Disable Autorun to protect From Viruses

Written: 2010/02/27

These days practically everyone has at least one USB storage device, be it the traditional USB stick, portable hard drives, MP3 players being used to store files, or even your phone or camera memory card. Gigabytes of data in our pockets. This is all wonderfully convenient, until you plug in your USB stick one day and realize you just got a virus. Then you ask yourself how many computers your USB stick has been plugged into recently, and come to realize you haven't got a clue as to where the virus could have originated.

Carrying around a USB device and using it on many machines to transer data is the computer equivalent of sharing a syringe. Especially on Windows operating systems, where the default behaviour is to read the USB device (thank you plug-n-play), and follow instructions in the "autorun.inf" file found in the root directory of the device.

That's never a good thing to see.

Disable Autorun on Windows XP
There are a couple of ways to do this, however we're going to go with the most certain method: registry editing.
In XP Pro, or pretty much any non-home version of the XP generation of windows, you can do this via policies with gpedit.msc. However, protecting against viruses is something everyone should be able to do, not just people who paid a bit more for their OS.

Navigate to the following location in the registry editor:

Moddify the "NoDriveTypeAutoRun" key to the value of "ff" in hexadecimal. This will disable autorun for the user you are currently logged into.

Then go to:

Moddify the "NoDriveTypeAutoRun" key to the value of "ff" in hexadecimal. This will disable autorun for the whole machine, this overides the HKEY_CURRENT_USER one, so if you only want to do this one, go ahead.

To fix a bug in most versions of windows that still executes autorun commands when double clicking the drive icon, copy the following into a text editor, and save the file with the .reg extension (make sure to set the "all types" for the "save as type" option in the save as window, run the file, and say yes to the prompts.
This basically tells windows that it doesn't know what to do with autorun.inf files. You can also fix this with a patch from microsoft, it seems every version after windows 98 was affected by this (I guess they copy & paste a lot of their code). Windows 7 only uses autorun.inf for CD/DVD media, so it should be more secure by default. Restart your computer, and test it out with a device that typically autoruns. Good examples include software CDs and some brands of portable hard drives. This will stop anything with an autorun.inf from executing the commands in that file. This means if your USB stick has instructions to open nasty_virus.exe like in the above example, it won't do it. This will not affect plug and play devices, so there's no worries about devices not functioning, and the files on portable storage devices will still be accessible. The only minor inconvenience is having to open the drive manually from My Computer, which is a good trade off for security.

For Windows Server 2000, 2003
It should be identical to the steps for XP, tested it on 2003 just fine. I don't have a 2000 setup to test it on, but the registry hasn't changed so much.

For Windows Vista
Just like in XP, you need to tell windows to totally ignore autorun.inf or else even if you tell it not to run them, when you double click the icon for the device you might get screwed.

Copy the above into a text file, save it as a .reg file, run the file, and say yes to the prompts.

Then go to your registry editor and navigate to:
Right click on "Autorun", go to modify, and set the value to "0". You can now close the editor.
Now go to Start, type "autorun", and when the window pops up simply uncheck the "use autoplay for all media and devices" box.


For Windows 7
7 should not need any changes unless you also want to stop CDs or DVDs from executing their autorun, I haven't personally tested this feature but 7 claims to only look at the autorun.inf of CD/DVD media by default. I will update this article after having the chance to setup a virtual machine with 7 to test this on.

Warning
Updating windows, either through service packs or automatic updates might revert these changes and render your system vulnerable again. It is suggested to disable automatic updates, and manually check once a week instead, and if you do update anything, make sure the registry values have not been altered.

Protecting Flash Media
To prevent malicious autorun files from being created on your portable media, simply create a file at the root of the device. Name the file "autorun.inf". Right click it and make sure the box for "read only" is ticked. This should offer basic protection, but is not fool proof. Even if the virus fails to auto run itself, there may still be the malicious executable on the device, so a regular cleanup is advised.