Disabling Windows Autorun - there's a right way and a wrong way
After some confusion about exactly how Windows users can protect themselves against a prolific computer worm called Downadup, Microsoft security watchers are once again reiterating the steps for disabling the Autorun feature. Downadup has managed to infect an estimated 9 million machines at last count using multiple attack …
For years it has just pissed me off when that window keeps popping up whenever I put a DVD in the drive or attach a USB stick. Why didn't someone tell me about this years ago? :)
Tweak XP does it for you. No registry editing. The problem is most of my clients couldn't handle having to right click and select autoplay ... on the optical drive.
When I used vista I found a similar program for vista .. but now I am sticking with XP until I give Windows 7 a shot.
Yes, let's automatically execute whatever random executable happens to be configured on some random media we're connecting to, rather than require user intervention. What a wonderful idea! Nothing could possibly go wrong! Then let's make disabling it as cryptic as possible.
Bloody idiots. To think that people still buy that shit, it's sickening.
I hear that if you uninstall Windows altogether, the problem goes away, as do many others!
Aunt Mildred probably runs Vista Home, in which Gpedit is missing, so the Microsoft fix won't help her.
...Microsoft could come up with a *.reg file normal users could double-click to change the registry settings?
Windows is clearly not ready for the desktop.
Editing Registry? Or Register?
If MS issued a .reg file, how soon before all sorts of other such files would be circulating by email claiming to be a fix from MS?
Encouraging users to run .reg files is a security liability itself.
Why don't they simply fix that bug in the next service pack. I mean nobody needs or wants Autorun.
The Vista default is to pop a window to authorise the autorun. I think it includes a tick box for "don't ask again." There is also a single config window for all media. Instructions here: http://www.howtogeek.com/howto/windows-vista/disable-autoplay-in-windows-vista/
If your aunt Mildred clicks "yes" to every question that comes up, then this might help save her from herself, but it should be OK if she both reads them and understands that her Sony CD doesn't really need to run any of its own software. (I think that rootkit popped a window explaining that the new software was necessary to give the best listening experience, so even people who read the question might have clicked "yes.")
To disable auto run you have to ENABLE the disable auto run option.
Maybe I need more caffeine, but I think that could be made simpler.
The Bloody Idiots are the ones who throw in random media without being certain of the source. Surely this is first principles with regards to security.
Trouble with most Linux Fanatics is they ignore the average users demand for ease of use combined with lack of skills. Whether they like it or not, Microsoft addressed - only Ubuntu has really come close to trying. Autorun is one of those features that fits Joe User nicely, but leaves an unfortunate security issue.
is that they couldnt just restrict what autorun can do, I mean, what exactly could it possibly need? it needs to open a program that can do what, install a program? ok, on demand popup a dialog asking for permission and bingo, problem is resolved.
oh wait, windows can't reliably do that.......
1) Read the screen in front of you which gives some pretty big fucking clues that it's dodgey (e.g. the word on a different icon saying "Browse folders"
2) Keep UAC enabled
3) Ignore the autoplay screen
This isn't an exploit or a hole - it's just not great design. However the bottom line is that this is a social engineering exploit rather than a technical one. There's little different between this and getting an email saying "click here to download the latest patches from Micr0soft" from updates.ms@microsoft.fixes.tripod.com
UAC prevents this from actually working, along side the fact that the virus doesn't self-execute.
I still have one Windows machine that runs my mail server. Someday I will get around to finding the right mail server software to run on Linux or Mac but in the meantime I still have the one.
So, I tried the "fix" from Microsoft because this has bugged me for years.
Result?
"Windows cannot find the file gpedit.msc. Make sure you have typed the name correctly ...........etc"
There is probably a good reason. It's just that life is too short to go looking for it.
Considered installing the patch but it says that it is not necessary for XP PRo SP2 or SP3?
Therefore, why not just offer SP3 instead of the patch? Anyway, just to be sure, I decided to follow the group policy editing instructions, but when I tried to launch the GP snap-in, my PC reported that it could not be found? Perhaps it's not installed, since I'm not on a corporate network?
So then I decided that I would modify the registry key (NoDriveTypeAutoRun) just to be sure, but found that it does not exist at the specified location!
Next I decided to slap my XP Pro installation disk in the drive and see if it autoruns... it didn't!
... go figure!
Does it just fine for XP-based machines - I disabled autorun on 5 workstations and a server in a couple of minutes. I think there's a non-MS freeware version of TweakUI for Vista available too.
The powertools are cute - developed my MS guys, but not "official". There's a really useful one called TweakUI that let's you pick which drives you want to disable autorun, and since any physical drive mounts as a logical drive letter, problem solved.
I think. YMMV.
In XP disable service Shell detection something. Done, Autorun is gone system-wide!
they probably did - you were just asleep :-p
It, along with disabling booting from anything other the hdd, is one of the first things done to any machine
PH - as I am sure even she checks things before allowing free access
Oh dear, it still looks like a pointlessly obfuscated piece of shit.
Vista doesn't really have this problem, when you insert a memory stick/cd it asks you what you would like to do about it rather than autoplaying straight away.
A useful feature I find. After all I have just inserted the stick/cd for a reason.
Yes! You could put it on a USB stick and have it run automatically! No, wait...
I've always disabled it.
When setting up big networks my workers used to complain it was pointless extra work disabling Autoplay.
I've never seen the point of it. How hard is to to click on the icon when you insert the thingy? Also maybe you want to look at the files or manual BEFORE autorun of the installer.
Of course when Aunt Mildred doesn't have autorun switched on, and she inserts her CD, she won't have a clue how to access it, and will think it's "broken".
And even if somehow she does manage to get to the file explorer window, and open the CD to be confronted by a plethora of meaningless files and folders, she then won't have a clue which file to open on it.
Which means she'll probably randomly click on files - and probably install any virus or worm on there anyway. Computer asks "do you want to run this program?", she's gonna say yes isn't she... "Why would I have clicked on it otherwise! Stupid machine..."
For instance the only way to really have a clue about what programs start with the system is to look in the registry, and given the desire of almost every windows app to want to hang out on the bottom right of the screen with its own pointless icon, this can get out of control.
(Why is it i need an icon to tell me i have a touchpad on a laptop...)
The problem is that OS makers are trying to cater for an increasingly stupid userbase.
And so as they try to make their OS's (not just MS here) easier and easier to use, so that more thick bastards can use it securely, people who have a clue (increasingly rare it seems) get more and more frustrated when trying to use the OS (Vista UAC anyone?)
They advice starting Gpedit.msc, but that doesn't exist on Home Basic. Really great advice.
So, how do I disable autorun again, Redmond?!?
Not immediately removing Vista on my newest laptop has already cost me a year of grief and pain.
Thus conditioning people to install random .reg files they've downloaded from the internet - a plan with no drawbacks ;-)
"...Microsoft could come up with a *.reg file normal users could double-click to change the registry settings?"
It would be easier still to roll out the change through auto-updates. Clearly the whole point is that Microsoft don't *want* people to disable autoplay. I can't imagine why not, since it causes nothing but grief, but that's the only rational explanation of why the feature still exists and is still enabled.
Autoplay does for memory sticks what ActiveX does for the internet. If you've enabled it, you've just let the bad guys in. If I were conducting the security audit on Se7en, I'd insist on the feature being removed, since its risks so massively outweigh the benefits. Looks like SDL has become JAA for Microsoft. (Just Another Acronym)
The people who are likely to disable autorun are the people who are unlikely to fall for this shit?
Ergo autorun will still run for Aunt Flo who's a complete computer numpty.
Paris - because she can override autorun-disabled....anytime ;-)
If you follow the links, you end up with a hotfix which downloads and installs, no reg editing needed.
There is a SIMPLE way to disable Autoplay but MS don't tell you
Plug in a USB drive or put a CD / DVD in the drive and close the drawer while you hold shift down. Oh look no "what do you want to do with this USB device" and no "autorun"...
You just need to remember hold down SHIFT, left shift is prefered as the right shift might enable "sticky keys"
As for network drives well no idea but probably shift on boot works as well although some programs that are run on start up from Start > All Programs > Startup will probably not run..
Or just an update;
FFS they seem to be able to modify anything else they want to, why not something as basic as changing the default to something secure!
... not 2005.
Ever since Windows 95 it was a crappy idea to let Autorun working.
Whenever my dad wanted to search for a lost CD, he would check my drive (guess, not there), and whatever CD I forgot there, be that a music CD or a game, it would kick in, nearly crashing the PC.
Remember, back in the day 16MB of memory was something extraordinary, and Win95 was not the best manager of IRQs or DMA capabilities, freezing everything until the drive had spinned up and read the dreaded Autorun.
Mine is the one that won´t jump at my face when opening the locker.
... yea, great, until somebody spoofs that with a whole _new_ set of registry modifications that do something rather more sinister. Aunt Mildred won't know the difference...
I am not an anti-Windows zealot. I earn my pesos from Windows and use it day to day. But things like this absolutely enrage me.
I think it's time to conclude that Microsoft is not only not interested in PC security but is actively sabotaging it. I can think of no other reason for still having problems like this regularly cropping up. When you look at PC security issues about 99% originate from Redmond's insane compulsion to script, RPC or “ActiveX” everything it touches.
It's not that these things aren't useful if used correctly. I use scripts all the time and guess how Linux does much of it's hard lifting. It's just that only a stupid, f---ing, moronic idiot would default to “execution enabled” for everything from embedded emails scripts to CD setups and allow un-authenticated, alien code to run without even trying to establish some kind of minimal session level security. To then require the user to switch off this idiocy is the ultimate insult.
I think that what needs to be done is to start a huge class action suit against Microsoft for substantial multibillion dollar damages. They appear to be incapable of responding to anything else. In case anyone wonders whether there are sufficient grounds for mounting such an action just try to quantify how much time and money this single, totally foreseeable and avoidable“bug” is causing and multiply it by.... who knows what!
>Oh dear, it still looks like a pointlessly obfuscated piece of shit.
Yes, it's not a patch on /etc/.
@fwibbler
Its not that the OS makers are trying to cater for an increasingly stupid userbase, its that with a GUI they have been dumbing down the skills needed to use a 'puter for years.
There was a time when a sophisticated user inter face was a .bat file that displayed ANSI control codes and simply executed a batch file to run your proggy. Bring back the command line interface I say (and 16 colour displays), when the only way to install a virus will be by running the command "installvirus /ROOTKIT_AS_WELL /Bugger_up_the restore_points_while_youre_at_it
It may be social engineering that is tricking peeps into installing all sort of crap on their computers (not a reference to windoze), but just ask yourself, who gave these hacker the tools to engage in this sort of crap. Why turn on the idiot interface by default, like autorun and "hide file extensions", and run everything as a administrator, is it because the OS developers are idiots as well?
Paris, well known for her simple to use interface
Probably affecting more home users than pro's (hopefully), therefore more likely that it will be XP Home not XP Pro. Unfortunate then that the advice given by microsoft to XP Home users involves the group policy editor....... Get a f*ing grip Redmond.
total fail.... really. Where do they hire their QA from these days ?
Look here:
http://autorun.synthasite.com/
Basically, the aforementioned registry keys and group policy settings only disable the automatic reading of a drive and either popping up the Autoplay menu or executing a program.
Even with these registry keys set, Windows still parses the autorun.inf, possibly resulting in new items added to the right-click context menu (when clicking on the drive) or hi-jacking of the default "Open" or "Explore" commands so that just double-clicking on the drive could execute a malicious payload.
Dan McCloy describes how to re-direct Windows away from Autorun.inf to a non-existant registry key. After applying the reg fix on my system, the only thing that happens when I insert either a CD or a USB thumb-drive is that Windows Explorer opens, displaying the contents of the drive. I can then click on the setup.exe IF I want to!
For years they've been warned about this and now look at the mess, definitely a negligence claim worth pursuing there irrespective of what the weasely EULA says.
Go tell it to Ed Bott, MS's number one Smithers on ZDNET.com
You can install gpedit.msc on xp home with the right files. MS should push it out to all versions of windows via update it's only a 0.8mb zip (xp version) for the files for God's sake.
I couldn't agree more. Though I blame Microsoft for implementing fancy interfaces before they, or computers, were ready -- leading to people being able to do things they don't understand at the click of a mouse.
...you are aware that, if there's a CDFS partition on the drive, autorun.inf will be executed *regardless* of whether you configure the registry/press Shift/whatever?
Nice security hole you got there...
*Disclaimer: the above is hearsay from Slashdot - anybody with a WIndoze PC and a partition editor care to confirm this?
"Yes, it's not a patch on /etc/"
Why? What's easier to work out:
/etc/ntp.conf
or
H_KEY/LOCAL_MACHINE/{EF2329A8D:34FA:CCB88920}/
?
It's not that they want to fuck up the security it's that they want to make it easier for anyone (including virus writers, because virus writers are people too, you know) to use their OS, so that they get 85% of the market using them.
Security is not on their radar. And if it DOES pop up, unless they can exploit it for their market retention (cf Palladium) it will get shot down PDQ.
Sign up, sign up for The Register's weekly IT security newsletter - click here
