|
Autorun or autoplay (sometimes spelled in CamelCase as AutoRun or AutoPlay) is the ability of many modern computer operating systems to automatically take some action upon the insertion of removable media such as a CD-ROM, DVD-ROM, or flash media.
Advantages
AutoRun is intended as a convenience feature: software distributed on a disc can automatically start an installer when the disc is inserted.
Disadvantages
Autorun can pose a security threat, when the user does not expect or intend to run the software, such as in the case of some viruses, which take advantage of this feature to propagate, especially on USB flash drives.
For instance, an attacker with brief and casual physical access to a computer can surreptitiously insert a disc and cause software to run. Alternately, malicious software can be distributed with a disc that the user doesn't expect to contain software at all -- such as an audio compact disc. Even music CDs from well known name-brand labels have not always been safe, for example, the 2005 Sony BMG CD copy protection scandal.
AutoRun
In Microsoft Windows, AutoRun is handled by Explorer.
A CD can contain an optional file, named Autorun.inf, in its root directory which contains instructions for what action to perform as the CD is inserted. These instructions can include, for example, a command for an installation program to be executed.
Traditionally, AutoRun could be bypassed by holding down the Shift key as the optical disc is inserted into the optical disc drive. However, this is no longer true starting with Windows Vista.
AutoRun can be permanently disabled by setting the "AutoRun" subkey in the Windows Registry key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CDRom to 0. It is important to note however that this setting actually disables optical media events completely, affecting not only AutoRun but the entire system. This setting should not be used without careful consideration, as it often does not produce the desired behavior.
Main options:
* open=binary : executes the binary
* open=Start nonbinary : open the nonbinary file with Windows default program
* label=My data : show the label
* Icon=icon_resource : Changes the drive's icon (from ico or exe file)
On-click autorun
It is also worth noting that even when Autorun is disabled, executing default Explorer context menu command, usually done by double-clicking or pressing Enter, to a drive containing Autorun.inf in its root directory will still activate AutoRun, if Explorer determines the drive type is capable of AutoRun. This is used by viruses spreading on USB flash drives (virus is executed not when a USB drive is inserted, but when a user clicks on drive's icon in "My computer").
There is a way to disable on-click autorun, although this method disables it both for CD/DVD disks (where it can be useful sometimes) and for USB flash drives (where it is almost nothing but a security threat).[1]
[edit] How Explorer recognizes AutoRun capability
Autorun can be disabled using the group policy editor gpedit.msc. This method, although, doesn't prevent "on-click" autorun.
Finally, AutoRun can also be disabled by the program that controls the foreground window by handling the "QueryCancelAutoPlay" Window message. See the Microsoft documentation for more details.
As shown belown, there are also easier (Windows) OS specific methods.
Windows XP
The registry value NoDriveTypeAutoRun at the registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer can be used to disable AutoRun: | Variable | Number | Hexadecimal |
|---|
| No autorun at all | 181 | 0xb5 | | Autorun only CDROMs | 149 | 0x95 | | Autorun only flash drives | 177 | 0xb1 | | Autorun both CDROMs and flashdrives (the default) | 145 | 0x91 |
Changes to this value do not require any system or explorer restart as long as the registry editing is done by any method except the manual regedit method.
This method, although, doesn't prevent "on-click" autorun.
Sample USB-ready autorun.inf file
In USB flash drives, the autorun.inf file needs to be a little different in order to be launched automatically - instead of the "open=" command, it must use "Label=", "shellexecute=" and "UseAutoPlay=1":
[autorun]
;open=foo.exe bar
ShellExecute=foo.exe bar
Label=Label of flash drive
UseAutoPlay=1
AutoPlay
AutoPlay is the name of a different feature in Microsoft Windows. For example: When AutoPlay is enabled, and the user inserts an audio CD, Windows Media Player automatically commences playback (alternately, the disc's contents are automatically displayed in Windows Explorer). As with AutoRun, this feature can be disabled. Under Windows XP, there is a tab called AutoPlay in the drive properties dialog where one of four different behaviors can be chosen ("Play", "Open folder to view files", "Take no action" and "Prompt me each time to choose an action").
The method described above only works for drives that are permanently mounted. It's possible to prevent the AutoPlay feature from searching a removable storage device for something to run every time it's plugged in. This is accomplished using TweakUI, a utility developed by Microsoft programmers for editing various portions of the operating system without resorting to the registry. In TweakUI, select "My Computer," then the sub-category "AutoPlay" then "Drives." Disabling all the drives will disable autoplay entirely.
Windows Vista offers a control panel applet to configure AutoPlay settings globally. However, holding down the Shift key opens AutoPlay regardless of the default setting in Windows Vista.
This article is licensed under the GNU Free Documentation License. It uses material from the Wikipedia.
|
