Tuesday, May 25, 2010

Turn off Autoplay in XP

Virus, Trojans, backdoors et al used to be terms only nerds would use and data security was not a major concern for the “common man”. . . . . . . . . . Till now!! During the past couple of years I have seen so many “common people” lose valuable work due to perfectly avoidable system infections. But what surprises me is that even now most people (even system administrators!) are fixated on removable media like floppies (who uses them now?) and flash drives as the most significant threat!

Not only are they not, the threat posed by them is easy to contain. By the way the most significant source of infections is the net and unsafe surfing behavior!

Today I am going to tell you a trick that should prevent 99% of the removable media borne infections getting your system.

I am assuming that you are intelligent enough to be using a “working” antivirus and hope that you are wise enough to be using a comprehensive security suite (antivirus+firewall+antispam+ lot of other stuff…. Google it). I am also assuming that you and your antivirus software have a working relationship! Do you pay attention to it? Do you even use it? So let us assume you have an AV and you do use it and you have enough sense to “scan” every flash drive or floppy anyone ever brings to your system. There is however one small problem. Whenever you pop in a flash drive, it opens up automatically before you an scan it and then decide whether to open it or not. This is called “autoplay” a service smart guys at a small company called Microsoft conjured up to keep lazy bums like me happy! Now if you have a good antivirus, it will immediately scream out if there is any infected or suspicious file! Even the good free ones like Avira personal edition does that. But the problem is, if the drive has already popped open, the AV program may remove the virus, but our system has been exposed. It has been “compromised”! Not all viruses may have been cleaned! Maybe there was one that the program did not even detect! (even the best programs detect only about 95% of them!) So it is very important that you disable this “autoplay” function. Scan every flash drive, make sure they are clean, then open it yourself! I am sure you would not want Windows to take away your privilege whether to open a drive or not! So this is how you do it:

STEP 1: Click Start and click on “Run”

Step 2: In the Run command box, write, “gpedit.msc” and press OK.

Step 3: A divided window will open up……. On the left you will see “Local Computer Policy” and a whole lot of stuff listed below it. Look for something called “Administrative Templates” (usually 3rd under Computer Configuration) and click on the small “+” sign on the left of it. This will expand the menu.

Step 4: Under Administrative Templates, you will see four options one of which is “System”, open it’s menu up by clicking on the “+” on the left of it.

Now you will notice a whole lot of stuff on the other half of the window…… Look carefully and in the list towards the bottom end, you will se an option that says, “Turn off Autoplay Not Configured” Bingo!!!

Step 5: Double click the option “Turn off Autoplay” and a dialogue box will open up. You will notice that of the three options, it is “Not Configured” by default. Just choose “Disabled”, and click "APPLY" DON’T FORGET TO CLICK APPLY!!!! You are done!!

Now if you pop in a flash drive into one of your USB ports, it will not open up by itself. Windows may at best open up a dialogue box in which you are given several options, if that happens, select the “Do Nothing” one. That should solve the problem.

Now if you use a flash drive, windows will read it but will not open it by itself. So you retain the privilege of deciding when to open it if all.


vikram said...

Well thank you Sir, this is very useful information. Sir i am using Symentic Endpoint Protection 11 antivirus, everytime antivirus find trojan files in temp. folder, i am not able to delete those files and empty the temp. folder, how can i delete all files. i search alot, but didnot find any query.
Vikram Bansal

Ashish Pillai said...

Hi Vikram...
First update your AV, shut off system restore and run AV in safe mode. Then boot back to normal mode and make sure to turn system restore back on!
Now run the AV again....to make sure no residues remain...

As to cleaning out the TEMP folder, do the following:
Open “My Computer” and go to “Local Disk (C:) -> Documents and Settings -> [your account name]“, then on that window’s menu at the top go to “Tools -> Folder Options…” select the “View” tab and click “Show hidden files and folders” and uncheck “Hide extensions for known file types”. Then click “OK”. Now you should see a folder “Local Settings”. Open it, then right-click on the “Temp” folder and select “Delete”.