The Autorun feature in Windows allows removable devices like CDs and Flash Disks to auto-execute an application when they are inserted. An example would be inserting an application CD into your optical drive, and the setup program automatically starting up. This is accomplished by the use of an autorun.inf file in the root of the removable media that directs windows as to what it is supposed to execute.

Unfortunately in the last couple of years, it has been increasingly popular for attackers to call malicious code by inserting/modifying the autorun.inf on an infected Flash Drive for example. This makes it extremely easy for malware to spread through removable media because it can be installed by simply plugging the device in. Most current virus scan products will automatically clean removable media when it’s inserted, however in the case of a brand new virus that cannot be detected yet, this won’t help you.

The best solution is to simply disable the Autorun feature, so that even if you do plug an infected device into your machine, the malicious code won’t run automatically. The obvious downside of doing this is that you will now need to start setup programs or audio CDs manually when you insert them into your computer. A small price to pay in my opinion.

You can accomplish this by modifying the local policy on your individual machine (or for your entire Windows domain though Group Policy). The below instruction is taken directly from KB967715.

 

  1. Click Start, type Gpedit.msc in the Start Search box, and then press ENTER. If you are prompted for an administrator password or for confirmation, type the password, or click Allow.
  2. Under Computer Configuration, expand Administrative Templates, expand Windows Components, and then click Autoplay Policies.
  3. In the Details pane, double-click Turn off Autoplay.
  4. Click Enabled, and then select All drives in the Turn off Autoplay box to disable Autorun on all drives.
  5. Restart the computer.

Disable Autoplay