If you plug a USB drive into Microsoft Windows, in many cases it will try to do things “for you” with the drive. Not a great idea. There could be malware lurking on that USB drive.
There are a couple of things you can do to help mitigate the issue. These tips assume Windows 11.
Turn off Autoplay
- Open Settings. Press Windows + I to open the Settings app.
- Go to Bluetooth & devices. In the left sidebar, click on “Bluetooth & devices.”
- Select Autoplay. Scroll down and click on “Autoplay.”
- Turn Off Autoplay. You’ll see a toggle switch labeled “Use Autoplay for all media and devices.” Turn this off.
This will turn it off completely. You can, if you want, make individual settings for different types of devices.
Deny Execute Access (Pro or Enterprise versions of Windows 11)
- Open Group Policy Editor. Press Windows + R, type gpedit.msc, and press Enter.
- Navigate to the Removable Storage Access Policies. Go to Computer Configuration > Administrative Templates > System > Removable Storage Access.
- Modify Policies. You can enable the policy “Removable Disks: Deny execute access” to prevent execution from removable drives.
- Apply and Reboot.
Note, there are some cases where you may want to execute scripts or programs from a removable drive. If that’s the case, you may not want to do this, or make a note of it so you can re-enable if needed.
Uhhh… Shouldn’t you just not plug random shit into your computer?
Think of it as a seatbelt. You don’t plan on crashing your car, but shit happens. It’s even possible a brand new USB drive from a “reputable” company could have something on it.
You forgot the lack of mental capacity in the average windows victim.
It’s surprising how many people will plug in a random USB drive that they find. Apparently that’s how the CIA got the Stuxnet virus into Iran’s system and nerfed their centrifuges back in the day.
Usb killer: you guys do things with the computer?
Some malicious USB drives have a capacitor that will discharge and fry your whole system. Unless you have an air-gap system that you don’t care about, unknown USB drives should be disposed of.
Oh, and all this and more can be accomplished with a sneaky charging cable too. So you have to dial in your level of paranoia to suit your situation. The person most likely to tamper with your computer is a spouse. Search and chat histories as well as GPS devices are becoming common in divorce cases.
An hour old post about Windows on the Fediverse and no one has said use Linux?
Use Linux.
…with usbguard installed and configured with a default-deny policy.
wasn’t autoplay here since like win98 or so though?
95, and they disabled it circa Vista because it was obviously a stupid idea.
Ironically, this was originally only for drives that reported themselves as optical media (CD/DVD), but now modern versions of Windows actually won’t autoplay an immutable commercially pressed CD, even if it has the correct autoplay.inf file on its root directory structure, but somehow it will autorun things on a flash drive which is a medium explicitly capable of being fucked with by a malicious actor.
Because that makes sense.
It does make sense from the perspective of “destroy the public’s perception of ‘unsafe’ USB storage so that we can push them to use our ‘safe’ cloud storage (on our terms) instead”.
That seems to be the opposite of what the others are saying: https://en.wikipedia.org/wiki/Autorun.inf#Inf_handling
Windows 7, Windows 8, Windows 8.1, Windows 10
For all drive types, except DRIVE_CDROM, the only keys available in the [autorun] section are label and icon. Any other keys in this section will be ignored. Thus only CD and DVD media types can specify an AutoRun task or affect double-click and right-click behaviour.[9][10]
Malicious actors are getting USB drives to autorun somehow. If they’re not using built in Windows capabilities, they’re engaging in shenanigans emulating HID inputs over USB or something.
All I know from personal experience is that modern Windows will not autorun a CD anymore, even though up until XP it would.
I just checked a freshly installed Windows 11 and the autoplay is off by default.
Were you trying to get upvotes just for the fun of it??
First of all I believe you are incorrect.
You’re doing a single anecdotal “test” from (I assume) one copy of the installation media. News flash, not all installation images of Windows 11 are the same.
And I will answer your anecdotal evidence with some anecdotal evidence of my own: almost every friend and coworker I’ve asked about this says Autoplay is on. And when I check Google or ChatGPT, they confirm that a fresh install of Windows 11 will have it on by default. So…I guess everyone else is wrong about this but you’re right about every installation of Windows 11.
Secondly, your question ignores the fact that people should probably check to see if it’s on. It can get turned on accidentally or even by an update. Microsoft is constantly messing arbitrarily with user preferences and settings with their weekly updates. You do know that, right?
Finally, you posted some version of this same reply multiple times in this thread. Why? Are you just doing that to “get upvotes for fun”?
BTW, there’s no karma on lemmy…upvotes don’t matter.
It’s fine to correct someone, but first do a better job of checking your methodology, and second, don’t assume their motivations for trying to share helpful info.
I checked two more computers after reading your reply (first time setups) and they all have autoplay off, so I remain skeptical of what you stated.
There are so many trolls and misinformation floating around.
As far as I have seen with those “fresh” installs, your information is not matching the reality here, so I’m moving on to other sources.
