YSK: Removable drives/thumb drives are potentially dangerous in Windows 11 - eviltoast

If you plug a USB drive into Microsoft Windows, in many cases it will try to do things “for you” with the drive. Not a great idea. There could be malware lurking on that USB drive.

There are a couple of things you can do to help mitigate the issue. These tips assume Windows 11.

Turn off Autoplay

  • Open Settings. Press Windows + I to open the Settings app.
  • Go to Bluetooth & devices. In the left sidebar, click on “Bluetooth & devices.”
  • Select Autoplay. Scroll down and click on “Autoplay.”
  • Turn Off Autoplay. You’ll see a toggle switch labeled “Use Autoplay for all media and devices.” Turn this off.

This will turn it off completely. You can, if you want, make individual settings for different types of devices.

Deny Execute Access (Pro or Enterprise versions of Windows 11)

  • Open Group Policy Editor. Press Windows + R, type gpedit.msc, and press Enter.
  • Navigate to the Removable Storage Access Policies. Go to Computer Configuration > Administrative Templates > System > Removable Storage Access.
  • Modify Policies. You can enable the policy “Removable Disks: Deny execute access” to prevent execution from removable drives.
  • Apply and Reboot.

Note, there are some cases where you may want to execute scripts or programs from a removable drive. If that’s the case, you may not want to do this, or make a note of it so you can re-enable if needed.

  • ohellidk@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    15
    arrow-down
    1
    ·
    2 months ago

    so one thing that has been driving me nuts is that windows is doing something to my external TB drive to where Ubuntu thinks its corrupt. (I have dual-boot) after googling it, windows sets the drive flag as a “dirty” NTFS system, and Linux no longer reads it afterwards. not sure if there’s any solution to fix that, but I’ll give these a shot.

    • tomkatt@lemmy.world
      link
      fedilink
      English
      arrow-up
      5
      ·
      edit-2
      2 months ago

      You can use ntfsfix on the drive to do a check and remove dirty bit. This isn’t a full check though, and could mask or hide actual issues with the drive if it’s failing.

      There’s also chkntfs which is more robust but I’m not sure if that’s open source and I’m not familiar with it.

      Using ntfsfix is a good quick fix in my experience, but at the end of the day, NTFS is a Microsoft exclusive format and shared disks should be mounted in a format that both OSes can use, like exFAT, or Btrfs with the WinBtrfs driver (the latter I’m not familiar with, I’ve always used exFAT for shared disks, but I don’t use Windows anymore).

    • palordrolap@fedia.io
      link
      fedilink
      arrow-up
      1
      ·
      2 months ago

      If you have Windows, it might be worth getting it to run Scandisk - or whatever the current equivalent is - on that drive.

      That would at least give it less excuse to set problematic bits. In theory there’d be no harm doing this. In practice, well, make sure you have other copies of whatever is on that drive on the off-chance Windows constantly setting that bit is a sign of an underlying problem that Scandisk would make worse (or Windows/the disk decides to mangle files for some other reason.)

    • Symen@lemmy.world
      link
      fedilink
      arrow-up
      1
      ·
      2 months ago

      Did you try to disable “Fast Startup” ?

      By default, Windows does not do a real shutdown anymore. It closes the user session and hibernates, to speed up the following start up. As a consequence, the Windows partition (and EFI partition ?) are not properly unmounted.