No Autorun

-http://noautorun.sf.net-

Blocks virus in USB flash/disk from auto-running. When a USB disk is inserted, this tool not only locks the autorun.inf file, but also locks all the autorun-related virus and other suspicious files.

Latest build: 1.1.1.21
Released on: 2010-07-23

Supports 32-bit MS Windows (NT/2000/XP), 64-bit MS Windows, Vista, Windows 7
GNU General Public License (GPL)
____________________________________________________________________________________
Besides sg09 and me, I haven't seen anybody else here using this one. It has protected me several times when I've been using my flash drives @ college. It locks up all the malicious code before it can do any harm. I've found it much more user-friendly than Panda's USB Vaccine, since it doesn't have to modify registry entries. Unobtrusive protection for flash drives, open source, extremely light on resources, easy to use.

Has somebody else tested this? What are your experiences?

 

Hi, never heard of it before now so

Already have the Panda one, but might try this at some point. X64 Bit also available.

I don't understand how it achieves what it's supposed to Without any reg entries ?

Has some nice useful options though

 

I am using it.. it's VERY effective. There is already posts about it.. search and u will find it.

 

thanks look good.

 

What is the situation? Your drive gets infected when connected to another computer, it's protected you when connecting back to your computer?

I assume, then, you are using a U3 type of flash drive. Otherwise, an autorun.inf file will not execute.

----
rich

 

@atomomega: Thanks for mentioning me. Yes I am using this tool for last few months after seeing the recommendation here. It also locked autorun exe file a lots of time where my reliable USB Virus Scan or most other similar apps failed. It is very easy to use and lacks only one imp feature IMO that is the USB vaccination feature. I asked the author for this in Twitter and he replied me that he will try to include the feature.

 

As far as I can remember, No Autorun allows to define flash drive as read-only. So, if you insert it on an infected system, it won't infect, because it won't be possible to write to it.

 

Very nice feature! I don't see that in the configuration screen shot posted above, so it must be somewhere else.


----
rich

 

Yeap, that's correct. Those computers are very infested, so when I bring my USB drive back home and connect it to my computer, No Autorun kicks in immediately, locking up the malicious files. It gives you the option to either remove them or keep them.

 

Why don't you set the option to Read Only that was mentioned? Then, nothing can write to the drive.

----
rich

 

I believe you need to right-click the tray icon and then one of the stuff in there leads to a window where you can define it.

And, indeed, very nice feature, if all you pretend when carrying out your flash drive is to just read, copy or install stuff in other systems. Otherwise, it could be a bit troublesome if you, at the moment, need to place stuff in it.

But, I guess we wouldn't trust our flash drive in systems we don't own and do not trust.

 

"Simple Read-Only protection tool for removable devices.
Make Empty File on selected disk with required size. Most common usage - place executable file on USB-flash drive and run it for space filling. When free space will need, delete empty file."

I did not test it.

 

I guess you are referring to this...

 

Oh, I don't know... I never worry about such stuff.

My flash drive is not the U3 type, so if I copy some stuff from someone else's computer and my drive becomes infected, it won't auto-run when I connect back to my computer. When I access the drive in Windows Explorer, I'll notice if there is anything that shouldn't be there (I never have found anything), and just nuke it.

The other situation of connecting other peoples disks to my computer: In floppy disk days I copied over files to students' disks many times. Now, autorun.inf will execute from a floppy disk. This was before fancy programs, so upon inserting the disk, holding down the SHIFT key prevents autorun.inf from executing. I never did find any infected disks, but it was still a good security procedure to follow.


----
rich

 

I actually tried it right after I was able to read your post while I was at school. But as mentioned above, I wasn't able to add anything to the flash drive. That's the main reason why I use flash drives since I have to do my homework and bring it to school and sometimes pass it on to somebody else, or edit it using the school's computers... so I guess it wouldn't be that practical, for me at least...

 

It protects PC even if read-only feature isn't turned on.. it's only option.

 

If you neuter autorun with OS by turning it off, use something like Panda USB vaccine (lpt1 trick) or use this, isn't the end result the same? If you simply don't want a USB stick (infected or not) to infect you with autorun, why is this any better/worse than the other methods?

Sul.

 

I just made a recent post about usb sticks getting infected and have been so worried cuz my system got hit bad and of course I was using my usb sticks. Mine are not U3 thank god and I have auto-play disabled in the OS. I'm so happy I found this info.

I never thought of it the way you put it so well. Thanks to people like you in this forum us little guys keep learning.

 

Well put Sully, end result is the same.

 

It even protects from link exploit POC. It detected the POC .lnk file and actual malicious .lnk file as well.

It stopped execution of lnk exploit POC dll. I could not test the actual malware though as we have no working sampoles yet.

 

Even though this is not intended to be an A vs B thread, I personally have found Panda USB Vaccine quite intrusive as it sticks to USB drives and can't get rid of it even if you reformat the flash drive, it also changes the way OS (XP Pro SP3 in my case) behaves upon inserting any autorun media (cd, dvd, external hd...) and there's no option to un-vaccinate neither the computer nor the flash drives.
That's why I find No Autorun much more user/OS-friendly as it only kicks in when it has to and displays a clear warning with all the files found to be threats and gives the option to block them but leave them there or to remove them...

 

Since the link exploit doesn't use autorun.inf, I don't understand how this NoAutorun product would intercept a LNK file.

Can you post the alert message that popped up?

thanks,

rich

 

It detected the actual malware .lnk file too.

It stopped loading of POC dll file too.

 

Apparently, this is a feature of the latest version. From the changelog:

 

That's great I wasn't aware of that...