Wednesday, April 1, 2009

How to disable Autoplay

Autoplay is also known as Autorun which should already be disabled for your cd-rom drives because of companies like Sony who like to install DRM on your computer without even asking you. There is a good article from Engadget on how to disable Autorun using a .reg file. This only works for CD-ROM drives and does not disable Autorun for USB drives.

There has been recent news of people gaining access to machines on an internal network using social engineering and USB drives. This guide will show you how to make sure that Autoplay/Autorun is disabled for all devices on your computer. It is highly recommended that you make sure Autorun is disabled for any computers you have access to at work that are running Windows XP. Disabling just the CDROM for your home computers is probably good enough since physical access to those computers is more restricted.

1. Click Start > Run
2. Type “gpedit.msc”
3. Computer Configuration > Click “Administrative Templates” > Click “System” > Double-Click “Turn off Autoplay”
4. Setting tab > Check “Enabled” > Select “All drives” from the drop down menu > Apply > Ok


disable-autoplay

There 4 easy steps to making sure that Autoplay (Autorun) is disabled on all your drives including the USB. That would remove the ability of people to insert a USB drive and automatically run a .exe on your computer by using a *.inf file.

The last thing that you can do to protect yourself is to make sure that you have “Hide extensions for known file types”. This will help you from accidentally clicking on a file that is on a USB drive that looks like it is safe to look at, but is not really. This is one aspect of social engineering that is dependent on the user to make the right decision.

Many criminals will try to mask the presence of a malicious file by adding on .exe to the end of a common file type. For instance .doc.exe or .xls.exe or .jpg.exe would be some examples. The file that you click on is not what you expect it to be rather a virus or a program used to compromise your system. Most anti-virus programs will catch this file after you execute it, but to be on the safe side it is best not to click on it in the first place.

- Open a local folder in Windows Explorer (not IE) like My Documents > Click Tools > Click Folder Options > Click “View” Tab > Uncheck “Hide extensions for known file types”

hide-extensions

Update
I updated some of the links that didn’t work, like the link to the news article about the Sony DRM and the old .reg file. I found a copy of the reg file somewhere else on the internet and rehosted it here so it doesn’t disappear again.