Technet article 91525 describes a registry key that can be set to disable the Autorun feature in Windows operating systems.
The registry key is NoDriveTypeAutoRun, which can be found at HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer
This key disables the Autoplay feature on all drives of the type specified. Autoplay begins reading from a drive as soon as media is inserted in the drive. As a result, the setup file of programs and the sound on audio media starts immediately.
Unfortunately, this key did not produce the desired result of disabling the Double Click and Contextual Menu features. Microsoft just released KB 953252, which describes how to obtain updates that correct these broken registry key settings in the following Windows Operating Systems:
Windows XP Service Pack 2
Windows Server 2003 Service Pack 1 and 2
Note: Windows Server 2008 is not affected.
The main purpose of Autorun is to provide a software response to hardware actions that you start on a computer. Autorun has the following features:
• Double Click
• Contextual Menu
These features are typically called from removable media or from network shares. During AutoPlay, the Autorun.inf file from the media is parsed. This file specifies which commands the system runs. Many companies use this functionality to start their installers.
Please see KB 952252 for security updates to each applicable operating system to disable autorun capabilities. This KB also describes Group Policy settings to disable all Autorun features, plus instructions on selectively disabling specific Autorun features.
If you’re still not sure why you’d want to disable Autorun, check out Scott’s article on Autorun attacks.