I don't want help on this, otherwise I would have posted in TechOff, I am just trying to find out why autorun is not enabled for removable drives (but it is for CDs - which are themselves removable)? What was the justification made at the committee meeting
for not supporting it?
It is a security issue.
Imagine you have some sensitive files which your arch-rival wants, and that he comes into your room for a 'friendly' cup of tea. If auto-run on removable drives were enabled, it would be a simple matter for him to set the autorun executable to an executable
that silently copies files matching certain criteria into the removable drive itself. Thus all he would have to do is plug in the drive (without you noticing it, or with some other lame excuse), wait a while, and then plug it out again.
Of course, you should password protect sensitive documents.. but then.. how many of us do?
I'm pretty sure the new U3 drives will do autorun though. I haven't kept up with the standards and why they allowed those to run though.
It's not that there's no autorun whatsoever-- items can be added to the autorun box that pops up when you put in a disk and icons, menu items, etc. can still be customized per removable disk. They're just moving towards keeping programs from running
off removable disks without the user's consent. CD-ROMs haven't been changed for backwards compatibility (prior to SP2, when these changes took effect, removable discs outside CDs had no autorun capability, so adding mandatory data to the autorun.inf wouldn't
U3 drives and also UDRW drives work around this problem by simulating a CD drive that connects through USB allong with their disk drive.
Using U3 technology, you can easily silently copy files to your removable drive using autorun, which shows us that Microsoft's solution to this problem was a very temporary one which became useless once the industry found ways to work around it.
If you are worried about people connecting removable drives to your machine and stealing your corporate data you should install the Safend Protector which solves this problem in many original ways:
* Block U3 drives
* Block all kinds of autorun
* Block removable drives except for specific models.
* Allow only reading from removable drives.
* Encrypt the information that is written to removable drives (the information will be unreadable on machines that do not belong to your organization)
Safend also has a Personal edition for the Safend Protector which is free(!) In the personal edition the user has to enter his user name and password for confirmation before any the Safend Protector allows any removable device to start working.
Comments have been closed since this content was published more than 30 days ago, but if you'd like to continue the conversation, please create a new thread in our Forums, or Contact Us and let us know.