177

If you plug a USB drive into Microsoft Windows, in many cases it will try to do things "for you" with the drive. Not a great idea. There could be malware lurking on that USB drive.

There are a couple of things you can do to help mitigate the issue. These tips assume Windows 11.

Turn off Autoplay

  • Open Settings. Press Windows + I to open the Settings app.
  • Go to Bluetooth & devices. In the left sidebar, click on "Bluetooth & devices."
  • Select Autoplay. Scroll down and click on "Autoplay."
  • Turn Off Autoplay. You'll see a toggle switch labeled "Use Autoplay for all media and devices." Turn this off.

This will turn it off completely. You can, if you want, make individual settings for different types of devices.

Deny Execute Access (Pro or Enterprise versions of Windows 11)

  • Open Group Policy Editor. Press Windows + R, type gpedit.msc, and press Enter.
  • Navigate to the Removable Storage Access Policies. Go to Computer Configuration > Administrative Templates > System > Removable Storage Access.
  • Modify Policies. You can enable the policy "Removable Disks: Deny execute access" to prevent execution from removable drives.
  • Apply and Reboot.

Note, there are some cases where you may want to execute scripts or programs from a removable drive. If that's the case, you may not want to do this, or make a note of it so you can re-enable if needed.

top 50 comments
sorted by: hot top controversial new old
[-] merthyr1831@lemmy.ml 161 points 1 month ago

why the fuck did they re-enable autoplay? it was a terrible idea when they did it years ago and they quickly disabled it.

[-] someguy3@lemmy.world 77 points 1 month ago

People are becoming even more tech illiterate.

[-] ImplyingImplications@lemmy.ca 82 points 1 month ago

It's honestly impressive how we went from "only nerds know tech" in gen x to "everyone knows tech" in millennials to "only nerds know tech" in gen z.

[-] ThePantser@lemmy.world 25 points 1 month ago

Circle of tech life? It means whatever the next gen is will be tech pros again or maybe amish

[-] SpaceNoodle@lemmy.world 7 points 1 month ago

That implies that boomers knew tech

[-] the_crotch@sh.itjust.works 4 points 1 month ago

Lots of boomers had really elaborate stereo systems

[-] ViscloReader@lemmy.world 3 points 1 month ago

They clearly knew and know tech seeing how things are now

load more comments (3 replies)
[-] SatyrSack@feddit.org 3 points 1 month ago

Technology is cyclical

[-] bappity@lemmy.world 26 points 1 month ago

on this point...

I heard from someone in my local area that it's getting to the point where people don't even know how to use a mouse and keyboard.

this is the iPad generation....

[-] SturgiesYrFase@lemmy.ml 25 points 1 month ago

There's been several articles in the past 10 years pointing out that kids going for IT and CompSci degrees in college/uni are often not aware of file structures. The thought is that they are so used to just saving something on a mobile device, and when they want to use/send/view it, the apps just comb the whole system and present files that fit the required extension formats.

[-] rtxn@lemmy.world 18 points 1 month ago* (last edited 1 month ago)

I recently had to rescue the SSD of a data science PhD student. While dumping the files, I noticed that he had a dozen copies of identically named large CSV files (I mean 20+ gigabytes each). I compared their checksums - they were copies of the same raw data file, just sitting there in the downloads folder. When I asked, he said he'd made several backups of the project. Including the data.

Unfortunately Windows somehow fucked up the partition table and took the "backups" with it.

[-] TheImpressiveX@lemmy.ml 17 points 1 month ago

He's just following the 3-2-1 backup strategy - at least three copies of the data, two on different formats (.csv and .xls) and at least one copy in a different location (saved in the "Backup" folder instead of the "Documents" folder).

[-] SturgiesYrFase@lemmy.ml 7 points 1 month ago

Ffs....what a nightmare!

[-] wizardbeard@lemmy.dbzer0.com 9 points 1 month ago

Was a Lab Assistant for the first Programming class for a Comp Sci degree, back in the very early 2010's. Helping some of the students get set up with the IDE was... special.

[-] NemoWuMing@lemmy.world 11 points 1 month ago

I just checked a freshly installed Windows 11 and the autoplay is off by default.

So to follow up on the point you are trying to make: People are illiterate because they react loudly without checking what they react about. It's enough for them to get a few online upvotes in a world where they don't matter otherwise.

[-] Artyom@lemm.ee 2 points 1 month ago

Including the Dev team at Microsoft I guess.

[-] NemoWuMing@lemmy.world 22 points 1 month ago

I just checked a freshly installed Windows 11 and the autoplay is off by default.

So to follow up on the value of your question: People react loudly without checking what they react about. It's enough for them to get a few online upvotes in a world where they don't matter otherwise.

[-] spankmonkey@lemmy.world 8 points 1 month ago

Because people in general want things to be 'easy' far more than they they care about security risks they don't understand. If they cared about security at all, they wouldn't be plugging random USB sticks into their computers in the first place.

[-] tomalley8342@lemmy.world 2 points 1 month ago* (last edited 1 month ago)

You are remembering that the executable features of autorun.inf is disabled, which is still true. Autoplay (if enabled) as it exists currently only applies for discovered media file types and makes your default configured media player responsible for handling them. It would not be possible to execute arbitrary tasks unless you had an ACE exploit for the installed media player.

load more comments (1 replies)
[-] JusticeForPorygon@lemmy.world 56 points 1 month ago

Uhhh... Shouldn't you just not plug random shit into your computer?

[-] Boozilla@lemmy.world 21 points 1 month ago

Think of it as a seatbelt. You don't plan on crashing your car, but shit happens. It's even possible a brand new USB drive from a "reputable" company could have something on it.

[-] Treczoks@lemmy.world 15 points 1 month ago

You forgot the lack of mental capacity in the average windows victim.

[-] Tujio@lemmy.world 11 points 1 month ago

It's surprising how many people will plug in a random USB drive that they find. Apparently that's how the CIA got the Stuxnet virus into Iran's system and nerfed their centrifuges back in the day.

[-] FartsWithAnAccent@fedia.io 5 points 1 month ago

[rubber duckies intensify]

[-] RustyNova@lemmy.world 4 points 1 month ago* (last edited 1 month ago)

Usb killer: you guys do things with the computer?

load more comments (1 replies)
[-] deadbeef79000@lemmy.nz 54 points 1 month ago

Why the fuck is the non execute setting, a principal safety feature, restricted to the pro and ent versions!?

Fuck you Microsoft.

[-] Boozilla@lemmy.world 7 points 1 month ago

There is also a registry hack for this but I have not looked into it or tested it. (And I agree with your sentiments re: Microsoft.)

[-] JTskulk@lemmy.world 6 points 1 month ago

Registry changes are too confusing for normal computer users. The year of the Windows desktop is a pipe dream held dearly by the utterly deranged.

[-] jws_shadotak@sh.itjust.works 51 points 1 month ago
[-] jet@hackertalks.com 49 points 1 month ago

It's even worse than that. If you plug a USB device into a computer, it can pretend to be a keyboard and mouse, and do malicious things that way.

Do not plug any random device into your hardware.

[-] OutlierBlue@lemmy.ca 28 points 1 month ago

Yep, plug it into your coworker's computer to test it first.

[-] yesman@lemmy.world 22 points 1 month ago

Some malicious USB drives have a capacitor that will discharge and fry your whole system. Unless you have an air-gap system that you don't care about, unknown USB drives should be disposed of.

Oh, and all this and more can be accomplished with a sneaky charging cable too. So you have to dial in your level of paranoia to suit your situation. The person most likely to tamper with your computer is a spouse. Search and chat histories as well as GPS devices are becoming common in divorce cases.

[-] ohellidk@sh.itjust.works 14 points 1 month ago

so one thing that has been driving me nuts is that windows is doing something to my external TB drive to where Ubuntu thinks its corrupt. (I have dual-boot) after googling it, windows sets the drive flag as a "dirty" NTFS system, and Linux no longer reads it afterwards. not sure if there's any solution to fix that, but I'll give these a shot.

[-] tomkatt@lemmy.world 5 points 1 month ago* (last edited 1 month ago)

You can use ntfsfix on the drive to do a check and remove dirty bit. This isn’t a full check though, and could mask or hide actual issues with the drive if it’s failing.

There’s also chkntfs which is more robust but I’m not sure if that’s open source and I’m not familiar with it.

Using ntfsfix is a good quick fix in my experience, but at the end of the day, NTFS is a Microsoft exclusive format and shared disks should be mounted in a format that both OSes can use, like exFAT, or Btrfs with the WinBtrfs driver (the latter I’m not familiar with, I’ve always used exFAT for shared disks, but I don’t use Windows anymore).

[-] symen@lemmy.world 1 points 1 month ago

Did you try to disable "Fast Startup" ?

By default, Windows does not do a real shutdown anymore. It closes the user session and hibernates, to speed up the following start up. As a consequence, the Windows partition (and EFI partition ?) are not properly unmounted.

[-] palordrolap@fedia.io 1 points 1 month ago

If you have Windows, it might be worth getting it to run Scandisk - or whatever the current equivalent is - on that drive.

That would at least give it less excuse to set problematic bits. In theory there'd be no harm doing this. In practice, well, make sure you have other copies of whatever is on that drive on the off-chance Windows constantly setting that bit is a sign of an underlying problem that Scandisk would make worse (or Windows/the disk decides to mangle files for some other reason.)

[-] hexagonwin@lemmy.sdf.org 11 points 1 month ago

wasn't autoplay here since like win98 or so though?

[-] dual_sport_dork@lemmy.world 12 points 1 month ago

95, and they disabled it circa Vista because it was obviously a stupid idea.

Ironically, this was originally only for drives that reported themselves as optical media (CD/DVD), but now modern versions of Windows actually won't autoplay an immutable commercially pressed CD, even if it has the correct autoplay.inf file on its root directory structure, but somehow it will autorun things on a flash drive which is a medium explicitly capable of being fucked with by a malicious actor.

Because that makes sense.

It does make sense from the perspective of "destroy the public's perception of 'unsafe' USB storage so that we can push them to use our 'safe' cloud storage (on our terms) instead".

[-] tomalley8342@lemmy.world 2 points 1 month ago

That seems to be the opposite of what the others are saying: https://en.wikipedia.org/wiki/Autorun.inf#Inf_handling

Windows 7, Windows 8, Windows 8.1, Windows 10

For all drive types, except DRIVE_CDROM, the only keys available in the [autorun] section are label and icon. Any other keys in this section will be ignored. Thus only CD and DVD media types can specify an AutoRun task or affect double-click and right-click behaviour.[9][10]

[-] dual_sport_dork@lemmy.world 4 points 1 month ago

Malicious actors are getting USB drives to autorun somehow. If they're not using built in Windows capabilities, they're engaging in shenanigans emulating HID inputs over USB or something.

All I know from personal experience is that modern Windows will not autorun a CD anymore, even though up until XP it would.

[-] JovialSodium@lemmy.sdf.org 8 points 1 month ago

An hour old post about Windows on the Fediverse and no one has said use Linux?

Use Linux.

...with usbguard installed and configured with a default-deny policy.

[-] SolOrion@sh.itjust.works 2 points 1 month ago

Personally, I'm using Win10 'til it doesn't get security updates anymore.

Then I'll give Linux a go.

load more comments (1 replies)
load more comments
view more: next ›
this post was submitted on 11 Oct 2024
177 points (94.0% liked)

You Should Know

33186 readers
64 users here now

YSK - for all the things that can make your life easier!

The rules for posting and commenting, besides the rules defined here for lemmy.world, are as follows:

Rules (interactive)


Rule 1- All posts must begin with YSK.

All posts must begin with YSK. If you're a Mastodon user, then include YSK after @youshouldknow. This is a community to share tips and tricks that will help you improve your life.



Rule 2- Your post body text must include the reason "Why" YSK:

**In your post's text body, you must include the reason "Why" YSK: It’s helpful for readability, and informs readers about the importance of the content. **



Rule 3- Do not seek mental, medical and professional help here.

Do not seek mental, medical and professional help here. Breaking this rule will not get you or your post removed, but it will put you at risk, and possibly in danger.



Rule 4- No self promotion or upvote-farming of any kind.

That's it.



Rule 5- No baiting or sealioning or promoting an agenda.

Posts and comments which, instead of being of an innocuous nature, are specifically intended (based on reports and in the opinion of our crack moderation team) to bait users into ideological wars on charged political topics will be removed and the authors warned - or banned - depending on severity.



Rule 6- Regarding non-YSK posts.

Provided it is about the community itself, you may post non-YSK posts using the [META] tag on your post title.



Rule 7- You can't harass or disturb other members.

If you harass or discriminate against any individual member, you will be removed.

If you are a member, sympathizer or a resemblant of a movement that is known to largely hate, mock, discriminate against, and/or want to take lives of a group of people and you were provably vocal about your hate, then you will be banned on sight.

For further explanation, clarification and feedback about this rule, you may follow this link.



Rule 8- All comments should try to stay relevant to their parent content.



Rule 9- Reposts from other platforms are not allowed.

Let everyone have their own content.



Rule 10- The majority of bots aren't allowed to participate here.

Unless included in our Whitelist for Bots, your bot will not be allowed to participate in this community. To have your bot whitelisted, please contact the moderators for a short review.



Partnered Communities:

You can view our partnered communities list by following this link. To partner with our community and be included, you are free to message the moderators or comment on a pinned post.

Community Moderation

For inquiry on becoming a moderator of this community, you may comment on the pinned post of the time, or simply shoot a message to the current moderators.

Credits

Our icon(masterpiece) was made by @clen15!

founded 1 year ago
MODERATORS