Greg Johnston, tech columnist
Windows 7 has been out for about 3 weeks now, and reports are just out about the first major security exploit, a “zero day” vulnerability (meaning hackers have found and released viruses or Trojans to exploit the issue before it was discovered by the software publisher, meaning Microsoft has to play catch up to find a fix and test it for release). However, details on that will be a column for later this week
Today I’m focusing on something that Windows 7 got right, which is that Windows Autorun is disabled by default. I think XP and Vista users should disable Autorun on their systems as well, in the interest of greatly enhanced security, and I’ll attempt to make it easy for you to do so – Microsoft certainly hasn’t.
A little background first. Those of us who have been using personal computers long enough to remember when the floppy disk was the king of portable storage will also remember that most viruses back in the day were spread by copying themselves to removable storage – floppies – that were then used in other computers, spreading the virus when infected files or programs on the floppy were opened on another computer.
As CD’s largely replaced floppies, infected disks were less of a concern (although burned disks can carry infections, and on occasion even software CD’s from legit companies have been infected at the point of manufacture).
Beginning with Windows 95, Microsoft introduced a feature called Autorun, which when a CD or other removable disk is inserted containing a file called autorun.inf, will automatically run the contents of that file. This was intended to make it easy for inexperienced users to install software, by having the software installer programs automatically launched via autorun.inf, rather than users having to find and run the setup programs.
This has always been a matter of Microsoft choosing ease of use over security; a trade-off all operating systems have to make to some degree, since security tends to demand more input, knowledge, and interaction from users. This particular decision has been particularly problematic, however.
The problem with this is easy to see – if a disk is inserted, which today commonly means a plug-in USB “key drive” or external hard drive, an autorun.inf file can be configured by a virus on an already infected computer to install malicious software on subsequent Windows computers the USB drive is used in. Echoes of the floppy disk past!
This does happen – I’ve been a victim myself. I’m normally very careful with my USB drives, but on one occasion, I used one of my USB key drives to load some of my security tools onto a client’s seriously infected XP computer (they’d visited a rigged website and been infected with a drive-by virus).
Usually I’d run the USB drive through a virus scan on my Mac or Linux computer before even thinking of letting it near one of my Windows PC’s – but I mixed up the drive, and used it in my nearly new Vista laptop, which still had Autorun enabled.
My laptop, which had up-to-date antivirus, strong passwords, and no admin accounts logged in, was immediately and irreparably infected via an unpatched zero day vulnerability in Vista (remember what I said back at the start about zero-day exploits), causing me to have to reformat the computer and reinstall everything from scratch – fortunately I had backups of my documents.
In a sense, it was good that the infection was so destructive that it was immediately obvious the computer was not functioning normally – had it been less severe, I might have gone on using the computer, unaware my system was no longer secure or under my control.
So, down to brass tacks – how do you disable Autorun in Windows XP and Vista, and what will it mean for you?
You can manually edit the Windows registry to disable the Autorun function on all removable disks, but editing the registry directly is not a good idea if you’re not a fairly knowledgeable and confident computer user, since mistakes can render your computer unusable.
Instead, you can copy and paste three lines into a notepad document (Start>Accessories>Notepad) and save it as “noautrun.reg” (or any other name ending with .reg, just be sure you know where you saved it).
The three lines to copy into your Notepad document:
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]
@=”@SYS:DoesNotExist”
If you see more than 3 lines, (may depend on your browser and screen), make sure everything from [HKEY_LOCAL… to …Autorun.inf] ends up on one line in your document.
Save your document as Noautrun.reg, making sure in the save dialog box to change the file type from the default “.txt” to “all files”, or Windows will add .txt to the filename in spite of you typing “.reg”.
Next, locate your saved Noautrun.reg file, double click it, and it will run as a script (much like Autorun.inf files on disks do with Autorun enabled). You will be asked if you want to add data to the Registry – select yes to allow the modification. Credit for this script goes to Nick Brown, who posted it at About.com.
You’re done. Now, with Autorun disabled, it will mean program installers and launchers will not start up as soon as you insert disks – to run software on CD’s or removable disks, you will have to open the drive in My Computer and find the setup.exe or install.exe file to start the installer.
It also means your kids might find it less convenient to install every bit of software that comes on a CD in a cereal box or Happy Meal, so even the downside has an upside. And now your XP or Vista PC is much less vulnerable to malware from passing around USB drives.
A note for Windows 7 users also using Apple’s iTunes – iTunes will ask if you want to enable Autorun after iTunes is installed – choose NO. iTunes will still be able to recognize audio CD’s. And a brickbat for Apple for offering to enable a less secure setting without first letting the user know it is less secure, and that it isn’t necessary for iTunes to identify music CD’s.
Greg Johnston
greg@infotrek.ca
www.infotrek.ca
Related posts:
- WINDOWS PROBLEMS (AND COMPUTERS GENERALLY): DON'T PANIC – PART 1 Greg Johnston, tech columnist For readers who may be unfamiliar...
- WINDOWS 7 – VISTA FIXED? Greg Johnston, tech columnist Last week, Apple released their latest...
- WINDOWS 7 REVIVED MY UMPC AND NETBOOK By Stephen Wagner I want to tell you all about...
- COMPUTER SECURITIY "SOAP OPERA" OVER WINDOWS 7 VULNERABILITY Greg Johnston, tech columnist Microsoft acknowledged earlier this week that...
- COMPUTER SECURITY PROBLEMS: IT'S NOT JUST WINDOWS Greg Johnston, tech columnist Today, I’m going to alert readers...
Related posts brought to you by Yet Another Related Posts Plugin.
Something I should add to the above: Autorun is not the same thing as Autoplay, which was introduced with WinXP and later. Autoplay is a feature that looks for music, video, photos, and other media files on removable drives, and offers to import them, start up media players, and so on. This functionality is not disabled by disabling Autorun, so you will still be asked about what you want to do with such drives. This is not particularly a security problem, since you have the option to do nothing before allowing your antivirus software to check the drive for malware, unlike Autorun files that are executed as soon as the removable disk is mounted.