Windows by default has AutoPlay configured. AutoPlay (once called AutoRun in older Windows operating systems) is that little program that starts up the software whenever you connect a USB flash drive, an external hard drive, or pop in a CD or DVD. It was handy back in the old days of innocent computer use… but AutoPlay is increasingly used by evil programmers who want to spread malware and viruses. It is now recommended that you disable AutoPlay on your computer if you use USB flash drives or other portable peripheral drives like it.
There’s been a rash of infections in recent months that can be traced back to infected USB or other removable devices being used to transmit malware from one machine to another. The culprit is autorun. Even if you think you have it turned off, I’m betting you don’t have it turned off – not completely anyway.
Autorun (or autoplay, as it’s sometimes known as or confused with), is a very convenient feature of Windows that, as its name implies, allows things to happen “automatically” when you insert a removable device such as a CD-ROM, USB Memory stick or attach a device like a digital camera.
And yes, absolutely, it’s evil, and should be turned off completely as soon as you possibly can do so. The reason is very, very simple: autorun can be seriously abused by viruses and other forms of malware.
…autorun can be used to automatically launch software, either already on your machine or on the removable media. This is good when it’s the CD player software installed on your machine automatically playing the CD you just inserted, and it’s bad when it’s a virus that installs itself automatically.
There are several ways to disable AutoPlay, depending on your computer skills, and the operating system you have.
For Vista, it’s easy to disable it. Go to CONTROL PANEL >> HARDWARE AND SOUND >> AUTOPLAY. In Classic View of Control Panel, look for AUTOPLAY in the alphabetical list.
At the top, under the Menu Bar, you’ll see a box that says “Use AutoPlay for all media and devices.” Deselect it. 
From there, you can customize the defaults, how Windows will handle various drives and files. It is recommended that all drives be changed to “Take No Action” in the settings.
Now be warned that this fix works in MOST cases. But you know– this is Windows we’re talking about. Depending on your operating system brand, your updates, your hair color, blah blah, this fix may not work for you. In such a case, you can download updates, or you can hack the Registry yourself to fix it. Here are some very helpful links with tutorials and screenshots if you need more information or more detailed instruction.
How-To Geek Forums: Disable AutoPlay in Windows Vista
How-To Geek Forums: Disable Autoplay of Audio CDs and USB Drives for XP
Ask Leo: How do I *really* disable auto-play in Windows XP?
After you have disabled AutoPlay, no window will pop up and nothing will run when you insert a USB flash drive or CD/DVD into your computer. So how do you access the drive? Go to COMPUTER, either on your Desktop or look for it in your START MENU. You will see a listing of drives there. Double-click the drive you want to open, and your portable drives files are there.
It’s just too risky in this day and age of malware and viruses and worms to leave your computer susceptible to them. It is recommended by the security geeks that you disable AutoPlay. I have learned to live without it, and love it.
![[del.icio.us]](http://images.del.icio.us/static/img/delicious.small.gif){kind=small}
#1 by Karen on November 30, 2009 - 7:34 am
I don’t understand. If you are putting something in your computer, something you bought yourself, how can it have malware on it?
#2 by Mrs. Mecomber on November 30, 2009 - 11:42 am
Hi Karen. Well, I was mainly referring to USB drives and disks that are shared amongst people’s computers. One computer may have a virus. That virus looks for places to mulitply– so it finds a cozy home on a USB flash drive. When someone else inserts the USB drive into their computer, the AutoPlay function automatically loads the software on that drive, which installs the virus onto the second computer.
But believe it or not, even new drives can have malware installed. There was a news story several years ago about brand new Seagate hard drives– they were made in China, and someone over there installed malware and spyware on them. So even a brand new computer could possibly have malware and spyware.
#3 by The Evangelist on December 5, 2009 - 4:13 pm
@Mrs. Mecomber: I can remember seeing something recently about an OEM having a disk image with malware already installed.
It’s sad that it has to come to this, but it does. The real problem now is that the users that really need to know this information won’t find it, and even if they did know they might have trouble if a window didn’t pop up immediately when they plug in their drive anyways.
We live in a day where every feature of the OS is seen as a possible attack vector. Microsoft needs to work on these problems, or they risk a huge trade-off of either usability or security.
#4 by Mrs. Mecomber on December 7, 2009 - 9:04 am
Right you are!
But aren’t the Linux and Apple OS’s just as vulnerable? I thought the only reason they weren’t attacked like MS is because they are not as widespread as MS.