Bienvenido! - Willkommen! - Welcome!

Bitácora Técnica de Tux&Cía., Santa Cruz de la Sierra, BO
Bitácora Central: Tux&Cía.
Bitácora de Información Avanzada: Tux&Cía.-Información
May the source be with you!

Monday, August 9, 2010

Disable AutoRun in MS Windows

Source
To effectively disable AutoRun in Microsoft Windows [XP???], import the following registry value:
    REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf] @="@SYS:DoesNotExist"
To import this value, perform the following steps:
  1. Copy the text
  2. Paste the text into Windows Notepad
  3. Save the file as "autorun.reg"
    Note: In certain circumstances, Notepad may automatically add a .txt extension to saved files. To ensure that the file is saved with the proper extension, select All Files in the "Save as type:" section of the "Save As" dialog.
  4. Navigate to the file location
  5. Double-click the file to import it into the Windows registry
Microsoft Windows can also cache the AutoRun information from mounted devices in the MountPoints2 registry key. We recommend restarting Windows after making the registry change so that any cached mount points are reinitialized in a way that ignores the Autorun.inf file. Alternatively, the following registry key may be deleted:
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2
Once these changes have been made, all of the AutoRun code execution scenarios described above will be mitigated because Windows will no longer parse Autorun.inf files to determine which actions to take. Further details are available in the CERT/CC Vulnerability Analysis blog. Thanks to Nick Brown and Emin Atac for providing the workaround and to Aryeh Goretsky for pointing out a possible issue with Notepad appending a .txt file extension.
Update:
Microsoft has published Microsoft Knowledge Base Article 967715, which describes how to correct the problem of NoDriveTypeAutoRun registry value enforcement. After the update is installed, Windows will obey the NoDriveTypeAutorun registry value. Note that this fix has been released via Microsoft Update to all affected systems. The previous update, described in Microsoft Knowledge Base Article 953252, was only available through Microsoft Update for Windows Vista and Windows Server 2008, and for manual installation on other affected platforms. Microsoft states the that systems that already applied the update from Microsoft Knowledge Base Article 953252 do not need to apply the update from Microsoft Knowledge Base Article 967715 because the changes are the same. Additional details about the update can be found in Microsoft Security Advisory (967940). Our testing has shown that installing this update and setting the NoDriveTypeAutoRun registry value to 0xFF will disable AutoRun as effectively as the workaround described above.
Disable AutoPlay in Windows Vista

Windows Vista’s AutoPlay options are a great improvement over Windows XP in terms of flexibility, but unfortunately there are so many options that it can be confusing, especially since there’s no specific mention of USB Flash drives in the options.
Open your Control Panel, and then click on “Play CDs or other media automatically” to open the AutoPlay dialog.
image
Disable AutoPlay Globally
The quickest way to disable AutoPlay entirely is to just uncheck the box for “Use AutoPlay for all media and devices”, which should usually work.
image
Disable for a Single Type
You can choose a setting in the drop-down menu for a single type of drive, for instance Audio CD in this example. For this to work you’ll have to make sure to keep the global autoplay option on, and then choose the specific setting in the drop-down.
image
Disable for just Removable (flash) Drives
The problem here is that while there are settings for Audio CDs and DVDs, there’s nothing specifically for USB flash drives. Windows will determine the drive type based on the content it finds on the flash drive itself, so that’s what we’ll need to change.
In order to disable AutoPlay for the removable drives, you should change all of the following to Take no action: Software and games, Pictures, Video files, Audio files, and Mixed content.
image
Disable Through Group Policy
A number of readers have written in complaining that the option to disable autoplay isn’t working for them, so if you’d like to disable it entirely you can use the Group Policy editor on the Business and Ultimate versions of Vista.
Open up gpedit.msc through the start menu search box, browse to Windows Components \ AutoPlay Policies, and change the value of “Turn off Autoplay” to enabled.
image
You can choose whether to disable for just removable devices, or entirely. I’m not sure if that makes any sense, however.
Disable with Registry Hack
The Group Policy editor is not available on Windows Vista Home editions, so I’ve also included the registry tweak to disable AutoPlay entirely.
Download and unzip this registry hack and then double-click on the appropriate file.
  • DisableAutoPlay.reg will disable autoplay entirely.
  • DisableAutoPlayRemovable.reg will disable autoplay on removable devices.

No comments: