point,windows will just freeze and you can’t do anything until you manually eject the disc. I used to be really frustrated by all this back when i used windows XP but ever since i switched to Win7, i have had one less thing to worry….atleast about USB drives cos wonders of wonders….Microsoft has removed the autorun.inf feature from Windows 7.
Unfortunately for those still using XP, there is no simple way for you to enable or disable autorun. However i will share with you some of the methods i collected when i used XP.
Method 1: The trick is to stop auto run by pressing the SHIFT key and hold the key for a while when you load a removable media(i.e USB/CD/DVD ). Simple and Sweet huh?? but we tend to forget things such as holding the key down and that’s why we have method 2….
Method 2: The next method uses Group Policy settings to disable Autorun
- Click Start, click Run, type Gpedit.msc in the Open box, and then click OK.
- Under Computer Configuration, expand Administrative Templates, and then click System.
- In the Settings pane, right-click Turn off Autoplay, and then click Properties.
- Click Enabled, and then select All drives in the Turn off Autoplay box to disable Autorun on all drives.
- Click OK to close the Turn off Autoplay Properties dialog box.
- Restart the computer
Method 3 : This method involves some registry modifications.
1. Go to Start-> Run , then type REGEDIT and press enter to open registry editor.
2. Navigate to the following Key : HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Policies\Explorer. Here you will find a key named “NoDriveTypeAutoRun” then double click it. If not found, create it.
3. For a general change, Change the value for the setting to 95 0 0 0 (for disable). Change the first byte to 91 to enable autorun.
The value of the NoDriveTypeAutoRun registry entry determines which drive or drives the Autorun functionality will be disabled for.For example, if you want to disable Autorun for network drives only, you must set the value of NoDriveTypeAutoRun registry entry to 0x10. If you want to disable Autorun for multiple drives, you must add the corresponding hexadecimal values to the 0x10 value. For example, if you want to disable Autorun for removable drives and for network drives, you must add 0x4 and 0x10, which is the mathematical addition of 2 hexadecimal values, to determine the value to use. 0x4 + 0x10 = 0x14. (in a similar way we got 95 above by summing: 0x1 (unknown types), 0x80 (unknown types), 0x4 (floppy drives), and 0x10 (network drives)) Therefore, in this example, you would set the value of the NoDriveTypeAutoRun entry to 0x14. To selectively disable specific drives, use a different value as described below
Value | Meaning |
0x1 or 0x80 | Disables AutoRun on drives of unknown type |
0x4 | Disables AutoRun on removable drives |
0x8 | Disables AutoRun on fixed drives |
0x10 | Disables AutoRun on network drives |
0x20 | Disables AutoRun on CD-ROM drives |
0x40 | Disables AutoRun on RAM disks |
0xFF | Disables AutoRun on all kinds of drives |
Restart the computer to make the new setting take effect.
NOTE : If you want to disable Autorun functionality for all users in your system, use the “HKEY_LOCAL_MACHINE” instead of “HKEY_CURRENT_USER“
We discuss some more methods in my next post…..till then…Stay Sharp….
can you suggest some tool rather than making these registry changes manually….
Yes…i could but i’m more in favour of using available resources and not relying on tools created by someone else….if you still want suggestions get back to me….
You can’t consider how lengthy ive been searching for something like this. Scrolled through 5 pages of Google results couldnt discover diddly squat. Fast search on bing. There this is…. Really gotta start using that extra often Thank you.
Glad i could help you…and yes, Bing is not as bad as people think it to be…:)
My buddy and I had been debating this issue, he is usually trying to prove me wrong. Your view on this is excellent and exactly how I really believe. I just now mailed him this web site to show him your own point of view. After looking over your website I book marked and will be back to learn your updates!
glad my log was useful to you…..
I cannot thank you enough for the article.Really thank you! Great
Glad i could help you….
Hello buddy, can i post articles to your blog ? Let me know if you are interested
It is good too read your blog again!, i see some interesting updates here..
hi thanks for the blog.
I understand this isn’t exactly on topic, but i run a website using the similar system too and i am having errors with the comments showing. is there a setting i am losing? probably you may help me out? thanks.
considerable chart you’ve acquire
This is really interesting. Thanks for posting it. By the looks of the comments, many others think so too.
Has casually come on a forum and has seen this theme. I can help you council.
Apart from the lack of sources, I like it. Keep up the good job.
Thank you for taking the time to write this
Hello.This article was extremely interesting, particularly since I was investigating for thoughts on this topic last Monday.
Thank you all for the kind words…It makes me work more hard to get all the info under one place…..:)
You completed various good points there. I did a search on the topic and found the majority of people will agree with your blog.
I ran into this page mistakenly, surprisingly, this is a wonderful website. The site owner has carried out a superb job of putting it together, the info here is really and helpful when i do research. You just secured yourself a guarenteed reader.