Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 

K. Brian Kelley - Databases, Infrastructure, and Security

IT Security, MySQL, Perl, SQL Server, and Windows technologies.

Have you disabled autoplay yet?

If not, you should. Because autoplay being on means any time a removable data device, such as a USB stick, is inserted into the computer, autoplay fires up. Typically this is usually taken advantage of by CDs/DVDs to get us to a start menu. However, attackers are now writing worms which spread to removable devices and take advantage of autoplay and a social engineering trick to try and infect the system. More details here:

SANS Internet Storm Center: Conficker's autorun and social engineering

Me personally, I have autorun disabled because I don't want to see some pop-up window every time I stick a USB drive onto my computer, as I switch out between several on a daily basis. I also don't care for CDs/DVDs autostarting on me when I may be simply looking for a couple of files in a directory on the CD (such as documentation). If you want to know how to disable autorun, here's a Microsoft KB article which explains the steps (you'll need admin rights on your system):

KB953252: How to correct "disable Autorun registry key" enforcement in Windows

Don't be thrown off by the name. It was written to correct another KB article. And in the article it has the steps on how to disable autorun. You'll want to do it for all drives if you go the GPO route (which is the simplest).

 

Comments

Posted by David Benoit on 15 January 2009

Nice info! Didn't know I could disable that. I have now!

Posted by Anonymous on 20 January 2009

Hopefully by now everyone has seen this, but if not, here's a reminder to continue to spread the

Leave a Comment

Please register or log in to leave a comment.