How do you stop Sony's rootkit at the office?

Companies are not helpless against Sony's rootkit; they can preemptively stop it in the first place with Active Directory Group Policy.

Some colleagues of mine were asking me how to stop CDs from auto-playing which allows something like Sony's rootkit to install on their computers.  The solution is actually quite simple and effective with Microsoft Active Directory Group Policy.  It's easy to disable auto-play from every single computer in the Enterprise globally with just a few tweaks in Group Policy and here's how you do it.  The same technique works for individual PCs as well.

Open up the "Active Directory Users and Computers" console.  Right click on the top of the Active Directory and click "Properties"

Jump to the "Group Policy" tab, highlight "Default Domain Policy", and then click "Edit".

Expand "Computer Configuration" as shown below and click on the "System" folder.  On the right hand pane, double click "Turn off Autoplay".  Note that home users can jump to this screen by typing "gpedit.msc" from their "Start-run" prompt.  If you're not sure what that means, it's probably not a good idea to mess with "gpedit.msc".

Choose "Enable" and select "All drives" to turn auto-play off for any device including CD and DVD drives and hit "Apply".

Close everything out and every computer on your domain is protected against auto-play and the Sony rootkit.  Any business or organization that is serious about security should do this immediately.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All