Tuesday, December 4, 2012

Windows users, disable autorun

Autorun is when you put a CD or DVD in the drive of your computer and it automatically starts up a program that's on the disk.  Unfortunately, a malware is actively targeting this capability.  All Windows users should disable autorun.  Microsoft has a nice support landing page for pretty much all versions of Windows, with instructions.

Once you've done this you'll have to open Windows Explorer when you put the disk in the drive, and double click on the program.  Since you probably hardly ever get software on disks, the annoyance is rare and the security benefit is high.

Note that if you put a music CD in the drive your music player (say, iTunes) will pop up automatically, even with autorun disabled.  This isn't a security problem because your music player is already installed on your computer.  You shouldn't notice anything at all here.

UPDATE 4 December 2012 14:42: I should have said that the real risk of autorun is not CD/DVD drives, but rather USB flash drives and network shares.  That's how the malware is spreading.

1 comment:

wolfwalker said...

"Since you probably hardly ever get software on disks..."

Speak for yourself. ;-) For my part, I like getting distribution CDs. It gives me an original that I can always go back to, should that ever become necessary.

As for Autorun itself, in Windows 7 I believe you can configure it for any device as you go. Do this for data CDs, do that for Music CDs, do something else for flash drives...