HOW-TO: Protect Yourself Against Malicious Autorun.INF Code

Laziness has its price.. One brain-child of what I consider laziness is autorun.inf. I call it a vulnerability rather than a feature. This is just my two-cents. The rationale behind this line of reasoning is that, viruses and malicious software take advantage of this so-called feature to install and infect your machine before you are aware it hit you. The actual payload installed varies from viruses to trojans, and likewise the damage it could inflict varies.

The most common mode by which malicious code propagates is by USB flash drives (others call them thumb drives or external storage device). They all mean the same thing. Before viruses, trojans and other malicious software lurking in these devices hit you, do something about it. Protect yourself! Autorun.INF is an inherent security hole that needs to be plugged. And the way circumvent this vulnerability is a simple task to do.

Just so you get an idea what AUTORUN.INF functionality is, whenever you plug an external storage and an application Window automatically opens that is AUTORUN.INF at work. Below is an example of what it looks like. Only that in cases of malicious code, this application Window might or might not be visible.

AUTORUN.INF

The solution to this problem is a registry hack. So before you proceed, ensure you have a backup of your machine. This hack works for me and am confident it works but I will not be held liable for consequences that may arise when you execute this procedure on your machine.

As "Administrator", open the registry editor and go to this key: HKLM > SOFTWARE > Microsoft > Windows NT > CurrentVersion > IniFileMapping > Autorun.INF. The "Autorun.INF" key does not exist by default, so you have to create it. Change the "(Default)" value to @SYS:XXXXXXX.

IniFileMapping

This simply means instead of looking for Autorun.INF (case-insensitive) on plugged external storage devices, it will look for the string you substituted on after the colon. Now, that is quite difficult to guess than "Autorun.INF".

RELATED: Automatically Disable WIFI on LAN Connectivity

Making your computer a less vulnerable to malicious code will give you confidence in plugging an external storage device from a colleague for whatever purposes you deem necessary.

You might also be interested in:

Feedback

We at pimp-my-rig strive to keep on improving, help us reach that goal by leaving comments or constructive criticisms. Don't miss out on our next feature -- subscribe via RSS (What is RSS?).

Share This

0 comments: