Autorun

From Wikipedia, the free encyclopedia

This article may require cleanup to meet Wikipedia's quality standards. Please improve this article if you can. (March 2008)

This article requires authentication or verification by an expert. Please assist in recruiting an expert or improve this article yourself. See the talk page for details. (March 2008)

Autorun (sometimes spelled in CamelCase as AutoRun) is the ability of a computer operating system to take some action automatically upon the insertion of removable media such as a CD-ROM, DVD-ROM, or flash media.

Contents 1 Advantages 2 Disadvantages 3 Microsoft Windows 3.1 AutoRun 3.1.1 On-click autorun 3.1.2 How Explorer recognizes AutoRun capability 3.1.2.1 Windows XP 3.1.2.2 Windows 9x/Me (?) 3.1.3 Sample autorun.inf file 3.1.3.1 Sample USB-ready autorun.inf file 3.2 AutoPlay 4 Xfce 5 Tools 6 References 7 External links

[edit] Advantages

AutoRun is intended as a convenience feature: software distributed on a disc can automatically start an installer when the disc is inserted.

[edit] Disadvantages

Autorun can pose a security threat, when the user does not expect or intend to run the software, such as in the case of some viruses, which take advantage of this feature to propagate, especially on USB flash drives.

For instance, an attacker with brief and casual physical access to a computer can surreptitiously insert a disc and cause software to run. Alternately, malicious software can be distributed with a disc that the user doesn't expect to contain software at all -- such as an audio compact disc. Even music CDs from well known name-brand labels have not always been safe, for example, the 2005 Sony BMG CD copy protection scandal.

[edit] Microsoft Windows

[edit] AutoRun

In Microsoft Windows, AutoRun is handled by Explorer.

A drive can contain an file, named Autorun.inf, in its root directory which contains instructions for what action to perform as the CD is inserted. These instructions can include, for example, a command for an installation program to be executed.

Note that if in addition to the Autorun.inf, the drive contains AutoPlay items (see below), the command will not be executed automatically. Instead, a menu will be presented to the user.

Traditionally, AutoRun could be bypassed by holding down the Shift key as the optical disc is inserted into the optical disc drive. However, this is no longer true starting with Windows Vista.

AutoRun can be permanently disabled by setting the "AutoRun" subkey in the Windows Registry key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CDRom to 0. It is important to note however that this setting actually disables optical media events completely, affecting not only AutoRun but the entire system. This setting should not be used without careful consideration, as it often does not produce the desired behavior.

Main options:

• open=binary : executes the binary
• open=Start nonbinary : open the nonbinary file with Windows default program
• label=My data : show the label
• icon=icon_resource : Changes the drive's icon (from ico or exe file)
• action=My action : describes the program defined in open=(will be shown in the menu)

[edit] On-click autorun

It is also worth noting that even when Autorun is disabled, executing default Explorer context menu command, usually done by double-clicking or pressing Enter, to a drive containing Autorun.inf in its root directory will still activate AutoRun, if Explorer determines the drive type is capable of AutoRun. This is used by viruses spreading on USB flash drives (virus is executed not when a USB drive is inserted, but when a user clicks on drive's icon in "My computer").

There is a way to disable on-click autorun, although this method disables it both for CD/DVD disks (where it can be useful sometimes) and for USB flash drives (where it is almost nothing but a security threat).[1]

An alternative, available from Windows 2000, is to use the group editor to turn off autorun / autoplay for both insertion and Explorer's "on-click" / double-click handling of data CD/DVD's.[2]

1. Start -> Run -> gpedit.msc
2. Computer Configuration -> Administrative Template -> System
3. Double click subkey "Turn off Autoplay" and enable it.

To quote Microsoft [gpedit dialog box on XP Pro/SP2]:

Turns off the Autoplay feature.
Autoplay begins reading from a drive as soon as you insert media in the drive. As a result, the setup file of programs and the music on audio media start immediately.
By default, Autoplay is disabled on removable drives, such as the floppy disk drive (but not the CD-ROM drive), and on network drives.
If you enable this setting, you can also disable Autoplay on CD-ROM drives or disable Autoplay on all drives.
This setting disables Autoplay on additional types of drives. You cannot use this setting to enable Autoplay on drives on which it is disabled by default.
Note: This setting appears in both the Computer Configuration and User Configuration folders. If the settings conflict, the setting in Computer Configuration takes precedence over the setting in User Configuration.
Note: This setting does not prevent Autoplay for music CDs.

It should be noted that this setting does not prevent Autoplay for any removable drive that happens to have a partition formatted with CDFS, as Windows will assume there must be a copy-protected Audio CD somewhere and turn over full rights to the machine, as per the DMCA.

Microsoft also provides a facility to restore Autoplay settings to their defaults, downloadable as the Autoplay Repair Wizard.[3]

---

[edit] How Explorer recognizes AutoRun capability

Autorun can be disabled using the group policy editor gpedit.msc. This method, though, doesn't prevent all "on-click" autorun/autoplay behavior (see the discussion above).

Finally, AutoRun can also be disabled by the program that controls the foreground window by handling the "QueryCancelAutoPlay" Window message. See the Microsoft documentation for more details.

As shown belown, there are also easier (Windows) OS specific methods.

[edit] Windows XP

The registry value NoDriveTypeAutoRun at the registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer can be used to disable AutoRun:

Variable	Number	Hexadecimal
No autorun at all	181	0xb5
Autorun only CDROMs	149	0x95
Autorun only flash drives	177	0xb1
Autorun both CDROMs and flashdrives (the default starting from XP SP2)	145	0x91

Changes to this value do not require any system or explorer restart as long as the registry editing is done by any method except the manual regedit method.

This method, though, doesn't prevent "on-click" autorun.

[edit] Windows 9x/Me (?)

Explorer uses registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveAutoRun to determine which drives cannot use AutoRun. Bit 0 corresponds to drive A:, bit 1 corresponds to drive B:, and so on.

The registry value NoDriveTypeAutoRun at the registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer can be used to disable AutoRun. The value should be hexadecimal 95 if AutoRun is enabled on all CDs, or B5 if disabled for CDs. (To test AutoRun on a floppy disk, this value should be set to 91). The system needs to be rebooted for a new value to take effect. After altering AutoRun capability flags, the changes take effect after restarting Explorer.

Variable	Number	Hexadecimal	Drive type(s)
DRIVE_UNKNOWN	1	0x1
DRIVE_NO_ROOT_DIR	2	0x2
DRIVE_REMOVABLE	4	0x4	Disk can be removed from drive, such as floppy disk, removable cartridge
DRIVE_FIXED	8	0x8	Disk cannot be removed from drive, such as hard disk
DRIVE_REMOTE	16	0x10	Network drive
DRIVE_CDROM	32	0x20	CD-ROM drive
DRIVE_RAMDISK	64	0x40	RAM disk

If either NoDriveTypeAutoRun or NoDriveAutoRun specify that AutoRun should be disabled for a drive, then it is disabled for that drive.

[edit] Sample autorun.inf file

[autorun]
;ShellExecute=index.html
icon=foobar.ico
action=Foo Bar [1]
shell=doubleclick.exe
shell\configure=&Configure...
shell\configure\command=setup.exe
shell\install=&Install...
shell\install\command=setup.exe
Shell\Option1=Text1
Shell\Option1\Command=option1.exe
Shell\Option2=Text2
Shell\Option2\Command=option2.bat
label=My backup data

[edit] Sample USB-ready autorun.inf file

In USB flash drives, the autorun.inf file needs to be a little different in order to be launched automatically - instead of the "open=" command, it must use "Label=", "shellexecute=" and "UseAutoPlay=1":

[autorun]
;open=foo.exe bar
ShellExecute=foo.exe bar
Label=Label of flash drive
UseAutoPlay=1

[edit] AutoPlay

AutoPlay is the name of a different feature in Microsoft Windows. For example: When AutoPlay is enabled, and the user inserts an audio CD, Windows Media Player automatically commences playback (alternately, the disc's contents are automatically displayed in Windows Explorer). As with AutoRun, this feature can be disabled. Under Windows XP, there is a tab called AutoPlay in the drive properties dialog where one of four different behaviors can be chosen ("Play", "Open folder to view files", "Take no action" and "Prompt me each time to choose an action").

The method described above only works for drives that are permanently mounted. It's possible to prevent the AutoPlay feature from searching a removable storage device for something to run every time it's plugged in. This is accomplished using TweakUI, a utility developed by Microsoft programmers for editing various portions of the operating system without resorting to the registry. In TweakUI, select "My Computer," then the sub-category "AutoPlay" then "Drives." Disabling all the drives will disable autoplay entirely.

Windows Vista offers a control panel applet to configure AutoPlay settings globally. However, holding down the Shift key opens AutoPlay regardless of the default setting in Windows Vista.^[2]

[edit] Xfce

Xfce's file manager, Thunar, contains Volume Management settings, through which the user can make Xfce:

• automount and/or browse removable media when hot-plugged or inserted.
• run programs or open files on new drives and media.
• start a recording program when a blank optical disc is inserted.
• play multimedia on CD, Video CD, DVD, or portable music players.
• import photos from digital cameras and/or sync with handheld computers when connected.
• run a program when a printer, a USB keyboard, a USB mouse, or a graphics tablet is connected.

[edit] Tools

• AutoPlay Media Studio
• Autorun Pro
• Autorun MAX!

[edit] References

[edit] External links

This section's citation style may be unclear. The references used may be clearer with a different or consistent style of citation, footnoting, or external linking.

• MSDN: Enabling and Disabling AutoRun
• MSDN: AutoRun.inf Entries
• Autorun application (open-source)
• Autorun
• Autorun Wizard
• USB Drive Autorun.inf Tweaking
• GPEdit disable autoplay.
• Microsoft Autoplay Repair Wizard download.
• Autoplay in Windows XP: Automatically Detect and React to New Devices on a System Stephane St-Michel and Brian Aust, MSDN Magazine Nov 2001. Provides an in-depth look at AutoPlay for both volume and non-volume devices, highlighting differences between XP and previous Windows versions.
• Preventing and Removing Autorun.inf Virus
• TechRepublic Article: "How do I … create the autorun.inf file for my CDs and DVDs?"
• Memory Stick Worms

v • d • e Windows Components Core Aero · ClearType · Desktop Window Manager · DirectX · Explorer · Taskbar · Start menu · Shell (namespace · Special Folders · File associations) · Search (Saved search · iFilters) · Graphics Device Interface · Imaging Format · .NET Framework · Server Message Block  · XML Paper Specification · Active Scripting (WSH · VBScript · JScript) · COM (OLE · OLE Automation · DCOM · ActiveX · ActiveX Document · Structured storage · Transaction Server) · Previous Versions · Win32 console Management tools Backup and Restore Center · command.com · cmd.exe · Control Panel (Applets) · Device Manager · Disk Cleanup · Disk Defragmenter · Event Viewer · Management Console · Netsh · Problem Reports and Solutions · Sysprep · System Configuration · Task Manager · System File Checker · System Restore · Windows Installer · PowerShell · Windows Update · WinSAT · Windows Easy Transfer · System Policy Editor Applications Calculator · Calendar · Character Map · Contacts · DVD Maker · Fax and Scan · Internet Explorer · Journal · Mail · Magnifier · Media Center · Meeting Space · Mobile Device Center · Mobility Center · Movie Maker · Narrator · Notepad · Paint · Photo Gallery · Private Character Editor · Remote Assistance · Sidebar · Snipping Tool · Sound Recorder · Speech Recognition · Windows Media Player (11) (12) · WordPad Games Chess Titans · FreeCell · Hearts · Hold 'Em · InkBall · Mahjong Titans · Minesweeper · Purble Place · Solitaire · Spider Solitaire  · Tinker Kernel Ntoskrnl.exe · hal.dll · System Idle Process · Svchost.exe · Registry · Windows service · Service Control Manager · DLL · EXE · NTLDR / Boot Manager · Winlogon · Recovery Console · I/O · WinRE · WinPE · Kernel Patch Protection Services Autorun · BITS · Task Scheduler · Wireless Zero Configuration · Shadow Copy · Error Reporting · Multimedia Class Scheduler · CLFS File systems NTFS (Hard link · Junction point · Mount Point · Reparse point · Symbolic link · TxF · EFS) · FAT32·FAT16·FAT12 · exFAT · CDFS · UDF · DFS · IFS Server Domains · Active Directory · DNS · Group Policy · Roaming user profiles · Folder redirection · Distributed Transaction Coordinator · MSMQ · Windows Media Services · Rights Management Services · IIS · Terminal Services · WSUS · Windows SharePoint Services · Network Access Protection · DFS Replication · Remote Differential Compression · Print Services for UNIX · Remote Installation Services · Windows Deployment Services · System Resource Manager · Hyper-V Architecture NT series architecture · Object Manager · Startup process (Vista) · I/O request packets · Kernel Transaction Manager · Logical Disk Manager · Security Accounts Manager · Windows Resource Protection · LSASS · CSRSS · SMSS · MinWin Security UAC · BitLocker · Defender · DEP · Protected Media Path · Mandatory Integrity Control · UIPI · Windows Firewall · Security Center Compatibility Unix subsystem (Microsoft POSIX  · Interix) · Virtual DOS machine · Windows on Windows · WOW64