AutoRun Disabler
Ever inserted a software CD and had it automatically open up an installer or menu screen? Perhaps you have inserted a USB drive or external hard drive and had a similar thing happen?
This automated action can be very useful and time saving, especially for the inexperienced computer user, however, it presents a very real and easy to exploit security risk.
When you insert a CD, connect an external drive or open a network share, Windows automatically looks for a file called Autorun.inf; this file contains a set of plain text instructions that tell windows what icon to give the drive and which programs to execute immediately and can even add new menu items when you right click the drive in Explorer.
The contents of Autorun.inf generally look something like this:
[AutoRun]
icon=setup.ico ;choose an icon to use for the drive
open=setup.exe ;automatically run setup.exe
shell\readme = &Read Me ;add a Read Me option to the right-click menu
shell\readme\command = notepad readme.txt ;when Read Me is pressed open the file readme.txt using notepad
It should be immediately obvious to most people that it would take no effort at all for a virus to copy itself and an Autorun.inf to your portable devices, which you no doubt will connect to other computers, whether they be at home, school or in the office or visiting an important client to give a presentation. Once the device is connected to another computer, Windows will unwittingly run the virus, which will proceed to install itself on the system and likewise copy itself to all portable devices and where possible network shares.
These tactics are already very common with malware and viruses and are only increasing in use.
To help protect my own computers from other peoples portable drives and my own portable drives I have used in other computers, I have written AutoRun Disabler.
AutoRun Disabler does exactly what the title suggests, it disables all Autorun files across the system and allows for them to be re-enabled easily when necessary. While there are many methods for doing this, the one I chose to use is virtually fool proof. Windows does allow Autoruns to be disabled through device manager, however, on some systems it does not honour the setting; while Microsoft has released a patch for this, there is no guarantee that the feature will not be broken in future or that you have the patch installed on your system.
Simply click the Protect button and all Autoruns will immediately disabled. To re-enable Autoruns, simpy click the Unprotect button; some times it is necessary to restart your computer after clicking Unprotect.
How does it work?
Windows provides an easy way of remapping ini files to registry keys; by using this, we can map all Autorun.inf to effectively nothing. Now, when you insert your external storage device, Windows will look for Autorun.inf, and if it finds it, it will go to the registry to check if it has been remapped, upon doing so it will see the mapping, determine there are no instructions to carry out and do nothing.
The registry key for remapping ini files is located in:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\
All we need to do now is add in an entry for Autorun.inf:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf
Lastly, we add a Default string value:
@SYS:DoesNotExist
AutoRun Disabler was written in Visual Basic 6.
AutoRun Disabler can be downloaded here.
The source code is available here.