SECURITY TO THE CORE

How To Disable AutoRun Functionality In Microsoft Windows Operating System


AutoRun and its companion feature AutoPlay are components of the Microsoft Windows Operating System that actually tells what actions the system should take when a drive is mounted in the system.

AutoRun is a feature of Windows Explorer introduced in Windows 95. It enables media and devices to launch programs by use of commands listed in a file called AUTORUN.INF,  it is a configuration file that is normally located in the root directory of a removable media.

Autorun is intended to provide a convenience where an application can launch immediately once a disc is inserted, but the problem is that this feature, widely critizised by the security community, is used by malware in order to spread by infecting as soon as a new drive is inserted in a computer.

But there are lot of people that argue there is no need to disable autorun as long as you have a Reliable Anti Virus Software protecting your computer system, but they should keep in mind that viruses are always one step ahead. The most recent examples of this are the W32/Sality, W32/AlmanW32/Virut and also the most dreaded one W32/Conficker worm which, in addition to spreading via a vulnerability and network shares they also spreads via USB drives aka Pen Drive.

How AutoRun Virus Spread?

AutoRun worms spread by copying the worm to the drive, and then creating an autorun.inf in the root folder of the drive. The autorun.inf loads the copy of the worm, each time you access the drive. Every time the worm is loaded, it searches for new drives to infect, repeating the cycle over and over.  AutoRun worms rarely travel alone. Once infected, you can typically expect additional malware to be downloaded to the system.

How To Disable USB Autorun?

The most effective method of preventing your system from getting infected is to stop the spread of the worm by disabling the autorun feature of USB devices. So, today I am going to explain how to disable USB autorun feature through registry editing which will work in every Microsoft Windows Operating System.

Although I think i must warn you that playing with the registry can be harmful for your system and you might end up re-installing your OS. Before making any changes, I recommend you to backup your registry.

Copy the trailing contents to a Notepad;  and Save it as DisableAutoRun.reg to your Desktop.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]
@=”@SYS:DoesNotExist”

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Explorer\MountPoints2]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
“HonorAutorunSetting”=dword:00000001
“NoDriveAutoRun”=dword:03ffffff
“NoDriveTypeAutoRun”=dword:000000ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
“HonorAutorunSetting”=dword:00000001
“NoDriveAutoRun”=dword:03ffffff
“NoDriveTypeAutoRun”=dword:000000ff

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
“AutoRun”=dword:00000001

Locate DisableAutoRun.reg on your Desktop. Double-click on it and answer ‘Yes‘ when asked if you want to merge with the registry.

This will now prevent any virus from auto executing itself through a USB drive. In addition to this, you must have a good anti virus installed on the system as this method just stops the virus from infecting the system automatically.

Additionally, it is also recommended to use The free Panda USB Vaccine which allows users to vaccinate their PCs in order to disable AutoRun completely so that no program from any USB/CD/DVD drive (regardless of whether they have been previously vaccinated or not) can auto-execute. This is also a really helpful feature as there is no user friendly and easy way of completely disabling AutoRun on a Microsoft  Windows PC.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s