autorun

[bobster]

I have read several articles about the dangers of having Autorun active. I
currently have it deactivated in the registry but do miss the nicety of
having CDs and DVDs start on insertion. My question:

How serious is the risk of having it active? What do you MVPs recommend?

XP SP3
Intel dual processor 2.4 GHZ
2
meg memory
ZA firewall
Avast!

All above up to date

 

[Tim Meddick]

Hi Bobster,
I am NOT an MS MVP, however, my thoughts on the subject are
these. If you are absolutely certain that the cd (flashdrive, mobile
device) you are going to use is from a reputable source (ie. Microsoft,
Major Software Developer/Distributor, is band new) then the risk is nil. If
you take your flash-drive to loads of other computers and download
god-knows-what to it, then the risk is very much greater than that. It's
about using your common-sense judgment about these things

 

[bobster]

Tim,

Sorry if I implied that MVPs were the only valid source on this board. I
even post an opinion myself occasionally if I'm knowledgeable on the subject
of a question -- and I'm far from an MVP, technically speaking.

Your answer is what I was hoping for -- that is, if one uses common sense,
the risk is low. I rarely attach a flashdrive or play unknown CDs/DVDs to
my computer. I will probably re-activate Autorun and on the rare occasion
that I might need to connect an unknown source, I know how to de-activate
Autorun so that I can scan the device before opening it.

Thanks for your help.

=====================================================

Hi Bobster,
I am NOT an MS MVP, however, my thoughts on the subject are
these. If you are absolutely certain that the cd (flashdrive, mobile
device) you are going to use is from a reputable source (ie. Microsoft,
Major Software Developer/Distributor, is band new) then the risk is nil. If
you take your flash-drive to loads of other computers and download
god-knows-what to it, then the risk is very much greater than that. It's
about using your common-sense judgment about these things

 

[Tim Meddick]

Hi Bobster,
I always have autorun disabled, it's the very first thing
I do on a new computer (even if it's doesn't belong to me!) it's so bloody
annoying! But if you need a device to "autorun" on the odd occasion you
don't have to re-enable it. All you do is find the file Autorun.inf in the
root dir of the removable drive and double-click on it to open it. There,
in black and white, is the path to what it would have Auto-Run if you had
let it!

An example autorun.inf file....

[AutoRun]
open=\Install\AutoRun.exe
icon=\Install\AutoRun.exe

....so, in this case, you'd open "Autorun.exe" in the "Install" directory -
simple! It's usually a different filename in different cases but always
listed in the line open= I was mucking about on a Win 2000 machine today
and noticed a shell-command (that is - an item on the right-click-on-a-file
menu) called Autorun so I'll try and see if I can't find a right-click
solution to performing AutoRun on removable drives. I will investigate!

 

[Terry R.]

The date and time was Wednesday, April 08, 2009 4:13:13 PM, and on a
whim, bobster pounded out on the keyboard:

I have read several articles about the dangers of having Autorun active. I
currently have it deactivated in the registry but do miss the nicety of
having CDs and DVDs start on insertion. My question:

How serious is the risk of having it active? What do you MVPs recommend?

XP SP3
Intel dual processor 2.4 GHZ
2
meg memory
ZA firewall
Avast!

All above up to date

Hi bobster,

If you keep your system up to date, you would already have it disabled.
KB 967715 is an update that dealt with autorun.

The issue wasn't only for inserted discs by the way. Since autorun can
be configured on a hard drive, the risk could be elevated by malware
taking advantage of the feature.


Terry R.

 

[Tim Meddick]

Terry,
By default, AutoRun is most definitely cannot run on non-removable
drives. It can be enabled for either cd/dvd drives OR for all removable
drives - not on fixed-discs.

 

[Guest]

Bobster,

I am not a MVP & wouldn't want to be. It just means you have send a certain
number of replies. Some have real qualifications & some like PA Bear just
belong to two websites & been supporting Windows since the launch of XP &
have no real qualifications. It's not an attack on PA Bear but just an
example

There is an autorun virus making the rounds where Symantec have released a
removal tool. If on a flash drive when inserted will try to infect all drive
letters assigned to that computer. On the other hand, no-one says you will
get that autorun file anyway. Remember, if you have it switched on you can
always hold down the SHIFT key to prevent autorun from working for that
instance

Here's the link to the autorun worm:

http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-010717-4209-99

 

[John John - MVP]

Download and install this patch:

How to correct "disable Autorun registry key" enforcement in Windows
http://support.microsoft.com/kb/967715/

Reboot after you install the patch. The patch will add the
HonorAutoRunSetting value in the registry.

You can then use the Group Policy object mentioned in the article or you
can edit the NoDriveTypeAutoRun value in the registry. You can merge
one of these to the registry:

To disable Autorun system wide (for all users) on all the drives:

================================================================================
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"HonorAutoRunSetting"=dword:00000001
"NoDriveTypeAutoRun"=dword:000000ff

=================================================================================


You may find it a bit annoying to have it disabled on the CD drives, to
disable Autorun on all but CD drives use this:

=================================================================================
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"HonorAutoRunSetting"=dword:00000001
"NoDriveTypeAutoRun"=dword:000000df

==================================================================================

These can be applied user specific at the same location in the HKCU key,
if entries exist at both keys the entries at the HKLM key will prevail.
You may need to reboot after you apply the registry edit.

John

 

[Terry R.]

The date and time was Wednesday, April 08, 2009 9:35:46 PM, and on a
whim, Tim Meddick pounded out on the keyboard:

Terry,
By default, AutoRun is most definitely cannot run on non-removable
drives. It can be enabled for either cd/dvd drives OR for all removable
drives - not on fixed-discs.

Tim,

Wrong. Read up on it. Don't think you know everything, okay?


Terry R.