YSK: Removable drives/thumb drives are potentially dangerous in Windows 11

Boozilla@lemmy.worldmod to You Should Know@lemmy.world – 173 points –

If you plug a USB drive into Microsoft Windows, in many cases it will try to do things "for you" with the drive. Not a great idea. There could be malware lurking on that USB drive.

There are a couple of things you can do to help mitigate the issue. These tips assume Windows 11.

Turn off Autoplay

  • Open Settings. Press Windows + I to open the Settings app.
  • Go to Bluetooth & devices. In the left sidebar, click on "Bluetooth & devices."
  • Select Autoplay. Scroll down and click on "Autoplay."
  • Turn Off Autoplay. You'll see a toggle switch labeled "Use Autoplay for all media and devices." Turn this off.

This will turn it off completely. You can, if you want, make individual settings for different types of devices.

Deny Execute Access (Pro or Enterprise versions of Windows 11)

  • Open Group Policy Editor. Press Windows + R, type gpedit.msc, and press Enter.
  • Navigate to the Removable Storage Access Policies. Go to Computer Configuration > Administrative Templates > System > Removable Storage Access.
  • Modify Policies. You can enable the policy "Removable Disks: Deny execute access" to prevent execution from removable drives.
  • Apply and Reboot.

Note, there are some cases where you may want to execute scripts or programs from a removable drive. If that's the case, you may not want to do this, or make a note of it so you can re-enable if needed.

58

You are viewing a single comment

wasn't autoplay here since like win98 or so though?

95, and they disabled it circa Vista because it was obviously a stupid idea.

Ironically, this was originally only for drives that reported themselves as optical media (CD/DVD), but now modern versions of Windows actually won't autoplay an immutable commercially pressed CD, even if it has the correct autoplay.inf file on its root directory structure, but somehow it will autorun things on a flash drive which is a medium explicitly capable of being fucked with by a malicious actor.

Because that makes sense.

It does make sense from the perspective of "destroy the public's perception of 'unsafe' USB storage so that we can push them to use our 'safe' cloud storage (on our terms) instead".

That seems to be the opposite of what the others are saying: https://en.wikipedia.org/wiki/Autorun.inf#Inf_handling

Windows 7, Windows 8, Windows 8.1, Windows 10

For all drive types, except DRIVE_CDROM, the only keys available in the [autorun] section are label and icon. Any other keys in this section will be ignored. Thus only CD and DVD media types can specify an AutoRun task or affect double-click and right-click behaviour.[9][10]

Malicious actors are getting USB drives to autorun somehow. If they're not using built in Windows capabilities, they're engaging in shenanigans emulating HID inputs over USB or something.

All I know from personal experience is that modern Windows will not autorun a CD anymore, even though up until XP it would.