How Not to Auto-Run a Virus

When you plug a USB drive into your Windows system, Windows acts like your retarded cousin who wants to help you with the cooking for the catering gig you’re doing: filled with good intentions he runs about touching everything with no clue what your intentions are.

In the case of your retarded cousin you can set him onto some more or less innocuous task thereby offering him a sense of participation and dignity.  In the case of Windows you can just say “Fuck off and don’t touch anything”.

Why would you want to do that?  Isn’t it helpful to have Windows scan the drive and offer up some useful choices?

No.  There are two very distinct disadvantages to giving Windows that power.

First, it takes Windows forever (how long a forever depends upon system resources) to scan an enormous (say 1.5 TB) drive filled with data (read: porn).  And since you are probably trying to do something else, this is as annoying as a pebble in your shoe while you’re running the 50 meter dash.

It’s not like it remembers (caches) the drive contents when you detach the drive.  Each time you plug it in Windows goes all “ooh, shiney!” on you.

Second, it takes Windows no time at all to run the virus that was also on the drive when your retarded cousin said “Hold my beer and check this out”.

Are you thinking “You’re just being paranoid”?  Well, I attached a client drive to my machine yesterday and Avast! found a virus and crashed.  I unplugged the power and restarted hoping for the best but fearing the worst.  I went back into Group Policy on my server and changed things on my network so that no machine will have this problem in the future.

If there is going to be a virus on my machine, I’m going to be the one who installs it; and remember: just because you are paranoid doesn’t mean they’re not out to get you.

Ok.  Now that you’ve seen the good reasons to do this, what is the this you ought to do?

  1. Open your local Group Policy editor: Start —> Run —> gpedit.msc
  2. Navigate to Local Computer Policy —> Computer Configuration —> Administrative Templates —> System
  3. Locate Turn off Autoplay
  4. Right-click and choose Properties
  5. Enable it and select All Drives from the Turn Off Autoplay on: drop down

Voila!  No more dangerous and superfluous scanning of USB drives as they are attached to the system.

Life just keeps getting better.

Share

9 thoughts on “How Not to Auto-Run a Virus

  1. For Windows 7 Home (and perhaps the rest of the versions) there’s a bit of a fuss involved. It won’t let you call up the Group Policy Editor console straight out of the box initially claiming it doesn’t find it.

    Continuing the out of the box case, there are a couple of things to do. First is to go Start —> Control Panel —> Apperance and Personalization —> Folder Options and kill the Hide Protected Operating System Files (Recommended) check. AT YOUR OWN RISK if you’re not an experienced user!

    It gets even more fun: gpedit.msc sits way down in the Windows folder. The easiest way to get to it from the “out of the box” is to just search your C drive (or system drive). Mine is here:

    Windows —> winsxs —> x86_microsoft-windows-g..admin-gpedit-snapin_31bf3856ad364e35_6.0.6001.18000_none_70e29eb27742c32b

    (Your final folder name may be slightly different.)

    Now, James, here’s where I’m still slamming into a wall. I call it up and it says it can’t load the snap-in. I tried changing the permissions to Full Access but those are shaded out gray. I suspect I either have to go into MMC to change a security setting, or mess with regedit itself. I’m going to hold off for a bit (three beers at lunch) but I’ll get back to you. MMC I can deal with, but I don’t mess with the registry unassisted.

    1. According to this forum, Windows 7 comes with AutoRun disabled by default (and it’s about fucking time).

      This may be helpful for dealing with AutoPlay:

      Control Panel —> All Control Panel Items —> AutoPlay —> and uncheck “Use autoplay for all media and devices”

      Hopefully that will get you close enough (for Windows).

  2. From the Microsoft Support Knowledge Base (KBA)

    To disable Autorun yourself on operating systems that do not include Gpedit.msc, follow these steps:

    1. Click Start, click Run, type regedit in the Open box, and then click OK.
    2. Locate and then click the following entry in the registry:
    HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorerNoDriveTypeAutorun
    3. Right-click NoDriveTypeAutoRun, and then click Modify.
    4. In the Value data box, type 0xFF to disable all types of drives. Or, to selectively disable specific drives, use a different value as described in the “How to selectively disable specific Autorun features” section.
    5. Click OK, and then exit Registry Editor.
    6. Restart the computer.

    1. I don’t know; however, I would still recommend turning AutoRun and AutoPlay off on all machines. Why? Because if you forget at that critical moment you have infected your machine. The risk is just too high for my tastes.

      If you test it, please let me know if it works.

Leave a Reply to RyBoy Cancel reply

Your email address will not be published. Required fields are marked *