RSS

AutoPlay

09.05.09

For unfamiliar terms, look in Matisse Enzer Glossary of Internet Terms.


Why

By default, Windows XP, Vista, and likely older versions, have the Autoplay feature turned on by default. While this provides a minor convenience, it also provides a major vulnerability. Autoplay is responsible for identifying what kind of media you put in to the disk drive or what kind of media is on any external drive like USB hard drives or thumbdrives. Then it automatically runs programs on the disk or drive. So if someone has a thumbdrive infected by a virus that takes advantage of this feature, and it's plugged into your computer, the virus is automatically installed. You don't even have an opportunity to scan the drive or files for viruses. It's too late. So disabling Autoplay protects you from such an attack.

How

It's fairly simple to turn this off in Win XP or Vista. In XP Pro:

  • Click Start
  • Click Run and enter "gpedit.msc"
  • Navigate to Administrative Templates, System, and look for "Turn off Autoplay"
  • Double click "Turn off Autoplay" and select "Enabled" and below that, select "All Drives" in the window for "Turn off Autoplay on:"
  • Click "OK"

In Win XP Home Edition, download, install, and run Microsoft's free TweakUI. In TweakUI you turn off Autoplay for disk drives and removable media under My Computer\AutoPlay\Types


In Vista,

  • Click Start, and type "gpedit.msc" in the search bar
  • Under "Computer Configuration," select Administrative Templates\Windows Components\AutoPlay Policies
  • Click "Enabled" and "All drives," then click "OK"