Windows has two "features" called "autorun" and "autoplay". Autoplay automatically reads a removable media
(CDs, DVDs, USB flash drives) and launches a program to play them (like a media player for playing a video
DVD or an audio CD). It is pretty harmless (unless your media playing application has some security bugs),
however, Autorun is a bigger threat to computer security. When a removable media is inserted, Windows looks
for a file called "autorun.inf" in its root directory and follows its directions, like AUTOMATICALLY
LAUNCHING AN EXECUTABLE FILE that is on that media. For some reason this "feature" survived all the
way from Windows 95 to XP (at least Vista asks you if you want to launch that file). When Windows 95 was a new operating system
autorun probably was a good idea and a convenience (you insert a CD in the CD drive and whatever was on that CD is launched automatically), but
in the days of recordable CDs and USB flash drives it has become a way for viruses to spread. You plug your flash drive into some public computer,
which is already infected, the virus on that computer creates a few files on your flash drive and when you come home and plug the drive into your
computer and Windows automatically launches that virus. Isn't that convenient?
Just for a test - download this archive and unzip it to your flash drive, then disconnect the drive and connect it again. You may receive Windows Autoplay dialog asking you to choose an action (Windows XP). This is because Windows XP handles removable media other than CD/DVD differently and does not automatically run whatever the autorun.inf file is instructing. Try to record a CD and then test again. Remember, that some USB flash drives disguise themselves as a CD drive to bypass this dialog. Even if you receive the dialog and then cancel it, the program will be launched when you double click on the USB flash drive in "My Computer". To remove it, click Start, then run and type del x:\autorun.inf where X: is the drive letter of your USB flash.
This works on CD/DVD/Bluray disks, external hard drives and external flash drives (USB or other interface). It also works on internal hard drives, but you have to reboot your computer to see the effect.
The most common method for disabling autorun is by going to Group Policy Editor (Start->run->gpedit.msc), then going to Computer Configuration->Administrative Templates->System, right clicking on the entry Turn off Autoplay, selecting properties, clicking Enabled, choosing All drives from the drop-down list, clicking OK and rebooting your computer. However, this only disables what Windows 9x called "Auto Insert Notification", that is - Windows no longer read removable media as it is inserted and will no longer launch the program automatically. But, the autorun.inf file is still read and Windows will launch the program when you double click on your flash drive in "My Computer". If it does not - try leaving the flash drive in place and rebooting your PC.
To disable autorun completely, you have to force Windows not to read the autorun.inf file. This can be done in registry by going to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping, creating a key, called autorun.inf and setting its (default) entry to @SYS:Does_Not_Exist . This instructs Windows to read a specific registry key instead of an actual file on disk. That is, when Windows wants to read a file, called "autorun.inf" now it actually read a registry key HKEY_LOCAL_MACHINE\Software\Does_Not_Exist. Since that key really does not exist, Windows assumes that an autorun.inf file is empty and do not process it and execute whatever the file was instructing to do. You can download and run this file to do it for you (works on Windows NT/2000/XP/2003) if you are not comfortable editing the registry.
By disabling the reading of the autorun.inf file you can enable Autoplay (and have your audio CD player launched automatically when you insert an audio CD) and still be protected from viruses that spread using autorun, however, I do not recommend this. To disable autoplay, use this file.
Any feedback write to info at disable-autorun dot com