AutoPlay Security Concerns when Computer is even Locked?

win10freak · 12 Sep 2017

With Windows 10, I dont know if this security issue is present or not by sticking in a CD/DVD or USB flash stick into a computer and malicius code can execute infecting the system.

My question is, was this the thing of the past with older Windows versions before Windows 10 was released?

Another question, when Auto Play is enabled letting all programs to launch automatically, does this only occur when a user is logged on, or can malicious code can even execute automatically using the Auto Play feature EVEN when the system is at the Windows logon prompt or Locked?

Here is an article on how to disable Auto Play overall in Windows 10.
https://www.howtogeek.com/236241/how...in-windows-10/

But my question is mainly, that can this be a security issue even when the machine locked or at the bootup Windows logon prompt?

dalchina · 12 Sep 2017

It was Autorun that was the principle security risk here, rather than Autoplay.

Autorun could lead to the execution of an exe file on the inserted medium. You can see the possible risk there.

Autoplay options are essentially a response to the type of medium inserted and the media on it.
If you inspect the options available here
Control Panel\All Control Panel Items\AutoPlay

for each category, there is little that should pose an obvious security risk.

win10freak · 12 Sep 2017

Is autorun still a security issue on Windows 10?

My question is, can anyone just walk to a locked computer and stick a USB device in it and execute malware on it?
Or does the user need to be logged on for that to happen?

That's my question here.

And is there a way to disable Autorun from the Windows 10 user interface?
I know that Autoplay is there in the Control Panel, but what about Autorun options?

dalchina · 13 Sep 2017

Perhaps your difficulty is that the terms Autorun and Autoplay became used almost interchangeably, when they were/are two different things. The use of Autorun to launch a program was removed in Win 7.
Windows 7 USB Autorun.inf

Thus the ability to launch an exe by this mechanism when inserting a device (an inf file) no longer exists.

If you do as I say or have already done so at most you can launch a program to play media or open explorer to view the files on an inserted device using Autoplay.

Given that you can assess the relative risk.

Here's a tutorial on Autoplay from the Tutorial section
Turn On or Off AutoPlay in Windows 10 Windows 10 Hardware Drivers Tutorials
which you're free to browse and search:
Windows 10 Tutorial Index Windows 10 Tutorials

swarfega · 13 Sep 2017

I've set mine as shown, hopefully that means it won't auto run a program when inserted.

AutoPlay Security Concerns when Computer is even Locked?-autoplay.png

dalchina · 13 Sep 2017

The program Autorun executed was a program on the removable device.

A fundamental difference is that the program launched by Autoplay is one you have installed on your PC, and by definition can be only within a restricted range related to the content and media type.

The control panel exposes more options which extend at least as far again as those shown.

AutoPlay Security Concerns when Computer is even Locked?-1.jpg

lx07 · 13 Sep 2017

win10freak said:

Is autorun still a security issue on Windows 10?

No - there is nothing to worry about. The facility to run programs automatically from external devices has been removed. In the past you could make a file called Autorun.inf and put this line in

Code:

OPEN=DodgyProgram.exe

That would automatically run the program DodgyProgram.exe when you plugged your USB key or inserted your CD. This functionality was removed by Microsoft in Windows Vista as it was (rather obviously in retrospect) very dangerous. See Autorun.inf Entries (Windows)

Autorun.inf isn't dropped though - you can still do some neat stuff with it if you are so inclined - for example I have this as my autorun.inf on my E drive to specify the drive name and icon

Code:

[autorun]
icon=Kyhi.ico
label=Kyhi Rescue

so it looks like this in file explorer.

AutoPlay Security Concerns when Computer is even Locked?-capture.png

simrick · 13 Sep 2017

lx07 said:

Autorun.inf isn't dropped though - you can still do some neat stuff with it if you are so inclined - for example I have this as my autorun.inf on my E drive to specify the drive name and icon

Code:

[autorun]
icon=Kyhi.ico
label=Kyhi Rescue

so it looks like this in file explorer.

That's great! I'm sure @Kyhi will like to see that.

@win10freak
You could always use Panda's USB vaccine or Bitdefender's USB Immunizer, for extra protection.
http://www.askvg.com/panda-usb-vacci...lware-attacks/

But, I don't think there's anything to protect you from one of these, unless you cap the USB ports off.
USB Killer, yours for $50, lets you easily fry almost every device | Ars Technica

.

win10freak · 13 Sep 2017

If Autorun was dropped in Windows 7, then why does the Group Policy for it in Windows 10 still shows to Enable or Disable it? Should I just disable Autorun from the Control Panel or should I disable it only from the Group Policy settings like shown in the image?

This is really confusing, as most tech articles out there refer Autoplay as the same as Autorun or the other way around...

And my main concern, can Autorun be executed automatically even when the machine is locked or the user is not logged on?

dalchina · 13 Sep 2017

No, as said above; the ability to launch an exe on the external medium from the inf file was dropped. Not Autorun.

Perhaps your difficulty is that the terms Autorun and Autoplay became used almost interchangeably, when they were/are two different things. The use of Autorun to launch a program was removed in Win 7.

My post #4.