Tip #4745 - Preventing AutoRun Attacks From Malicious CDs
Printer Friendly Version | E-Mail This Tip
Preventing
AutoRun Attacks From Malicious CDs
How many times
have you innocently inserted a CD or flash drive into your computer,
only to find out it has infected your PC with a virus? How did that
happen? Why did that happen? Well, one of the causes could be the
AutoRun feature in Windows. If you have your computer set up to run
the AutoRun, it can launch installers and other programs automatically
as soon as you insert any removable hard disk. Luckily, there are
two ways you can save yourself from a possible virus spread. Let's
check them out!
Turn AutoPlay Off
The next time
you want to prevent Windows from launching applications automatically
from an external device containing the necessary AutoRun information,
this is how you do it:
In Windows XP,
you can change the defaults for AutoPlay by right clicking on the
selected drive and choosing Properties (find the
drive in your My Computer folder). Choose the AutoPlay
tab and change the settings for the different types of media you use.
Similarly, in
Windows Vista, you can choose one of many options: "Always
launch the program," "Always open a listing
of the disk in a Windows Explorer window," "Always
prompt for a choice" or "Take no action."
If That
Fails
However, hackers
will tell you that turning the AutoPlay feature off may not be 100
percent safe if you're up against a malicious AutoRun error. There
are ways to make an AutoRun file run even if AutoPlay is disabled
in XP and the "Take no action" option is selected in Vista.
This is what happens: turning AutoPlay off seems to work, but when
you double click on the drive you're using, it will launch whatever
commands are in the AutoRun file. The worst part is, you're completely
unaware this is happening while the hacker goes on and spreads the
virus all over your computer. It's all done without you knowing anything
unusual has happened.
Another Way of Tackling the Problem
You may think
you can protect yourself from AutoRun by using two keys in the Registry
Editor, known as NoDriveAutoRun and NoDriveTypeAutoRun. However, those
keys can be overridden. The solution is to globally block the AutoRun
files (autorun.inf) from executing, without trying to use the dialogue
boxes in XP and Vista to do so. Here's the procedure:
Step 1:
Open Notepad (Start, All Programs,
Accessories, Notepad) or any other
text editor you may have on your computer.
Step 2:
Copy the following text from this page and paste it into the text
editor. (Make sure you copy everything as is. For example, each entry
needs to be on its own line):
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\IniFileMapping\Autorun.inf]
@="@SYS:DoesNotExist"
Step 3:
Save the file under a name such as "NoAutoRun.reg" (make
sure you include the .reg extension).
Step 4:
Right click on the .reg file and choose Merge. Next,
confirm any warning prompts to add the information to the Registry
Editor.
And Finally...
The next time
you insert a flash drive, CD, DVD or other removable disk into your
computer, Windows will not execute the information on any AutoRun
file that may be present. Naturally, taking those steps means the
next time you put a game or installer disk into your CD or DVD ROM
drive, the software will not launch automatically. You will have to
do it manually. The benefit is big though! If you ever happen to insert
another malicious disk into your computer, your system will have no
choice but to fight it. Now, that's bliss!
~ Zahid H. Javali
Want To Comment On This Tip? Click Here! We'd love to hear from you :-)
Like These Tips? Get 'Em Free In Your E-mail
