Microsoft has pushed patches via windows update to disable autoRun in XP and Vista for USB and other removable media, except CD and DVD Drives (like in Windows 7)
– Almost all windows users must have experienced autoRun at-least once, if not more. This useful feature was introduced by Microsoft in one of its earliest operating systems Windows 95, and was retained in all its OS releases to date including windows 7. But this is also one of the most widely abused features by hackers and virus creators!
Why should autoRun be disabled by default?
AutoRun in windows, is basically controlled by a set of instructions in a configuration file called autorun.inf. This file tells the Windows OS, what it should do when a CD or DVD or any other removable media is inserted into the appropriate drives of the computer. This is abused by hackers and virus creators to spread viruses, malware and the likes, through any removable media. The fact that removable media like USB sticks are often shared across computers, makes it more easier for viruses to spread. Once viruses infect a PC, they rapidly spreads to other computers on the network, causing more serious damage.
How to disable autoRun and remove autoRun virus?
We had earlier detailed autorun virus removal techniques to remove autorun virus from a USB stick. We had also told you on how to disable autorun by hacking the windows registry to plant an ini file mapping.
Microsoft had realized the problems with autorun and helped windows 7 users by disabling autorun by default for all removable media, except CD/DVD drives. They also went on to release a security update in 2009 (KB 967940) to restrict AutoPlay to only DVD and CD media in Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008. This was intended to protect users from getting infected by execution of arbitrary code by autorun, when inserting a USB flash drive or any other non-CD and non-DVD removable media, with an Autorun.inf file.
However, not many users would have applied the above security updates. Microsoft had recently (Feb 8, 2011) pushed this security update through windows update. Users who have enabled automatic windows updates need not do anything, as this security update will be automatically downloaded and installed in their computers running windows xp, vista, etc.
Download KB Updates to disable autorun in XP and Vista
If you had turned off windows automatic updates for any reason, you could manually download these security updates and run them.
For other windows OS, check out KB 967715.
Note that the above updates do not disable autorun in CD and DVD drives. It only does so on USB drives and other removable media. You can however disable autorun in CD and DVD media using autorun killer, a freeware that we reviewed earlier.