Disable USB autorun to protect personal and confidential information from viruses

Dec 21, 2009
>>

Lately, viruses that spread infection by exploiting the USB autorun feature are becoming highly noticeable. The autorun feature is a Windows functionality that enables to automatically open a file stored in a USB memory stick when it is inserted into a computer.

According to the Study on Information Security Incidents in Japan 2008, the percentage of virus infection among all the incidents was 15.8% in 2008, increase from 12.4% in 2007, and a USB autorun virus W32/Autorun seems to account for the increase. W32/Autorun is the most infected virus in Japan in 2008, making up 39.5% of the total.

One of the solutions to protect computers from USB autorun viruses is to disable the USB autorun feature. Nevertheless, the measure has not been widely implemented. According to the Attitude Study on Information Security Threats 2009,BCABA, the percentage of responders who answered yes to “Disabled the USB autorun feature to prevent viruses from automatically being executed” was 15.1%, whereas “No measures taken” gained 38.4%.

IPA recommends PC users disable the USB autorun feature but IPA is also aware that the measures, such as how to disable the feature or see if it is disabled or not,1Y0-300J, may look a little confusing to general users.

In response, IPA developed MyJVN Security Configuration Checker, a free, easy-to-use tool to assess Windows security settings, including the USB autorun feature, available at (in Japanese).

The tool checks the security settings listed in Table1 and users can easily check (1) whether the USB autorun feature is being disabled or not and (2) whether the security patch that disables the USB autorun feature has been applied or not,642-975.

Table 1. MyJVN Security Configuration Checker

Figure 1 is a screenshot of MyJVN Security Configuration Checker. With just a few clicks, it enables users to check the current settings and access the web page that shows how to change the settings.

Figure 1. MyJVN Security Configuration Checker

In addition to the USB autorun feature, more check items, such as the minimum password length, password expiration period and automatic turn-on of screensaver, are to be added to MyJVN Security Configuration Checker in the future.

IPA encourages PC users to utilize this tool to protect themselves and their company/organization. Just as the use of OVAL in MyJVN Security Configuration Checker, IPA will keep working on developing and promoting an infrastructure supportive of automatic implementation of vulnerability countermeasures to improve computer users’ convenience.

Table 2 shows the operational requirements of MyJVN Security Configuration Checker.

Table 2. MyJVN Security Configuration Checker Operational Requirements

Footnote

(*1)The Study on Information Security Incidents in Japan 2008
(in Japanese)

(*2)The Attitude Study on Information Security Threats 2009, 4-5-3-1, Security on USB Memory Sticks
(in Japanese)

(*3)New Year Holidays Security Alert
(in Japanese)

(*4)A collective term of tools and services that support the better use of JVN iPedia ( http://jvndb.jvn.jp/en ), a vulnerability countermeasure information data base hosted by IPA. MyJVN Version Checker has been also offered since November 30, 2009.

(*5)The security patch that disables the USB autorun feature comes as KB971029. By applying KB971029, other autorun features besides USB autorun are also disabled. For more information, refer to the AutoPlay functionality in Windows.

(*6)Scheduled for 2010 spring or later.

(*7)Open Vulnerability and Assessment Language. OVAL is one of the elements that constitute SCAP (Security Content Automation Protocol), which allows the automation and standardization of technical approaches in the field of information security promoted by the U.S. government.

(*8)As of December 21, 2009, the check items for Windows Vista is “(1) whether the USB autorun feature is being disabled or not” only.

Reference

Contact