Us(B)ability versus Security

Filed Under: SophosLabs

Update: Microsoft have updated there information on disabling Autorun.

I received my copy of July's Technet this week. After a few cups of coffee I got to the last page and was struck by the following picture (reproduced here):

AutoPlay

The article talks about the Vista's autoplay settings and how the interface has changed to make it more usable.

The screenshot shows an entry for "Software and games" set to "Install or run program" . With the talk recently about malware that exploits the AutoRun features of Windows (see 1, 2, 3 ...) I decided to look at what this setting would do.

I created an Autorun.Inf file similar to the one used by W32/Hairy-A and made it run CALC.EXE. With the above settings CALC.EXE ran each and every time I inserted my USB drive.

The article suggested that a different USB drive plugged in to a different port may not have remembered the setting to "Install or run program". In my tests this usability feature ran the executable each time.

USB drives represent a clear and present danger to the Endpoint at this present time. Larger perhaps than floppy disk in days of yore? SysAdmins should make sure that their Security Policy Documents adequately address the threat.

One way, on XP and Vista would be to look at implementing NoDriveTypeAutoRun (this article talks about Windows 2000, 2003 and XP for Vista Specific info.)

You might like