Tag Archives: group policy

How Not to Auto-Run a Virus

When you plug a USB drive into your Windows system, Windows acts like your retarded cousin who wants to help you with the cooking for the catering gig you’re doing: filled with good intentions he runs about touching everything with no clue what your intentions are.

In the case of your retarded cousin you can set him onto some more or less innocuous task thereby offering him a sense of participation and dignity.  In the case of Windows you can just say “Fuck off and don’t touch anything”.

Why would you want to do that?  Isn’t it helpful to have Windows scan the drive and offer up some useful choices?

No.  There are two very distinct disadvantages to giving Windows that power.

First, it takes Windows forever (how long a forever depends upon system resources) to scan an enormous (say 1.5 TB) drive filled with data (read: porn).  And since you are probably trying to do something else, this is as annoying as a pebble in your shoe while you’re running the 50 meter dash.

It’s not like it remembers (caches) the drive contents when you detach the drive.  Each time you plug it in Windows goes all “ooh, shiney!” on you.

Second, it takes Windows no time at all to run the virus that was also on the drive when your retarded cousin said “Hold my beer and check this out”.

Are you thinking “You’re just being paranoid”?  Well, I attached a client drive to my machine yesterday and Avast! found a virus and crashed.  I unplugged the power and restarted hoping for the best but fearing the worst.  I went back into Group Policy on my server and changed things on my network so that no machine will have this problem in the future.

If there is going to be a virus on my machine, I’m going to be the one who installs it; and remember: just because you are paranoid doesn’t mean they’re not out to get you.

Ok.  Now that you’ve seen the good reasons to do this, what is the this you ought to do?

  1. Open your local Group Policy editor: Start —> Run —> gpedit.msc
  2. Navigate to Local Computer Policy —> Computer Configuration —> Administrative Templates —> System
  3. Locate Turn off Autoplay
  4. Right-click and choose Properties
  5. Enable it and select All Drives from the Turn Off Autoplay on: drop down

Voila!  No more dangerous and superfluous scanning of USB drives as they are attached to the system.

Life just keeps getting better.