back to article Disabling Windows Autorun - there's a right way and a wrong way

After some confusion about exactly how Windows users can protect themselves against a prolific computer worm called Downadup, Microsoft security watchers are once again reiterating the steps for disabling the Autorun feature. Downadup has managed to infect an estimated 9 million machines at last count using multiple attack …

COMMENTS

This topic is closed for new posts.

Page:

JB
Thumb Up

At last!

For years it has just pissed me off when that window keeps popping up whenever I put a DVD in the drive or attach a USB stick. Why didn't someone tell me about this years ago? :)

0
0

TweakXP does it for you

Tweak XP does it for you. No registry editing. The problem is most of my clients couldn't handle having to right click and select autoplay ... on the optical drive.

When I used vista I found a similar program for vista .. but now I am sticking with XP until I give Windows 7 a shot.

0
0

Windows security...

Yes, let's automatically execute whatever random executable happens to be configured on some random media we're connecting to, rather than require user intervention. What a wonderful idea! Nothing could possibly go wrong! Then let's make disabling it as cryptic as possible.

Bloody idiots. To think that people still buy that shit, it's sickening.

0
0
Thumb Up

Best way to disable to Autorun

I hear that if you uninstall Windows altogether, the problem goes away, as do many others!

0
0
Anonymous Coward

But...

Aunt Mildred probably runs Vista Home, in which Gpedit is missing, so the Microsoft fix won't help her.

0
0
Bronze badge

Surely....

...Microsoft could come up with a *.reg file normal users could double-click to change the registry settings?

0
0
J
Joke

Heh

Windows is clearly not ready for the desktop.

Editing Registry? Or Register?

0
0
Silver badge

@Neoc

If MS issued a .reg file, how soon before all sorts of other such files would be circulating by email claiming to be a fix from MS?

0
0

Re: Surely....

Encouraging users to run .reg files is a security liability itself.

0
0

This post has been deleted by its author

Silver badge

Fixed that bug?

Why don't they simply fix that bug in the next service pack. I mean nobody needs or wants Autorun.

0
0
Anonymous Coward

Vista default

The Vista default is to pop a window to authorise the autorun. I think it includes a tick box for "don't ask again." There is also a single config window for all media. Instructions here: http://www.howtogeek.com/howto/windows-vista/disable-autoplay-in-windows-vista/

If your aunt Mildred clicks "yes" to every question that comes up, then this might help save her from herself, but it should be OK if she both reads them and understands that her Sony CD doesn't really need to run any of its own software. (I think that rootkit popped a window explaining that the new software was necessary to give the best listening experience, so even people who read the question might have clicked "yes.")

0
0

That's a tad cryptic.

To disable auto run you have to ENABLE the disable auto run option.

Maybe I need more caffeine, but I think that could be made simpler.

0
0
Stop

@raving angry loony

The Bloody Idiots are the ones who throw in random media without being certain of the source. Surely this is first principles with regards to security.

Trouble with most Linux Fanatics is they ignore the average users demand for ease of use combined with lack of skills. Whether they like it or not, Microsoft addressed - only Ubuntu has really come close to trying. Autorun is one of those features that fits Joe User nicely, but leaves an unfortunate security issue.

0
0
Joke

what amazes me

is that they couldnt just restrict what autorun can do, I mean, what exactly could it possibly need? it needs to open a program that can do what, install a program? ok, on demand popup a dialog asking for permission and bingo, problem is resolved.

oh wait, windows can't reliably do that.......

0
0

Or you could...

1) Read the screen in front of you which gives some pretty big fucking clues that it's dodgey (e.g. the word on a different icon saying "Browse folders"

2) Keep UAC enabled

3) Ignore the autoplay screen

This isn't an exploit or a hole - it's just not great design. However the bottom line is that this is a social engineering exploit rather than a technical one. There's little different between this and getting an email saying "click here to download the latest patches from Micr0soft" from updates.ms@microsoft.fixes.tripod.com

UAC prevents this from actually working, along side the fact that the virus doesn't self-execute.

0
0
Thumb Down

Didn't do it for me

I still have one Windows machine that runs my mail server. Someday I will get around to finding the right mail server software to run on Linux or Mac but in the meantime I still have the one.

So, I tried the "fix" from Microsoft because this has bugged me for years.

Result?

"Windows cannot find the file gpedit.msc. Make sure you have typed the name correctly ...........etc"

There is probably a good reason. It's just that life is too short to go looking for it.

0
0

Doesn't work for me :(

Considered installing the patch but it says that it is not necessary for XP PRo SP2 or SP3?

Therefore, why not just offer SP3 instead of the patch? Anyway, just to be sure, I decided to follow the group policy editing instructions, but when I tried to launch the GP snap-in, my PC reported that it could not be found? Perhaps it's not installed, since I'm not on a corporate network?

So then I decided that I would modify the registry key (NoDriveTypeAutoRun) just to be sure, but found that it does not exist at the specified location!

Next I decided to slap my XP Pro installation disk in the drive and see if it autoruns... it didn't!

... go figure!

0
0
Go

TweakUI

Does it just fine for XP-based machines - I disabled autorun on 5 workstations and a server in a couple of minutes. I think there's a non-MS freeware version of TweakUI for Vista available too.

0
0
Heart

XP users - download the TweakUI PowerTool from MS

The powertools are cute - developed my MS guys, but not "official". There's a really useful one called TweakUI that let's you pick which drives you want to disable autorun, and since any physical drive mounts as a logical drive letter, problem solved.

I think. YMMV.

0
0
Thumb Down

XP

In XP disable service Shell detection something. Done, Autorun is gone system-wide!

0
0
Paris Hilton

re: Why didn't someone tell me about this years ago?

they probably did - you were just asleep :-p

It, along with disabling booting from anything other the hdd, is one of the first things done to any machine

PH - as I am sure even she checks things before allowing free access

0
0

Windows Registry

Oh dear, it still looks like a pointlessly obfuscated piece of shit.

0
0
Stop

@Neoc

Because *that's* not a security risk at all...

0
0
Go

Vista

Vista doesn't really have this problem, when you insert a memory stick/cd it asks you what you would like to do about it rather than autoplaying straight away.

A useful feature I find. After all I have just inserted the stick/cd for a reason.

0
0
Joke

@Surely....

Yes! You could put it on a USB stick and have it run automatically! No, wait...

0
0
Silver badge

Autoplay

I've always disabled it.

When setting up big networks my workers used to complain it was pointless extra work disabling Autoplay.

I've never seen the point of it. How hard is to to click on the icon when you insert the thingy? Also maybe you want to look at the files or manual BEFORE autorun of the installer.

0
0
Stop

This won't help Aunt Mildred anyway...

Of course when Aunt Mildred doesn't have autorun switched on, and she inserts her CD, she won't have a clue how to access it, and will think it's "broken".

And even if somehow she does manage to get to the file explorer window, and open the CD to be confronted by a plethora of meaningless files and folders, she then won't have a clue which file to open on it.

Which means she'll probably randomly click on files - and probably install any virus or worm on there anyway. Computer asks "do you want to run this program?", she's gonna say yes isn't she... "Why would I have clicked on it otherwise! Stupid machine..."

0
0
Linux

But surely ALL useful stuff is in the registry.

For instance the only way to really have a clue about what programs start with the system is to look in the registry, and given the desire of almost every windows app to want to hang out on the bottom right of the screen with its own pointless icon, this can get out of control.

(Why is it i need an icon to tell me i have a touchpad on a laptop...)

0
0
Unhappy

Grrrr.

The problem is that OS makers are trying to cater for an increasingly stupid userbase.

And so as they try to make their OS's (not just MS here) easier and easier to use, so that more thick bastards can use it securely, people who have a clue (increasingly rare it seems) get more and more frustrated when trying to use the OS (Vista UAC anyone?)

0
0
Thumb Down

Their advice is broken for Vista Home Basic

They advice starting Gpedit.msc, but that doesn't exist on Home Basic. Really great advice.

So, how do I disable autorun again, Redmond?!?

Not immediately removing Vista on my newest laptop has already cost me a year of grief and pain.

0
0
Alert

@Neoc

Thus conditioning people to install random .reg files they've downloaded from the internet - a plan with no drawbacks ;-)

0
0
Gold badge

Re: Surely...

"...Microsoft could come up with a *.reg file normal users could double-click to change the registry settings?"

It would be easier still to roll out the change through auto-updates. Clearly the whole point is that Microsoft don't *want* people to disable autoplay. I can't imagine why not, since it causes nothing but grief, but that's the only rational explanation of why the feature still exists and is still enabled.

Autoplay does for memory sticks what ActiveX does for the internet. If you've enabled it, you've just let the bad guys in. If I were conducting the security audit on Se7en, I'd insist on the feature being removed, since its risks so massively outweigh the benefits. Looks like SDL has become JAA for Microsoft. (Just Another Acronym)

0
0
Lee
Paris Hilton

Surely they're missing something here?

The people who are likely to disable autorun are the people who are unlikely to fall for this shit?

Ergo autorun will still run for Aunt Flo who's a complete computer numpty.

Paris - because she can override autorun-disabled....anytime ;-)

0
0

@Neoc, AC

If you follow the links, you end up with a hotfix which downloads and installs, no reg editing needed.

0
0

Wait....

There is a SIMPLE way to disable Autoplay but MS don't tell you

Plug in a USB drive or put a CD / DVD in the drive and close the drawer while you hold shift down. Oh look no "what do you want to do with this USB device" and no "autorun"...

You just need to remember hold down SHIFT, left shift is prefered as the right shift might enable "sticky keys"

As for network drives well no idea but probably shift on boot works as well although some programs that are run on start up from Start > All Programs > Startup will probably not run..

0
0
Unhappy

@Neoc

Or just an update;

FFS they seem to be able to modify anything else they want to, why not something as basic as changing the default to something secure!

0
0
Coat

Disabling Autorun was a good idea since 1995...

... not 2005.

Ever since Windows 95 it was a crappy idea to let Autorun working.

Whenever my dad wanted to search for a lost CD, he would check my drive (guess, not there), and whatever CD I forgot there, be that a music CD or a game, it would kick in, nearly crashing the PC.

Remember, back in the day 16MB of memory was something extraordinary, and Win95 was not the best manager of IRQs or DMA capabilities, freezing everything until the drive had spinned up and read the dreaded Autorun.

Mine is the one that won´t jump at my face when opening the locker.

0
0
Thumb Down

@Neoc

... yea, great, until somebody spoofs that with a whole _new_ set of registry modifications that do something rather more sinister. Aunt Mildred won't know the difference...

0
0

It's just sick

I am not an anti-Windows zealot. I earn my pesos from Windows and use it day to day. But things like this absolutely enrage me.

I think it's time to conclude that Microsoft is not only not interested in PC security but is actively sabotaging it. I can think of no other reason for still having problems like this regularly cropping up. When you look at PC security issues about 99% originate from Redmond's insane compulsion to script, RPC or “ActiveX” everything it touches.

It's not that these things aren't useful if used correctly. I use scripts all the time and guess how Linux does much of it's hard lifting. It's just that only a stupid, f---ing, moronic idiot would default to “execution enabled” for everything from embedded emails scripts to CD setups and allow un-authenticated, alien code to run without even trying to establish some kind of minimal session level security. To then require the user to switch off this idiocy is the ultimate insult.

I think that what needs to be done is to start a huge class action suit against Microsoft for substantial multibillion dollar damages. They appear to be incapable of responding to anything else. In case anyone wonders whether there are sufficient grounds for mounting such an action just try to quantify how much time and money this single, totally foreseeable and avoidable“bug” is causing and multiply it by.... who knows what!

0
0
Anonymous Coward

Re: Windows Registry

>Oh dear, it still looks like a pointlessly obfuscated piece of shit.

Yes, it's not a patch on /etc/.

0
0
Paris Hilton

Not a stupid user-base

@fwibbler

Its not that the OS makers are trying to cater for an increasingly stupid userbase, its that with a GUI they have been dumbing down the skills needed to use a 'puter for years.

There was a time when a sophisticated user inter face was a .bat file that displayed ANSI control codes and simply executed a batch file to run your proggy. Bring back the command line interface I say (and 16 colour displays), when the only way to install a virus will be by running the command "installvirus /ROOTKIT_AS_WELL /Bugger_up_the restore_points_while_youre_at_it

It may be social engineering that is tricking peeps into installing all sort of crap on their computers (not a reference to windoze), but just ask yourself, who gave these hacker the tools to engage in this sort of crap. Why turn on the idiot interface by default, like autorun and "hide file extensions", and run everything as a administrator, is it because the OS developers are idiots as well?

Paris, well known for her simple to use interface

0
0
Thumb Down

Fail.......

Probably affecting more home users than pro's (hopefully), therefore more likely that it will be XP Home not XP Pro. Unfortunate then that the advice given by microsoft to XP Home users involves the group policy editor....... Get a f*ing grip Redmond.

total fail.... really. Where do they hire their QA from these days ?

0
0
Stop

The REAL way to disable the danger of Autorun / Autoplay

Look here:

http://autorun.synthasite.com/

Basically, the aforementioned registry keys and group policy settings only disable the automatic reading of a drive and either popping up the Autoplay menu or executing a program.

Even with these registry keys set, Windows still parses the autorun.inf, possibly resulting in new items added to the right-click context menu (when clicking on the drive) or hi-jacking of the default "Open" or "Explore" commands so that just double-clicking on the drive could execute a malicious payload.

Dan McCloy describes how to re-direct Windows away from Autorun.inf to a non-existant registry key. After applying the reg fix on my system, the only thing that happens when I insert either a CD or a USB thumb-drive is that Windows Explorer opens, displaying the contents of the drive. I can then click on the setup.exe IF I want to!

0
0
Linux

Piss Poor From MicroShaft

For years they've been warned about this and now look at the mess, definitely a negligence claim worth pursuing there irrespective of what the weasely EULA says.

Go tell it to Ed Bott, MS's number one Smithers on ZDNET.com

0
0
Linux

@Fail

You can install gpedit.msc on xp home with the right files. MS should push it out to all versions of windows via update it's only a 0.8mb zip (xp version) for the files for God's sake.

0
0

@fwibbler

I couldn't agree more. Though I blame Microsoft for implementing fancy interfaces before they, or computers, were ready -- leading to people being able to do things they don't understand at the click of a mouse.

0
0
Stop

To all those who think they've "solved" this...

...you are aware that, if there's a CDFS partition on the drive, autorun.inf will be executed *regardless* of whether you configure the registry/press Shift/whatever?

Nice security hole you got there...

*Disclaimer: the above is hearsay from Slashdot - anybody with a WIndoze PC and a partition editor care to confirm this?

0
0
Paris Hilton

@JonB

"Yes, it's not a patch on /etc/"

Why? What's easier to work out:

/etc/ntp.conf

or

H_KEY/LOCAL_MACHINE/{EF2329A8D:34FA:CCB88920}/

?

0
0
Paris Hilton

re: It's just sick

It's not that they want to fuck up the security it's that they want to make it easier for anyone (including virus writers, because virus writers are people too, you know) to use their OS, so that they get 85% of the market using them.

Security is not on their radar. And if it DOES pop up, unless they can exploit it for their market retention (cf Palladium) it will get shot down PDQ.

0
0

Page:

This topic is closed for new posts.

Forums