Preventing AutoPlay attacks on your Windows PC

In the old days, computer viruses often spread from one computer to another by infecting floppy diskettes. Now, many types of malware spread themselves from one computer to another by infecting portable devices, memory cards, CDs and DVDs. This page shows how to proactively prevent those attacks, by disabling the AutoPlay feature on Windows. This step is a trade-off of reduced ease-of-use in exchange for greater security, and can be reversed if you don't like the results.

I have Windows 2000 First download and install this patch from Microsoft. Then disable AutoPlay using Local Group Policy, or by the method shown in Section III of this U.S. CERT advisory.

I have Windows XP First download and install this patch from Microsoft. You can disable AutoPlay using TweakUI, or by the method shown in Section III of this U.S. CERT advisory..

I have Windows Vista You can disable AutoPlay using the AutoPlay applet in Control Panel, or by the method shown in Section III of this U.S. CERT advisory. Some versions of Windows Vista (Ultimate, Enterprise, and Business) can also disable AutoPlay using Local Group Policy.

What types of devices could carry malware and infect a computer? Here's a partial list:

There might not be any visible symptoms of an infection, and your antivirus software might not detect the attack, so consider using the proactive approach by disabling or controlling AutoPlay, as well as using a non-Administrator user account for your daily computer use.

TweakUI is a free utility made by Microsoft. You can download it from this page. It works on Windows XP.

  1. Log onto your PC with an Administrator account to install TweakUI.

  2. Click Start > All Programs > PowerToys > TweakUI to open TweakUI.

  3. Click the AutoPlay tab, and uncheck the boxes for AutoPlay on all the drive letters available, including drive letters you do not usually see in use.

  4. Close TweakUI and log out of your Administrator account. You're done. :)

Local Group Policy is a built-in feature of Windows 2000, and some versions of Windows XP and Windows Vista.

  1. Log onto your PC with an Administrator account.

  2. Click Start > Run and type gpedit.msc, then click OK. Local Group Policy Editor opens in a new window.

  3. In Local Group Policy Editor, expand User Configuration > Administrative Templates > Windows Components and click on the AutoPlay Policies folder. You'll see the AutoPlay policies in the right-hand panel now.

  4. In the right-hand panel, double-click Turn off AutoPlay, and a panel opens. Click on Enabled and choose All drives, then click OK to close the panel.

  5. Close the Local Group Policy Editor window and log out of your Administrator account. You're done. :)

  6. What else can Local Group Policy Editor do to secure my computer? If you have Windows XP or Windows Vista, then Group Policy lets you add a Software Restriction Policy, one of my favorite proactive security enhancements.

Windows Vista's AutoPlay options panel Click on the Start orb, then type autoplay in the Search box and press the Enter key. The AutoPlay panel from Control Panel will open.

Uncheck the box for "Use AutoPlay for all media and devices." Set each option to "Take no action." If you don't like disabling all of the options, you can start by setting all the options to "Take no action," and then enable those exceptions that you really want, such as playing audio CDs, DVD movies, etc.

What are the side effects of disabling AutoPlay?

When AutoPlay is disabled,

mech's other security suggestions