tag:blogger.com,1999:blog-970736710331308901.post6150411247547922319..comments2023-09-12T15:14:03.392+01:00Comments on Application Management in the 21st Century: INIFiles - Getting those legacy files into orderGreg Lamberthttp://www.blogger.com/profile/07983481321915505115noreply@blogger.comBlogger1125tag:blogger.com,1999:blog-970736710331308901.post-11181965726652748782009-01-28T10:25:00.000+00:002009-01-28T10:25:00.000+00:00I'm looking for a forgotten article that detailed ...I'm looking for a forgotten article that detailed how to treat Autorun.inf as a "legacy .INI file" and thus redirect it to hell, as a way of killing Autorun.inf risks. <BR/><BR/>Is this the same topic?<BR/><BR/>I know about other ways of handling Autorun.inf risks, but AFAIK all have their weaknesses...<BR/><BR/>1) AutoRun = 0<BR/><BR/>Merely defers execution until the user browses the malware'd location via the shell, thus as useless as the old Win95 "disable Insert Notification" setting.<BR/><BR/>2) NoDriveTypeAutoRun<BR/><BR/>Not respected by unpatched Vista, DF misses U3 and other devices that spoof optical drives, and is prone to being changed by software "so that the disk works when inserted" (games, etc.)<BR/><BR/>3) NoDriveAutoRun<BR/><BR/>Useful when combined with (2), but relies on consistent lettering if you want to preserve Autorun for the optical drive. Thus fails when removable optical drive is not plugged in, and a USB stick is.Chris Quirkehttps://www.blogger.com/profile/05538828571660803875noreply@blogger.com