One of the questions in the Cyber Essentials self-assessment questionnaire reads “Is ‘auto-run’ or ‘auto-play’ disabled on all of your systems?“. So, what is “auto-run” or “auto-play” and how can you check if you have it configured properly?
What is auto-run or auto-play?
In Windows, Auto-run is a technology used to start some programs automatically when a CD, USB stick or other media is inserted into a computer. The main purpose of auto-run is to provide a software response to hardware actions that a user starts on a computer.
Auto-play is also Windows feature that lets a user select which program starts when a specific type of media, such as a CD containing music, or a USB stick containing photos, is inserted. During AutoPlay, a file, autorun.inf, which may be present on the media, is also parsed. This file specifies additional commands that will be displayed in the autoplay menu. Many companies use this to initiate software installers. You may have seen this when plugging in a printer or other hardware.
(Source: Microsoft Security Response Center Blog)
There’s good news if you’re running computers on Mac as auto-run is not a feature in Mac OS X or greater.
If you’re using a Linux desktop, you’ll need to check the details of the specific distribution(s) you’re using as some distributions support auto-run by default, some provide it as an option and others offer no support.
Why should I disable auto-run and auto-play?
While the features do make life easier for users, the security risks far outweigh the benefits. There have been innumerable past examples of malware taking advantage of this feature. By disabling them, you greatly reduce the risk of someone plugging in an infected device and, without realising it, installing a virus on your hardware.
How do I disable auto-run and auto-play?
In Windows 10, you can disable auto-run and auto-play with the following steps:
- Press the Windows icon in the lower-left corner of your desktop.
- Type in “autoplay” and click “AutoPlay settings”
- Use the toggle button at the top of the page to switch AutoPlay to “off”
If you administer lots of Windows 10 computers, you’ll probably want to disable this feature through Group Policy. You can do this with the following policies:
In Computer Configuration -> Administrative Templates -> Windows Components -> AutoPlay Policies:
- Set Turn Off AutoPlay to Enabled and select All Drives in the dropdown
- Set Set the Default Behaviour for AutoRun to Disabled and select Do Not Execute Any AutoRun Commands in the dropdown
Will this be checked as part of my Cyber Essentials assessment?
If you’re getting assessed for Cyber Essentials Plus, you’ll undergo an internal credentialed patch audit which will be performed with a vulnerability scanner. While it depends on the vulnerability scanning software that the certifying body is using, most, if not all, will determine if auto-run or auto-play are enabled and flag a risk if so.