UC Berkeley security policy mandates compliance with Minimum Security Standard for Electronic Information for devices handling covered data. The recommendations below are provided as optional guidance to meet malware defenses requirement.
Resource Custodians must configure covered systems to not auto-run content from removable or remotely-mounted media.
Malicious software allows attackers direct access to covered data and provides attackers the means to access covered data.
Autorun configuration was intended to provide users with convenience of automatic software response to known media devices such as CDs, external hard disks, etc. However, malicious software has been known to exploit this convenience feature to install malware and conduct unauthorized activities on misconfigured devices.
To mitigate the risks of running malware that exploits the autorun configuration, follow instructions from operating system vendor (Microsoft Windows) to disable autorun on both removable and remotely-mounted media. This requirement does not apply to Mac or Linux devices.
- Microsoft Windows instructions to disable autorun,