Protecting against malware
Microsoft, by trying to make make things 'simple' - meaning 'automatic', means hackers have found a very simple way to spread their Viruses, Trojans and Worms about on memory sticks by exploiting the way Windows looks at them when they are first plugged in.
These worms pretty much all reproduce the same way, they have an AUTORUN.INF file and an executable of some kind. When you put the stick in the PC, Windows finds AUTORUN.INF 'automagically' and executes the instructions it contains.
An infected AUTORUN.INF will either run the executable immediately, or modify the Windows Explorer default behaviour so that the worm will run as soon as you open the stick by double-clicking on it. The executable will make a copy of itself and AUTORUN.INF on all the disk partitions and shared drive connections which it can see, and then open the root folder normally. (This takes a fraction of a second, so you won't notice it.) The executable will then sit around in memory and every time you insert a removable storage volume (such as another memory stick) or map a network drive, it will copy the worm 'kit' to it.
Sometimes the executable will live in a fake \RECYCLED folder, which is quite clever because hardly anyone ever opens the recycle bin on a memory stick, and because the folder doesn't contain a real recycle bin structure, the worm will be safe, even if you empty the bin while the stick is in the drive.
FRDL defenceWhen FRDL recognizes a logger has been plugged in, the first thing it does is delete any AUTORUN.INF file it finds. It then creates a new folder called AUTORUN.INF. This should prevent most worms/viruses from creating a file of the same name, because when the worm sets out to create this file, it will probably use Windows file system methods which either delete, or truncate to zero any existing regular file with that name; but those methods don't work for folders.
This simple method should protect against most AUTORUN.INF attacks and means that any logger which has just been read by FRDL is not infected.
SolutionsWhatever happens, you should have some good anti-virus software running.
Holding down the shift key when you insert a logger or memory stick will prevent Auto-play from running.
You can find plenty of advice online which says "in Windows Explorer, right click drive, Properties, Autoplay tab, select an action and set to None.". You can also find just as much advice that this is not very reliable.
Microsoft has a free add-on called Tweak-UI which apparently is quite good, but it only stops Auto-play, not Auto-run which is an older version of the same thing.
A permanent SolutionThis is a permanent solution which will protect you against all attacks of this type from loggers and memory sticks and all other devices which are seen by Windows as 'removable media'.
By using this procedure, then once you have done it, if you insert a CD with software on it, you have to explore it manually to find the setup program, but CD audio, DVD Video Etc. will all still work as before.
All you do is:
This tells Windows to treat AUTORUN.INF as if it were a configuration file from a pre-Windows 95 application.
IniFileMapping is a key which tells Windows how to handle the .INI files which those applications typically used to store their configuration data. In this case it says "whenever you have to handle a file called AUTORUN.INF, don't use the values from the file. You'll find alternative values at HKEY_LOCAL_MACHINE\SOFTWARE\DoesNotExist." And since that key does not exist, it's as if AUTORUN.INF is completely empty, and so nothing autoruns, and nothing is added to the Explorer double-click action.