Sunday, January 31, 2010

Reducing risk of Autorun viruses

One of the most common and rather annoying way in which malware (viruses, trojans, worms) spreads is via the Autorun feature of most Windows Operating Systems. These viruses silently copy themselves to removable USB storage devices once the devices are plugged into an infected system. The Autorun feature of Windows OSs causes the malware to be launched automatically when the infected USB device is plugged into another computer (or when the user clicks on the drive icon on My Computer). Most of the time these malwares would be stopped by anti-virus software.

However, since the Autorun feature is seldom used (do not confuse Autoplay with Autorun) disabling Windows from parsing the Autorun.inf in the first place is the best way to reduce infection via Autorun viruses. To disable Autorun in windows:
  • Open Regedit (Windows+R, then type "Regedit" and click ok)
  • Navigate to the following key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping
  • Right-click and create new key Autorun.inf
  • Set the default value of the created key to @SYS:DoesNotExist
Alternatively you can download the following file and import into the Windows Registry.
  • Disable Autorun
  • Double click the file.
  • Click "Yes" on the message box displayed (but make sure you read it first)