Thursday, January 22, 2009

Disabling Autorun on Windows - Update

Enabling Autorun on Windows is a huge security risk. Autorun basically allows anyone to create a CD or a USB flash drive with an autorun.inf on it and have the code on it run without your permission when it is inserted into your machine. Autorun is the way Sony installled its Rootkit into your system when you wanted to play a Audio CD, Autorun is the way Downadup infects your system. I normally disable Autorun as one of the first things I do on a new system, and I strongly recommend everyone do the same.

This is a topic I have covered before, but I was quite surprised to find a recent post by US-CERT warning that the method I had mentioned was not sufficient. So here is the updated and complete method to disable Autorun:
  1. Install M$ KB953252
  2. Follow the instructions here. Using the Group Policy Editor, navigate to Local Computer Policy > Computer Configuration > Administrative Templates > System. Double click on Turn Off Autoplay. Set it to Enabled on "All Drives"
  3. This step was recommended by me earlier. This is no longer required, but you can still use it if you are paranoid. This has a disadvantage - it will disable Windows MCN (Media Change Notification) so the system will no longer detect the label of newly inserted CDs etc. If you want, follow the steps here. Navigate to HKLM\System\CurrentControlSet\Services\CDRom and set the value of AutoRun to 0
  4. Follow the instructions here. Basically, add the following to your Registry
    REGEDIT4
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]
    @="@SYS:DoesNotExist"
  5. Restart your machine
Complicated? Well, I am just surprised no one screamed at Micro$oft for letting people run programs on your machine without your permission when the whole Rootkit thing happened...

No comments: