USB flash drives are our personal data carriers, but the way we use it to exchange files also makes them open to viruses.
The Achilles heel which viruses exploit is the autorun.inf file. Autorun.inf file is a simple instruction file present in removable media like CDs, DVDs and USB drives. This file contains a series of commands that triggers the operating system to start an executable, tells it which icon to use, and which additional actions to make available. A basic autorun.inf file looks like this ““
Special Note: Autoplay is the Windows action which asks you to specify the application to use to open a particular file. The autoplay dialog box asks you to select from the options when you insert a media. Autorun on the other hand, is the Windows action which automatically launches applications depending on the commands given in the autorun.inf file when we double click the removable drive icon.
The keyword is automatic. We have to find ways to short circuit the automatic execution of programs (good or bad), so that a hidden malware does not penetrate our system. The idea then is to change the way Windows handles the autorun.inf file. The methods expressed here are majorly for Windows XP.
Use the SHIFT key
Suppress autorun by pressing the SHIFT key when inserting a USB drive. Then, right click on the icon in Explorer and select Explore to access the contents of the drive. This is a one-time action and you have to keep that in mind every time you insert an USB drive. And you have to be ever mindful of never double-clicking your USB drive icon in Explorer.
Go to the Group Policy Editor
Group Policy Editor is used to define user and computer configurations for groups of users and computers.
- Open GPEditor via Start – Run. Enter gpedit.msc in the Run box.
- Navigate to Computer Configuration – Administrative Templates – System.
- Highlight System on the left hand pane. On the right hand pane, go down to the entry – Turn off Autoplay and double click on it.
- Select the Enabled radio button, then for the Turn off Autoplay on dropdown, select All drives.
This will disable the autorun feature and let you explore the drive contents for all drives instead of directly opening it.
Hack the registry
We can also disable the autorun feature by making a change in the registry. Be forewarned that if you are not at ease with the registry, it is advisable to skip this step.
- Launch the Registry Editor by typing regedit in the Run box (Start -> Run)
- On the left hand pane, keep expanding the entries by clicking on the + sign. Search for this entry ““ HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer
- For this registry entry, go to the right panel and double click the NoDriveTypeAutoRun registry key.
- Change the Value data to FF for Hexadecimal or 255 for Decimal value.
- Click OK to close the registry editor and restart the computer.
Fall back on software
If you are the type who hates going into the guts of the operating system, there are of course handy pieces of software available. Here are two examples of such applications.
This 7KB USB anti-virus tool works by detecting the removable drive and renaming the autorun.inf file to autorun.inf_current date_time thus preventing its running by the system. The program loads in the system tray and with just one click, you can turn Autorun on or off. Another option informs the user about all actions on autorun.inf files.
The program works from the system tray and is compatible with Windows XP, Windows 2000, Windows 98 and Windows 95.
TweakUI, Microsoft’s Power toy for Windows XP gives a user access to system settings that are below the visible interface of the OS.
To disable autoplay using TweakUI, go to the My Computer – Autoplay – Drives setting. Deselect the drive you wish to disable the autoplay for. Also, go to My Computer – AutoPlay – Types. Uncheck Enable Autoplay for removable drives. Click OK and you are done.
The 126KB download is compatible with Windows XP and Windows Server 2003.
These methods will prevent the automatic jumpstart of a USB drive. But if a malware sneaks through, then the value of a good, updated anti-virus and anti-malware as the first line of defense cannot be exaggerated enough.
Do you let a USB drive run automatically or do you control it with a blocking action? Which is your favored method? Let us know.
Image credit: Nedko