|This is the talk page for discussing improvements to the AutoRun article.
This is not a forum for general discussion of the article's subject.
|WikiProject Microsoft / Windows||(Rated B-class, Low-importance)|
|WikiProject Computer Security / Computing||(Rated B-class, Mid-importance)|
- 1 Explanation of Sample AutoRun.inf File
- 2 Factual inaccuracy
- 3 A better way?
- 4 Beat the Home Team!
- 5 Bold and italicized comments should be worked into the article
- 6 Can someone confirm the different (Windows) OSes?
- 7 How long should Shift be pressed?
- 8 GPedit section
- 9 AutoPlay vs AutoRun
- 10 A LOT OF MISSING INFORMATION ON THIS PAGE!!!
- 11 I'll do it
- 12 Old requested move
- 13 Rewrite completed
- 14 Requested move
- 15 Issues
- 16 Mitigation section - a kind of "security tips guide" is unencyclopedic
- 17 stuxnet
- 18 Microsoft kills Autorun
- 19 "chance of malware infiltration"?
- 20 AutoRun vs. AutoPlay
- 21 External links modified
Explanation of Sample AutoRun.inf File
I too am hesitant to alter the article for the same reason, but I do know that the method presented for disabling AutoRun via the Registry is actually the method for disabling AutoPlay, and is exactly what TweakUI does for you from a friendlier interface. Those instructions ought to be moved to the AutoPlay section.
AutoPlay can use information from the AutoRun.inf file, and can be made to add an option (specified with an action= line) to the AutoPlay menu, or--in the case of a CD-ROM---to execute a program immediately without prompting the user. According to the MSDN reference on autorun.inf syntax (http://msdn2.microsoft.com/en-us/library/bb776823.aspx), this ought not to be possible from a removable USB flash drive. Explorer also uses information from the AutoRun.inf file, such as to add options to the drive's context menu, to change the icon and name displayed for the drive in Explorer, and to automatically launch a program on the media when the drive is double-clicked in My Computer.
What you really need to disable is the use of AutoRun.inf. Nick Brown's article previously mentioned (http://nick.brown.free.fr/blog/2007/10/memory-stick-worms.html) sounds to me like a brilliant option. It prevents both AutoPlay and Explorer uses of the AutoRun.inf file.
Could somebody who knows how to edit things properly make appropriate changes to the article?
- UPDATE: Please see http://autorun.synthasite.com/ for a more accurate description of the differences between AutoRun, AutoPlay, and Execution of the Drive's Default Command, and more... 220.127.116.11 (talk) 01:50, 3 April 2008 (UTC)
- Yhank you so much for this. This had been driving me nuts for weeks because my sister kept fucking up my PC with all the momory cards she borrows from her friends. For the love of god why did MS ever invent this "Feature". —Preceding unsigned comment added by 18.104.22.168 (talk • contribs) 14:28, 14 April 2008
A better way?
I'm hesitant to alter the article as I've never edited before, but: I don't feel disabling Autorun by setting
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CDRom to 0 is the best idea. In Windows 2000/NT/XP this also disables Media Change Notification (MCN) so Windows won't display the disk label or update displayed content when the disk in the drive is changed. (See newsgroup posts and my responses here.)
I'd recommend instead using NoDriveTypeAutoRun under the key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer, as explained in this Microsoft TechNet article: NoDriveTypeAutoRun and leaving the
Services\CDRom entry set to 1. You can then disable AutoRun\Play selectively on certain drives or by setting it to
0xFF (decimal 255) on all drives, without the unwanted side-effects.
Comments welcome! --Nowl 15:09, 27 April 2007 (UTC)
Beat the Home Team!
This article lacks information about autorun.inf commands, some (but not all) of which is available at http://support.microsoft.com/kb/818804. Information about commands 'action' and 'label' (and perhaps others) is absent even from there, probably due to the age of the page (Last Review: July 12, 2004). Such information's inclusion here would either encourage MS to update their article or beat them at describing their own product. Thanks!--Jesdisciple (talk) 05:09, 7 December 2007 (UTC)
Bold and italicized comments should be worked into the article
Sorry I just dumped a bunch of bold-italicized text into the middle of the article in a couple places. I just don't have time to rewrite things correctly and am hoping someone else can pick up the pieces. There is a lot of confusion over what AutoRun and AutoPlay means. I think a lot of people might be coming here for information on how to totally kill this insane feature. I know I did because we got infected by a virus jumping around on a memory stick. None of the standard ways that Microsoft offers actually stops AutoPlay from running when the user naturally double clicks on CD-ROM or USB stick drive icons. I only found that one article about the non-standard way of killing AUTORUN.INF files permanently. And it works perfectly. By itself, it prevents code on media from ever running without the user actually clicking directly on the executable itself. So I wanted to get this important info out there. --22.214.171.124 (talk) 01:42, 4 March 2008 (UTC)
- What is up with this article? The bold/italicized stuff should just be worked into the content instead of pointing out errors with the article. I don't have time to edit this, but someone fix it-- it's just dumb. --126.96.36.199 (talk) 18:25, 5 March 2008 (UTC)
Can someone confirm the different (Windows) OSes?
Previously there was only one technical registry table, but I can confirm Windows XP uses another table, which I detailed. However, I have no idea which OS the editor of the previous table had in mind, so I just assumed they meant older Windows than XP. Also, can someone confirm if Vista uses XP's blocking methods or something entirely new? -Lwc4life (talk) 10:06, 29 June 2008 (UTC)
How long should Shift be pressed?
Arguments for keeping this section:
1. The bulk of info is direct from Microsoft (authoritative), and is relevant to the article.
2. It explicitly instructs the reader how to use gpedit, which is only alluded to in the next section. If the wiki article can contain explicit .ini code, then the level of detail I added is reasonable.
Additionally, it does prevent Explorer's double-click open invocation of autorun.ini for CDrom/DVD's (restoring normal Explorer open of drive). This is valuable information. I looked long and hard throughout the web for how to do this, and an explicit note in this Wiki article would have saved me much trouble.
3. The section has several valid references (including link to Microsoft for Autoplay repair). Again, valuable and relevant information.
(Exlex) Before removing this section please explain why it doesn't belong. My edit only added info to the aticle. You provided no rationale for deleting, which is unacceptable unless addition is vandalism. —Preceding unsigned comment added by Sulewasi (talk • contribs) 23:59, 12 September 2008 (UTC)
AutoPlay vs AutoRun
Just to expand further, if there is an important difference, I don't feel the article makes it clear. The intro paragraph says they are merely different spellings, but deeper in the article, the section on AutoPlay says that term refers to automatically playing back an audio CD or a video. That would mean AutoPlay is much more restricted in what it can do. AutoRun, if I understand the distinction, takes instructions from the autorun.inf file, and could tell the computer to do just about anything. Is that correct? Spiel496 (talk) 16:14, 3 October 2008 (UTC)
A LOT OF MISSING INFORMATION ON THIS PAGE!!!
I hate to put it this way, but the problem with this page is that it is missing a LOT of AUTORUN.INF file information.
I'm not so good at putting info on pages, but... http://www.autoruntools.com/autorun-inf.php has a lot of info that this page doesn't. can someone put this on the page? Your own words, of course. Tangmeisterjr (talk) 20:36, 5 October 2008 (UTC) is the best.
I'll do it
I've typed up a significant amount of text already on autorun, specifically on autorun.inf and the technical details surrounding autorun. I'll update this wiki entry with what I have and try and integrate all the items on this talk page into it.
I cannot just copy swathes of text from msdn without entering the realm of copyright so I'm avoiding that pitfall (which takes a bit of time and rewriting).
I feel it's very important to mention microsoft knowledge base articles KB950582, which fixes the very very long standing problem of disabling autorun correctly and KB953252 which references that fix. These are recent (Sep 2008) fixes which primarily change Double Click, Contextual Menu and AutoPlay functionality. I'd consider them top-rated security patches against autorun worms.
I'll have to take screenshots and images of the AutoPlay popups and right click dialogs from Windows screenshots. I believe that qualifies as fair use under Wikipedia guidelines.
Before I commit, I just want to put my intentions up on the Talk Page. First I've done a complete rewrite and it's loooong. 75KB of raw text + images. I want to change the page name slightly to AutoRun and do a redirect from Autorun. The different capitilisation seems pedantic but is much more common and seems to be official. I have to look up a lot of wikipedia edit how-tos before I finally make the change. I'm wondering can I just make the change or should I put up an example page first... If I do, it'll be soon and at User:Carveone/Sandbox...
Old requested move
I've been working on this for a while (ok, ages) and have saved my rewrite of the AutoRun article. I've done my best to conform to style and referencing criteria. I went through this Talk page to make sure all the points people have raised in the past have been included in the rewrite including the autorun.inf file, shift key, difference with AutoPlay etc.
- I'll have to write a new AutoPlay article. The current one is just a redirect to a section in this article. AutoPlay is a distinct feature.
- I cannot move "Autorun" to "AutoRun" as the existing AutoRun page, which is just a redirect, has edit history. Which is quite frustrating. My requested move resulted in no consenses, mostly due to it being holidays... I think I'll have to resubmit because I really would like the name to be the correct one.
- Ghettoblaster just changed some pre tags to source lang=ini tags. I understand your rationale behind that change, and tried it myself first, but it doesn't really render neatly. At least in my browser (IE6) it doesn't. The external link icons don't always work either of course, but that seems to be a browser issue. Carveone (talk) 17:20, 6 January 2009 (UTC)
- I tested it using IE8 and FF3. The syntax highlighting seems acceptable for me. What do you mean with "external link icons"? Ghettoblaster (talk) 17:28, 6 January 2009 (UTC)
- Also, I tried to use lang="reg" for the registry files, but I had no success trying to include the empty line at the end. Ghettoblaster (talk) 17:30, 6 January 2009 (UTC)
- I guess IE6 has a few issues. The dotted line around the text isn't complete and it looks odd. Funnily enough, the one text example that looks perfectly well is the one that took me ages to figure out - the shifted in example at the bottom of the [content] section. It's in a transparent table, that's how I managed to shift it in without it being a mess... This is all just mediawiki weirdness. When I mean "external link icons", I mean the little box with the arrow out of it that accompanies every external link (like all the References). Sometimes it isn't there - I can resize the window and it will reappear and disappear, so it's an IE issue! For a while I thought I was doing something wrong but I wasn't.
- Zoom feature of your browser you mean. I was using 800x600 at the time and it just looked a mess. Anyway, I put in the syntax highlight for a laugh. See how that goes. It's a horrible horrible nasty hack. I use a line starting with Alt+255 which produces a character that looks blank. Yuck. I guess the source lang=reg feature should be fixed instead. As an aide the MoS says not to use colour anywhere, but then I don't know why they have source lang existing.... Carveone (talk) 18:24, 7 January 2009 (UTC)
I'd like to address a few issues with the AutoRun article as it stands.
One is length - it's just too long. I indend to split autorun.inf documentation off into its own article. This seems a reasonable action to me.
Second, when I first wrote the article, there was a lot of problems regarding properly disabling AutoRun actions. Therefore there's a lot of referencing and content regarding issues that have been addressed by Microsoft. Patches cover all Windows versions back to Windows 2000, with Windows 98 and Windows 95 not affected (admittedly I tested this myself rather than reference it but I'd say noone cares). This is now old news and patches can be referred to as historical behaviour.
All this makes the article unnecessarily cluttered with what appears to be howto style content rather than cold factual information. I did it this way, mainly in AutoRun#Altering AutoRun behaviour, to address the staggering amount of garbage and misinformation I found on the web. I reduced pandering as much as I could but I've probably gone a bit far in some sections: eg: AutoRun#Changing Registry settings is a bit much!
Lastly the recent change regarding MountPoint2 (the piracy bit) might be from a MS employee, it's completely uncitable as far as I know. Either way, if this key does override the Autorun settings if you insert a drive that your computer has seen before, then it's a bug which should have been fixed by an MS patch in the mean time. Either way, I think the MountPoints2 section can be elided.
Interested in feedback.
- As I'm the original author I went and made the necessary changes! Changes complete. autorun.inf now a new article as a fork from this article. There are some minor edits through the article in the interests of being precise along with some reordering and regrouping.
- Article updated to reflect that patches to the autorun bug are now distant history and to reflect current Microsoft policy in Windows 7. Patch text elided - it is not relevant except as a historical note.
- Removed excessive pandering, which is probably the concern of the person who places the howto tag. I'll admit the Registry section is still a bit basic but I believe it is necessary for the article to stand on its own. The ini file mapping overlapped the INI file article and was rather over done.
- Removed obvious and vile spam and self promotion. Thanks to Sander Säde for doing this as well. Presumably this is the latest spam vector.
- The Windows 7 section in Group Policy is meant to be a placeholder for information that does not appear to be available yet. A reminder if you will...
- TweakUI is badly broken with regards to AutoRun registry changes but I can't say that (opinion). I've said the same thing in a deadpan neutral tone though!
- NB: Lpfi made a change to the IQueryCancelAutoPlay sentence to remove the reference to background application, citing reference. That's incorrect and based on misunderstanding of "foreground application". By definition this is the application with input focus. The reference advises that "IQueryCancelAutoPlay is intended only for use by user-launched applications that are currently running...". That's not the same thing saying that only the foreground application can receive the message! A user-launched application could easily not be the foreground window simply by being minimised.
Mitigation section - a kind of "security tips guide" is unencyclopedic
Wikipedia is an encyclopedic reference, not an instruction manual, guidebook, or textbook. ... If you are interested in a "how-to" type of manual, you may want to look at wikiHow or our sister project, Wikibooks.
- It is often possible to reword such instructions to be encyclopedic. How the security problem can be mitigated is relevant. Sources can probably be found (but I know too little about Windows for that). --LPfi (talk) 10:50, 30 November 2009 (UTC)
- Yes, I wouldn't have put them in there if I didn't think it was relevant to the article. I thought a list would be less wordy and it essentially summarises previous content. Still, I'll take a look at how to rephrase...
- While I'm at it some points:
- I find Sander Säde's recent edit comment offensive enough to give up editing wikipedia. "rm bs"? Really. Thanks for your contribution which is as useful as the guy whining about commas. For your information companies were indeed pouring glue into usb slots. Which is why I mentioned it. It's relevant. Don't want editors taking it personally? Then stop using personal attacks in your comments.
- Group policy is possibly long enough to deserve a section heading rather than sub section.
- Windows 7 autorun.inf handling is incorrect as pointed out on the autorun.inf article. I'll update it.
- could rename Problems to Other issues
- could rename Mitigation to Attack mitagation or similar.
- TweakUI's autorun handling sucks. I've probably made that clear without being unencyclopedic. But it still looks like a bit of an ad for the product. Maybe delete that section?
- While I'm at it some points:
- Article updated. The mitigation section is referenced heavily and is a) a summary of the article itself along with b) actions recommended by Microsoft themselves (in various places) which have been gathered into one spot. Given that the original tag was added in a driveby fashion and then left undiscussed, the tag is removed and that ends the discussion.
- Interested in comments on the grammar perhaps given that I'm not an English major!
- Carveone (talk) 15:08, 1 February 2010 (UTC)
Microsoft kills Autorun
Please see http://www.geek.com/articles/news/microsoft-kills-autorun-for-security-reasons-in-new-critical-update-2011029/ somebody that is much more knowledgable than i should update this wiki based on the recent microsoft updates. 188.8.131.52 (talk) 14:54, 10 February 2011 (UTC) dennis mennerich, k4the
- Thank you. That's very pertinent to the AutoRun page. I want to update both autorun and autoplay with Windows 7 appropriate info so I'll take a look and get on it! Carveone —Preceding unsigned comment added by 184.108.40.206 (talk) 16:35, 12 February 2011 (UTC)
"chance of malware infiltration"?
The article currently states: "Disabling AutoRun may force a user to double click the drive icon to get a contents list, thus actually increasing the chance of malware infiltration." This is a somewhat odd claim, not obviously true, and is unsourced. Why would double clicking the drive icon increase the chance of malware? And, using standard Windows Explorer folder view, drive contents can be accessed with a single click on the drive, no need to potentially launch something... -220.127.116.11 (talk) 21:54, 4 March 2011 (UTC)
AutoRun vs. AutoPlay
Is it possible to disable AutoRun but keep AutoPlay? How?
AutoRun is dangerous, and should generally be disabled. But, it would be convenient to still be able to automatically play inserted audio CDs and video DVDs. Is this possible?
There is a registry trick to kill autorun.inf processing, credited to Nick Brown:
REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf] @="@SYS:DoesNotExist"
Basic AutoPlay seems to keep functioning in XP after this registry tweak. This change completely inhibits the ability to run autorun.inf files, so installing some software then requires the ability to view and understand such files, to find the .exe file that needs to be installed.-18.104.22.168 (talk) 20:28, 11 June 2012 (UTC)
Hello fellow Wikipedians,
I have just modified one external link on AutoRun. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:
- Added archive https://web.archive.org/web/20061006000535/http://www.microsoft.com/windowsxp/downloads/powertoys/xppowertoys.mspx to http://www.microsoft.com/windowsxp/Downloads/powertoys/Xppowertoys.mspx
When you have finished reviewing my changes, please set the checked parameter below to true or failed to let others know (documentation at
You may set the
|checked=, on this template, to true or failed to let other editors know you reviewed the change. If you find any errors, please use the tools below to fix them or call an editor by setting
|needhelp= to your help request.
- If you have discovered URLs which were erroneously considered dead by the bot, you can report them with this tool.
- If you found an error with any archives or the URLs themselves, you can fix them with this tool.
If you are unable to use these tools, you may set
|needhelp=<your help request> on this template to request help from an experienced user. Please include details about your problem, to help other editors.