Tuesday, March 17, 2009

More Vista AutoRun Nonsense

After listening to Security Now episode #187 I was feeling quite smug that Vista was not vulnerable to the problem. Wrong! Microsoft's KB 967715 is misleading too. Why are the guys at Microsoft so lax about improving security? Surely they realise how easily viruses can spread using USB removable drives? I guess not.
Here's a simple fix, which will work for Vista, WinXP, etc.: Create a text file and paste the following:
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=dword:000000ff
"DontSetAutoplayCheckbox"=dword:00000001
"NoAutorun"=dword:00000001
"HonorAutorunSetting"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=dword:000000ff
"DontSetAutoplayCheckbox"=dword:00000001
"NoAutorun"=dword:00000001
"HonorAutorunSetting"=dword:00000001
Save this as "noautorun.reg" or something similar, and then double-click to run it. Make sure that everything inside the square brackets [] is on a single line. This will stop your machine automatically running code when you insert a removable drive, CD, etc.

2 comments:

Igor Levicki said...

REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]
@="@SYS:DoesNotExist"

Donn Edwards said...

That's a bit extreme, because you are disabling the ability of the user to manually do an autorun.

See this blog entry