Autorun
From Wikipedia, the free encyclopedia
Autorun or autoplay (sometimes spelled in CamelCase as AutoRun or AutoPlay) is the ability of many modern computer operating systems to automatically take some action upon the inserting of removable media such as a CD-ROM, DVD-ROM, or flash media.
Autorun is intended as a convenience feature: software distributed on a disc can automatically start an installer when the disc is inserted. However, autorun can pose a security threat, when the user does not expect or intend to run the software.
For instance, an attacker with brief and casual physical access to a computer can surreptitiously insert a disc and cause software to run. Alternately, malicious software can be distributed with a disc that the user doesn't expect to contain software at all -- such as an audio compact disc. Even music CD's from well known name-brand labels have not always been safe.
Contents |
[edit] Microsoft Windows
[edit] Autorun
In Microsoft Windows, autorun can be bypassed by holding down the shift key as the optical disc is inserted into the optical disc drive. It can also be permanently disabled (by a System Administrator) by setting the "Autorun" subkey in the registry key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CDRom to 0.
A CD can contain an optional file, named Autorun.inf, in its root directory which contains instructions for what action to perform as the CD is inserted. These instructions can include, for example, a command for an installation program to be executed.
However, even when Autorun is disabled, double-click a drive containing AUTORUN.INF in its root directory will still activate Autorun.
[edit] Sample Microsoft Windows autorun.inf file
[autorun] open=foo.exe bar ;ShellExecute=index.html icon=foobar.ico shell\configure=&Configure... shell\configure\command=setup.exe shell\install=&Install... shell\install\command=setup.exe Shell\Option1=Text1 Shell\Option1\Command=option1.exe Shell\Option2=Text2 Shell\Option2\Command=option2.bat label=My backup data
[edit] Autoplay
Autoplay is the name of a different feature in Microsoft Windows. For example: When Autoplay is enabled, and the user inserts an audio CD, Windows Media Player automatically commences playback (alternately, the disc's contents are automatically displayed in Windows Explorer). As with Autorun, this feature can be disabled. Under Windows XP, there is a tab called AutoPlay in the drive properties dialog where one of four different behaviors can be chosen ("Play", "Open folder to view files", "Take no action" and "Prompt me each time to choose an action").
The method described above only works for drives that are permanently mounted. It's possible to prevent the auto-play feature from searching a removable storage device for something to run every time it's plugged in. This is accomplished using TweakUI, a utility developed by Microsoft programmers for editing various portions of the operating system without resorting to the registry. TweakUI is available in several places across the web. In TweakUI, select "My Computer," then the sub-category "Auto-Play" then "Drives." Disabling all the drives will disable autoplay entirely.
[edit] External links
- MSDN AutoRun.inf Commands
- AutorunCreator - A free/open-source program for creating autorun files (Autorun Creator)
- Autorun.co.uk - Information on autorunning files from CD
- Yellowpipe.com - Create an autorun file online (Autorun Generator)
- Visual Autorun - Software to add autorun features to discs
- AutoRunner - Visual tool to create autorun discs
- How-To Tuesday: Disable AutoRun on Windows!
- Windows Annoyances: Turn Off the CD-ROM Autorun
- AutoRun Architect - Popular software for creating customized autoruns
- AutoRun - Simple .ini based autorun system
- AppExplorer - A free/open-source autorun application that can dynamically catalog applications on the CD
- Autoplay Repair - Basic tool for creating, repairing or deleting Autoplay entries from the Windows Registry
