Benefits of disabling autorun?

Discussion in 'other software & services' started by Engineeringfun, Apr 18, 2011.

Thread Status:
Not open for further replies.
  1. Engineeringfun

    Engineeringfun Registered Member

    Joined:
    Apr 8, 2011
    Posts:
    48
    Location:
    Australia
    I just downloaded the xp update needed to disable autorun and used fix it for microsoft that automatically disables autorun. What are the actual benefits of disabling autorun, does it really provide more protection from viruses and malware?
     
  2. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Plenty of benefits, almost all malware outside of the internet comes from autorun enabled devices.
     
  3. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    For me, it would cripple a useful function. I have several USB hard drives and I use autorun.inf to have the drive open automatically to a specific directory. These drives do not get connected to any computer but my own.

    Policies and procedures in place prevent USB exploits:

    • My flash drive is not the CD emulating type that will execute autorun.inf, so that if it were to become infected with a USB exploit while connected to another computer, it would not run when connected back to my computer.

    • Holding down the SHIFT key bypasses autorun when a CD ROM or USB device with autorun.inf is connected.

    • Navigating to the drive via Windows Explorer prevents any double-clicking from executing autorun.inf

    • Default-Deny security prevents non-white listed executables from running

    Having said that... if one has any doubts, it best to apply the fix, expecially on computers with multiple users.

    Nonetheless, there is one caveat to this "fix" that I've asked about in various places and never have received a clarification. From the KB article which describes how autorun is disabled on USB media:

    Update to the AutoPlay functionality in Windows
    http://support.microsoft.com/kb/971029
    Here is the statement I question:
    I assume this is because Windows cannot distinguish between a true CD and emulated CD device.

    This is quite troubling, it seems to me, for if a user connects one of these types of USB drives that happens to be infected with a USB autorun.inf virus, won't the exploit automatically run?

    -rich
     
    Last edited: Apr 18, 2011
  4. ShaneR34

    ShaneR34 Registered Member

    Joined:
    Mar 9, 2008
    Posts:
    107
    I haven't used XP in so long that I forget, but does it not have the option to turn on/off auto run manually for each type of media?

    Even before security concerns, I always disabled autorun manually for everything.

    I find it annoying more than useful...
     
Loading...
Thread Status:
Not open for further replies.