Preventing AutoPlay attacks on your Windows PC

Many types of malware spread themselves from one computer to another by infecting portable devices, memory cards, CDs and DVDs. You can prevent those attacks by disabling the AutoPlay feature on Windows. You will trade some ease of use in exchange for greater security. This step can easily be reversed if you don't like the results.

Aw man, this is going to be a big hassle! Relax, it's easy :) Scroll down this Microsoft knowledge-base article and look for the Fix-It icons. Run the Fix-It that disables AutoRun.

What types of devices could carry malware and infect a computer? Here's a partial list:

What are the side effects of disabling AutoPlay?

When AutoPlay is disabled,

Disabling AutoPlay/AutoRun using Group Policy If your version of Windows is one of the Pro/Business/Ultimate/Enterprise versions, you can also use Local Group Policy to disable AutoRun.

  1. Click Start and put gpedit.msc in the search box, then right-click on gpedit.msc when it appears above. Choose Run as administrator and Group Policy Editor opens.

  2. Expand Computer Configuration > Administrative Templates > Windows Components > AutoPlay Policies and you can disable AutoPlay on all drives. For the sake of thoroughness, I enable all four of the settings and disable all Autorun commands.

  3. Close the Group Policy Editor and the change should already be effective (if not, it will be at the next log-on).

mech's other security suggestions