Decide what starts automatically on your PC

Stephen Tomkinson, of NCC Group PLC, recently presented research and a proof-of-concept demonstrating how just a Blu-ray disc can be used to compromise both PCs and internet-connected Blu-ray players.  The old advice to disable the auto-play function in Windows is new again, so take a moment and go to Control Panel – AutoPlay and either change the AutoPlay options to “Take no action,” or disable the feature completely.  From now on, view the unknown disc just as suspiciously as the unknown USB stick.

Read more from ArsTechnica here: http://arstechnica.com/security/2015/03/more-iot-insecurity-this-blu-ray-disc-pwns-pcs-and-dvd-players/

Talking about AutoPlay made me think of a recently released tool from Microsoft called Autoruns, found on the Windows Sysinternals website.  This powerful tool provides “the most comprehensive knowledge of auto-starting locations of any startup monitor . . .” There is also a command line version of the tool called Autorunsc.

When you launch the tool, you will see everything that is set to start automatically on your PC, all the drivers that get loaded, services running and much more.  The tool also allows you to disable the automatic loading or running of these objects, but remember that just like editing the Windows registry, you can put your computer in a bad state by misconfiguring these settings.

A description and directions for use are found on the TechNet webpage here:  https://technet.microsoft.com/en-us/sysinternals/bb963902.aspx

Lastly, you can make sure the programs that do run in Windows don’t use memory in an unsafe way.  To help accomplish this you can use Data Execution Protection (DEP).  The default setting only looks at essential Windows programs and services, but for those with a wish for tighter security, DEP can be enabled for all programs and services.  If you have BitLocker whole disk encryption turned on (which you should), make sure you have your recovery key written down or stored, and disable BitLocker before enabling DEP and rebooting.  Otherwise, DEP will detect a change and prevent winload.exe from running.

To read more about this feature and learn how to use it, check here: http://windows.microsoft.com/en-us/windows7/Change-Data-Execution-Prevention-settings?SignedIn=1

Disabling BitLocker: http://windows.microsoft.com/en-us/windows-vista/what-is-the-difference-between-disabling-bitlocker-drive-encryption-and-decrypting-the-volume

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s