When a CD/DVD disc is inserted or a USB drive is connected to your system, Windows looks in the root directory of the new disc or drive for a file named
autorun.inf. If found, Windows executes the instructions (
keys) in that file.
For more about: Autorun vs Autoplay – What’s the Difference?
Since
Windows 7,
Vista, and
XP, two important changes were made to help improve security:
NOTE: For more on this, see: AutoRun changes in Windows 7 - Security Research & Defense - Site Home - TechNet Blogs
- AutoPlay will no longer support the AutoRun functionality for non-optical removable media. In other words, AutoPlay will still work for CD/DVDs but it will no longer work for USB drives. For example, if an infected USB drive is inserted on a machine then the AutoRun task will not be displayed. This will block the increasing social engineer threat highlighted in the SIR. The dialogs below highlight the difference that users will see after this change. Before the change, the malware is leveraging AutoRun (box in red) to confuse the user. After the change, AutoRun will no longer work, so the AutoPlay options are safe.
- A dialog change was done to clarify that the program being executed is running from external media.
By default in
Windows now, the only [Autorun]
keys available for
USB/removable drives are below. The rest of the keys are ignored.
- label - This key is responsible for displaying a custom name (label) for a CD/DVD or USB drive in Computer when a CD/DVD is inserted or a USB drive is connected.
- icon - This key is responsible for displaying a custom icon for a CD/DVD or USB drive in Computer when a CD/DVD is inserted or a USB drive is connected.
This tutorial will allow you to completely block and disable all keys in
autorun.inf files from being able to execute from
any location and on
any drive. This will affect all users on your
XP,
Vista,
Windows 7, and
Windows 8 computer.
You must be logged in as an
administrator to be able to apply this tutorial.