Ten Ways to Dodge CyberBullets, Part 1 Disable Autorun Feature

This is the first in a series  and is an update to our top 10 things that people can do to protect themselves against malicious activity we provided to our clients two years ago.

1. Don’t let AutoRun be AutoInfect

In other words, disable AutoRun in Windows. This is the item that we pretty much all agreed should be top of the list, because this facility is consistently exploited by the class of malware known as INF/Autorun. Among other threats, of course: many threats that are detected by more specific names (some versions of Win32/Conficker, for example) make use of the same vulnerability.

Don’t assume, though, that this single precaution will save you from every example of this type of threat. Most malware uses more than one technique to infect targeted systems.

Windows 7’s departure from the much misused AutoRun feature will contribute to a gradual decline in INF/Autorun and related threats.

Here’s the description of INF/Autorun threat:

This file contains information on programs meant to run automatically when removable media (often USB flash drives and similar devices) are accessed by a Windows PC user. Security software heuristically identifies malware that installs or modifies autorun.inf files as INF/Autorun, unless it is identified as a member of a specific malware family.

Removable devices are useful and very popular. Of course, malware authors are well aware of this, as INF/Autorun’s frequent return to the number one spot clearly indicates. Here’s why it’s a problem.

The default AutoRun setting in Windows (though not Windows 7) will automatically run a program listed in the autorun.inf file when you access many kinds of removable media. There are many types of malware that copy themselves to removable storage devices. While this isn’t always the program’s primary distribution mechanism, malware authors are always ready to build in a little extra “value” by including an additional infection technique.

While using this mechanism can make it easy to spot for a scanner that uses this heuristic, it’s better to disable the AutoRun function by default, rather than to rely on antivirus to detect it in every case.

Microsoft has released the patches required to make AutoRun work with only CD and DVD drives. There is one little catch: A USB drive can be configured to look like a CD, but this patch definitely helps reduce risk.


About SCB Enterprises
System Solutions and Integration

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: