When a CD/DVD disc is inserted or a USB drive is connected to your system, Windows looks in the root directory of the new disc or drive for a file named autorun.inf
. If found, Windows executes the instructions (keys
) in that file. For more about: Autorun vs Autoplay – What’s the Difference?
In Windows 7
, and XP
, two important changes were made to help improve security: NOTE: For more on this, see: AutoRun changes in Windows 7 - Security Research & Defense - Site Home - TechNet Blogs
- AutoPlay will no longer support the AutoRun functionality for non-optical removable media. In other words, AutoPlay will still work for CD/DVDs but it will no longer work for USB drives. For example, if an infected USB drive is inserted on a machine then the AutoRun task will not be displayed. This will block the increasing social engineer threat highlighted in the SIR. The dialogs below highlight the difference that users will see after this change. Before the change, the malware is leveraging AutoRun (box in red) to confuse the user. After the change, AutoRun will no longer work, so the AutoPlay options are safe.
- A dialog change was done to clarify that the program being executed is running from external media.
By default in Windows
now, the only [Autorun] keys
available for USB/removable drives
are below. The rest of the keys are ignored.
- label - This key is responsible for displaying a custom name (label) for a CD/DVD or USB drive in Computer when a CD/DVD is inserted or a USB drive is connected.
- icon - This key is responsible for displaying a custom icon for a CD/DVD or USB drive in Computer when a CD/DVD is inserted or a USB drive is connected.
This tutorial will allow you to completely block and disable all keys in autorun.inf
files from being able to execute from any location
and on any drive
. This will affect all users on your XP
, Windows 7
, and Windows 8
You must be logged in as an administrator
to be able to apply this tutorial.