Autorun

From Wikipedia, the free encyclopedia

Autorun or autoplay (sometimes spelled in CamelCase as AutoRun or AutoPlay) is the ability of many modern computer operating systems to automatically take some action upon the insertion of removable media such as a CD-ROM, DVD-ROM, or flash media.

AutoRun is intended as a convenience feature: software distributed on a disc can automatically start an installer when the disc is inserted. However, autorun can pose a security threat, when the user does not expect or intend to run the software, such as in the case of some viruses, which take advantage of this feature to propagate.

For instance, an attacker with brief and casual physical access to a computer can surreptitiously insert a disc and cause software to run. Alternately, malicious software can be distributed with a disc that the user doesn't expect to contain software at all -- such as an audio compact disc. Even music CDs from well known name-brand labels have not always been safe.

Contents

[edit] Microsoft Windows

[edit] AutoRun

In Microsoft Windows, AutoRun is handled by Explorer.

A CD can contain an optional file, named Autorun.inf, in its root directory which contains instructions for what action to perform as the CD is inserted. These instructions can include, for example, a command for an installation program to be executed.

Traditionally, AutoRun could be bypassed by holding down the Shift key as the optical disc is inserted into the optical disc drive. However, this is no longer true starting with Windows Vista.

AutoRun can be permanently disabled by setting the "AutoRun" subkey in the Windows Registry key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CDRom to 0. It is important to note however that this setting actually disables optical media events completely, affecting not only AutoRun but the entire system. This setting should not be used without careful consideration, as it often does not produce the desired behavior.

It is also worth noting that even when Autorun is disabled, executing default Explorer context menu command, usually done by double-clicking or pressing Enter, to a drive containing Autorun.inf in its root directory will still activate AutoRun, if Explorer determines the drive type is capable of AutoRun.

Main options:

  • open=binary : executes the binay
  • open=Start nonbinary : open the nonbinary file with Windows default program
  • label=My data : show the label
  • Icon=icon_resource : Changes the drive's icon (from ico or exe file)

[edit] How Explorer recognizes AutoRun capability

Explorer uses registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveAutoRun to determine which drives cannot use AutoRun. Bit 0 corresponds to drive A:, bit 1 corresponds to drive B:, and so on.

The registry value NoDriveTypeAutoRun at the registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer can be used to disable AutoRun. The value should be hexadecimal 95 if AutoRun is enabled on all CDs, or B5 if disabled for CDs. (To test AutoRun on a floppy disk, this value should be set to 91). The system needs to be rebooted for a new value to take effect. After altering AutoRun capability flags, the changes take effect after restarting Explorer.

Variable Number Hexadecimal Drive type(s)
DRIVE_UNKNOWN 1 0x1
DRIVE_NO_ROOT_DIR 2 0x2
DRIVE_REMOVABLE 4 0x4 Disk can be removed from drive, such as floppy disk, removable cartridge
DRIVE_FIXED 8 0x8 Disk cannot be removed from drive, such as hard disk
DRIVE_REMOTE 16 0x10 Network drive
DRIVE_CDROM 32 0x20 CD-ROM drive
DRIVE_RAMDISK 64 0x40 RAM disk

If either NoDriveTypeAutoRun or NoDriveAutoRun specify that AutoRun should be disabled for a drive, then it is disabled for that drive.

Autorun can also be disabled using the group policy editor gpedit.msc.

Finally, AutoRun can also be disabled by the program that controls the foreground window by handling the "QueryCancelAutoPlay" Window message. See the Microsoft documentation for more details.

[edit] Sample autorun.inf file

[autorun]
open=foo.exe bar
;ShellExecute=index.html
icon=foobar.ico
action=Open Foo Bar
shell=doubleclick.exe
shell\configure=&Configure...
shell\configure\command=setup.exe
shell\install=&Install...
shell\install\command=setup.exe
Shell\Option1=Text1
Shell\Option1\Command=option1.exe
Shell\Option2=Text2
Shell\Option2\Command=option2.bat
label=My backup data

[edit] AutoPlay

AutoPlay in Windows Vista.
AutoPlay in Windows Vista.

AutoPlay is the name of a different feature in Microsoft Windows. For example: When AutoPlay is enabled, and the user inserts an audio CD, Windows Media Player automatically commences playback (alternately, the disc's contents are automatically displayed in Windows Explorer). As with AutoRun, this feature can be disabled. Under Windows XP, there is a tab called AutoPlay in the drive properties dialog where one of four different behaviors can be chosen ("Play", "Open folder to view files", "Take no action" and "Prompt me each time to choose an action").

The method described above only works for drives that are permanently mounted. It's possible to prevent the AutoPlay feature from searching a removable storage device for something to run every time it's plugged in. This is accomplished using TweakUI, a utility developed by Microsoft programmers for editing various portions of the operating system without resorting to the registry. In TweakUI, select "My Computer," then the sub-category "AutoPlay" then "Drives." Disabling all the drives will disable autoplay entirely.

Windows Vista offers a control panel applet to configure AutoPlay settings globally. However, holding down the Shift key opens AutoPlay regardless of the default setting in Windows Vista.[1]

[edit] Xfce

Xfce's file manager, Thunar, contains Volume Management settings, through which the user can make Xfce:

  • automount and/or browse removable media when hot-plugged or inserted.
  • run programs or open files on new drives and media.
  • start a recording program when a blank optical disc is inserted.
  • play multimedia on CD, Video CD, DVD, or portable music players.
  • import photos from digital cameras and/or sync with handheld computers when connected.
  • run a program when a printer, a USB keyboard, a USB mouse, or a graphics tablet is connected.

[edit] References

[edit] External links