Autorun

Disambiguation "autorun" in this context refers to a feature or property of Microsoft Windows and other operating systems, in general, that exhibit the behavior of automatically executing software on an inserted cdrom or media.

Some terminology relating to or sometimes used synonymously are Autoplay, Autorn, and Auto-insert notification.

Whenever inserting DVD's or CD's into a Windows computer you are usually prompted with a message asking what to do with the disc. This happens because of the AutoPlay/Auto Insert Notification functionality built into Windows. This can cause problems when burning discs using DVD/CD duplicators.

There are security implications involved with this behavior, such as the well known Sandisk U3 Flash Drive Virus and the more notorious Sony DRM Rootkit.

The autorun behavior can launch software without your consent and furthermore, actually install malware on your computer without your knowledge with full stealth proficiency.

Hold down the SHIFT KEY when inserting a thumbdrive, cdrom disc, or other related media to prevent autorun.inf from launching. You can temporarily disable the AutoPlay feature in Windows 2000, XP, 2003 by holding down the left Shift key as the CD begins to run. In addition if you wish to browse the contents of the CD open My Computer, right-click the CD-ROM drive and choose explore.

Disabling AutoPlay in Windows XP through Windows Explorer

1. Open My Computer or Explorer
2. Right-click the CD-ROM drive or other drive and click Properties.
3. Click the AutoPlay tab. Within this section you will be able to specify all Windows AutoPlay features.

Disable AutoPlay on audio CDs

1. Click Start, Programs, Windows Explorer
2. Within Explorer click View and then Folder Options.
3. Click the File Types tab and locate "CD Audio Track" category within the list of available file types.
4. Highlight " CD Audio Track" and click Edit or Advanced.
5. In the Actions category change the default from Play to Open or none.

The Windows Registry solution below is the most effective, in that it prevents any drive io activity after media is inserted, however, also has some technical ramifications.

Open 'regedit' and locate the key:

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

double-click the entry: "NoDriveTypeAutoRun" if present and change the value to

"95 00 00 00"

If NoDriveTypeAutoRun is not present, follow the below steps:

1. click Edit from the drop down menu
2. click new
3. click binary value
4. enter "NoDriveTypeAutoRun" as the name
5. enter "95 00 00 00" as the value

OS Specific Methods Using Policy Editor

Windows XP Pro

1. Remove media from the computer.
2. Go to Start<Run, type 'gpedit.msc' (without the quotes) and click OK. This will open up the Group Policy Editor.
3. Expand the following (in order): Computer Configuration<Administrative Templates<System.
4. Click on the System folder, then on the right double-click on the 'Turn AutoPlay off' option.
5. Select Enable and for 'Turn off AutoPlay on' set to All Drives. Click OK, close the Group Policy Editor and restart the computer.

Windows Vista

1. Remove media from the computer.
2. Go to Control Panel<Hardware and Sound<Play CD's or other media automatically.
3. Uncheck the box at the top of the window next to "Use AutoPlay for all media and devices".
4. Click the Save button and close Control Panel.
5. Optional: Same method for disabling in Windows XP Pro can also be used.

Windows 7

1. Remove media from the computer.
2. Go to Control Panel<Hardware and Sound<AutoPlay.
3. Uncheck the box at the top of the window next to "Use AutoPlay for all devices".
4. Click the Save button and close Control Panel.

• Computer Hope [Enabling or disabling Windows AutoPlay http://www.computerhope.com/issues/ch000130.htm#1]

Key Words: spyware , malware , trojan , crash , aries.sys , XCP technology