A PSA:

[theweaselking]

Disabling Autorun in Windows does not disable Autorun in Windows.

Basically, you can still get arbitrary code execution by mapping a network drive (it autoruns), choosing "open the folder and view files" when a new device is plugged in, or by double-clicking on a plugged-in device (because the default action changes to "Autorun" if it's got an autorun.inf file, even if the NORMAL double-click action is "open" or "explore")

There's a reg hack to kill it, or you can just avoid doing those three things.

Comments

[jsbowden.livejournal.com]

Or you can install TweakUI, and go in and uncheck all the drive letters and never worry about it ever again.

[theweaselking.livejournal.com]

I believe that still allows autorun by double-clicking on inserted media.

[glitteringlynx.livejournal.com]

I was going to ask if this applies to any specific versions, but the screenshots look XP so I'll definitely have to look into that. I'd noticed autorun sometimes WILL work when I don't want it and will NOT work when I do. LOL I hadn't thought that a virus would utilise such a feature but it makes sense.

Thanks for the heads-up. I'm going to spread the news.

[theweaselking.livejournal.com]

"autorun" is the main reason people tell you to never plug in an untrusted USB stick.

Well, that and the USB device driver autoinstaller, but that one's been mostly fixed. You should still never trust a strange USB device.

[glitteringlynx.livejournal.com]

If you install a USB drive and access the contents on said USB drive, and if there's an autorun which doesn't give the user any direct way of KNOWING it executed, would TweakUI prevent that execution?

[glitteringlynx.livejournal.com]

Yeh, totally.

[jsbowden.livejournal.com]

Nope. Once you uncheck the drive letter, even right clicking on the drive doesn't have Autorun as an option in the Context menu anymore.

I install TweakUI on every XP machine I build and disable it for all drive letters. Turning off just Autorun and not disabling it for all drives will screw you anyway as some software turns it back on (but doesn't re-enable a drive letter) without bothering to tell you.

[jsbowden.livejournal.com]

Yes, if you disable the drive letter (not just turn off Autorun, which still allows for double clicking or context menu autorun).

[silmaril.livejournal.com]

*taking notes*

[silmaril.livejournal.com]

By the way, any reason why I shouldn't just do what the page Le Roi d'Weasel linked to says?

[jsbowden.livejournal.com]

You can do it that way, but TweakUI is a seriously useful piece of software that MS should have shipped with XP by default since it also lets you do all kinds of other sensible things. I don't normally recommend hand editing the registry, which is essentially what creating and running a .reg file is. My way is considerably harder to screw up.

[cacahuate.livejournal.com]

I have noticed this. Thanks.

Where's your rant about how, because it has a flaw, Windows is the worst OS ever and anyone who uses it is an idiot? ;)

[theweaselking.livejournal.com]

If TweakUI kills autorun correctly *and* you've used TweakUI to do it, it's not strictly necessary.

What the reg hack on that page does is to tell Windows that autorun.inf is a pre-Win95 .ini file, and any time it sees that file, ignore the contents and use a registry entry called "DoesNotExist" instead.

Since that entry doesn't exist, Windows thinks the autorun.inf file is blank, and doesn't run it.

[theweaselking.livejournal.com]

I don't do those. And complaining about how the idiot who coded "autorun" in the first place has intimate carnal relations with syphilitic dead bears has been done, over and over again, since 1994 or so.

(Besides, MacOSX will not be "the worst OS ever" as long as MacOS9 and OS/2 aren't retroactively corrected.)

[cacahuate.livejournal.com]

No kidding about OS9. It worked well enough when I was nine, I thought (being nine), but I had an internship at a newspaper a year ago that used it for everything. That was the most frustrating, least compatible shit ever.