The 'Autorun' feature of Windows (which is enabled by default in all versions of Microsoft Windows since XP) IS convienient for users as it enables certain actions to be performed automatically when a removable device is inserted - such as a music player starting.

However, Autorun is highly dangerous from a security standpoint, as malicious programs can be executed without any user knowledge or  intervention.

The now infamous Stuxnet and Conflicker worms (and many other Worms/ Malware / Trojans) are designed to infect any USB device that is inserted into an inffected PC.

These worms then proceeds to copy itself and its potentially dangerous payload onto the memory drive, and they also replace the "autorun.inf" file.

This new Autorun file is then designed to automatically launch the virus, and infect any computer the next (and every) time the USB stick is inserted into a PC.

Disabling Autorun

System administrators should always disable autorun on all PC’s to protect themselves (which can be achieved quite easily via Group Policy), however there is a problem;

Disabling autorun in Windows has a knock on effect of seemingly disabling all Hardware Encrypted devices, so they appear to users as to be not working.

For SafeXs, SafeStick, G&D or Kingston DTVP-M drives, this means that the application that unlocks the storage partition is not able to run, and so the user cannot enter their password to unlock their drive without manually executing the program.

**Update** As at February 11th via their monthly Security Update patches, Microsoft have disabled the highly dangerous "Autorun" feature for USB devices as a default in many versions of Windows.

SafeXs, SafeStick, G&D and Kingston Enabling Autorun Tool

BlockMaster have addressed this by creating a special tool, which can be deployed seamlessly through active directory group policy.

This tool allows Windows autorun to be disabled as per best security practice, but allows SafeStick's, Kingston secure drives, SafeXs or G&D drives to be recognised and initialised, and so the end user experience is maintained.

Request a download of this free tool

SafeStick / SafeXs Active Malware Protection

All SafeXs / SafeStick device feature full, active, non-bypassable anti-malware protection built in at no extra cost.

It is impossible for any SafeXs / SafeStick to become infected by any USB malware, virus or worm which attempts to alter the Autorun.inf file.

There are no other Hardware Encrypted Device that have this in-built anti-malware feature.

Enforce Port Control

Softek always recommend that System Administrators use a comprehensive port control solution such as DeviceLock to granularly control their portable data environment.

StickApps

For advanced, portable anti-virus StickApps Anti-Virus is also available, which also has the ability to detect keyloggers.