Setting Autoplay "Ask Me Everytime" pose any security loop holes?

[TJCS]

Will setting the AutoPlay options to "Ask me everytime" in Windows 7 allow the possibility of malware infected external devices from executing commands on your system without permission? Is it still recommended to set AutoPlay to "no action" for all external devices?


Found a good read on the topic:

• AutoRun changes in Windows 7 (AutoPlay also covered)


Seems like a good update to Windows AutoPlay. I never use autorun for my devices, but I m more interested in the "open to view files and folders" for convenience. Every once in a while I may need to plug-in external device from others to my machine, so is there a known risk to the convenience?

 

[TJCS]

bump

 

[lxskllr]

It looks like you'd still be at risk if the drive has U3 software, or something similar, and the virus executes by mimicking a CD. I always turn any autoexecuting crap off, because I don't like boxes popping up asking me what to do. I prefer browsing the drive/disc myself, when I want to do it. Many times I plug one in, in preparation of doing something, but I'm not ready to at that minute.

 

[TJCS]

Thanks for the feedback. I agree with a possibility of an exploit on the U3 software or something similar. I will stick with the autoplay off.

 

[nascentt]

Just wanted to correct some information here, as this thread ranked quite high on google.

U3 is designed to not change the system it is connected to, of course there's risk of the U3 system being altered to disregard that rule, or for a similar device to be created to accomplish malicious tasks, but U3 itself does not. Also, even if U3 were to be able to edit the system, autorun isn't launched by default, only the autoplay dialog is opened, with autorun selected by default. So the user still needs to confirm autorun.

This is not less of a risk than having a setup.exe or runme.exe on the usb root directory which is malicious. The reason Windows7 ceased the autorun support on usb drives was because conficker and other viruses were mimicking the Open with explorer feature within the autorun, causing users to inadvertantly launch autorun. http://i.imgur.com/yMqxV.png

This is just as possible with CDs and other media, but because CDs are typically read only an infected machine is less likely to be able to spread via CD.

 

[mechBgon]

Infecting the CD-burning folder is not that uncommon. Example: http://www.microsoft.com/security/p...x?name=Virus:Win32/Mabezat.B#techdetails_link This is why I think Microsoft should've included optical media in their update. I just disable AutoPlay on all drives via the Local Group Policy (for Win7, it's in User Configuration > Administrative Templates > Windows Components > Autoplay Policies).