Autorun is one of those 'convenience' features in Windows that can cause more harm than good. Essentially, Autorun enables designated files to run when an Autorun-enabled drive (such as a USB thumb drive) is inserted into the computer. Following are frequently asked questions about the Autorun component, including why Autorun can be dangerous and how it can be disabled.
What is Autorun?
Autorun allows executable files on a drive to be run automatically when that drive is accessed. The feature works via a file named autorun.inf. When a drive is accessed, Windows checks for the presence of autorun.inf and, if found, follows the instructions contained within that file.
How do Autorun worms spread?
An Autorun worm copies itself to the root of the drive, then creates or modifies the autorun.inf file, instructing it to run the dropped worm each time the drive is accessed. When the worm is loaded, it then looks for similar drives and repeats the process on any drives that are discovered.
Do Autorun worms only infect USB/thumb drives?
No. Autorun worms can use the same method to spread to any discoverable drive, including fixed drives and any mapped network drives.
Do Autorun worms do anything besides spread?
Yes. Autorun worms nearly always include a component that downloads or drops additional malware, usually backdoors and password stealers. In addition, most Autorun worms include the ability to disable antivirus and security software which leaves the system vulnerable to compromise by even previously well known and detectable threats.
Won't antivirus scan the drive on access and prevent the worm from spreading?
Antivirus software offers a high degree of security, but there's still a considerable high margin of error. With tens of thousands of new malware released every month, there can be a considerable lapse between when new malware begins spreading and when actual detection capability is in place. If you encounter the malware in between these periods, the malware will slip past the scanner and onto your system, after which it will disable your antivirus and prevent it from detecting any threats whatsoever.
Can't I just disable Autorun through group policy editor?
Group policy editor is not available on Windows XP Home edition. Further, a bug in Windows prevents autorun from being properly disabled via group policy editor. Microsoft released an autorun patch to address this flaw, however there is a far easier and more guaranteed effective means of disabling autorun that will work equally well in all versions of XP and Vista. For details, see How to Disable Autorun.
If I disable Autorun, will my music CDs and movies still play?
Yes, in most cases. Typically, music CDs and movies rely on the Autoplay feature which does not rely on the use of an autorun.inf file. Instead, Windows (XP and higher) recognizes the media type and launches the multimedia accordingly. In other words, Autorun and Autoplay are two different things. It is only the Autorun feature that uses the autorun.inf file, which gives attackers the ability to easily create autorun worms. Disabling Autorun doesn't prevent you from accessing and running any file on the drive, it just prevents the autorun.inf file from running designated files automatically when the drive is accessed. In those rare cases where a CD or DVD relies on an autorun.inf, you can use Windows Explorer to browse the CD/DVD and open the appropriate media file.