The Autorun virus is known for making use of Windows' Autorun function in order to trigger the execution of malicious programs stored on removable drives, which could ultimately lead to private. 4) Now save and name the file: Autorun.inf 5) Add this file to the root of the USB Flash Drive, with the file you want to AutoRun (and any other data). This AutoRun method works with products supplied by Flashbay.com however may not work with products purchased elsewhere.
Have there been any cases of Macs getting infected through a USB stick without a user running anything deliberately? Yes, I do know viruses are not that much of a thing in the world of OS X, but I'd like to just figure out if there is any possibility of something like that happen.
![Usb Usb](https://img.gadgethacks.com/img/51/27/63537476866438/0/create-bootable-install-usb-drive-mac-os-x-10-10-yosemite.w1456.jpg)
![Usb Autorun For Mac Usb Autorun For Mac](/uploads/1/2/5/6/125647893/706080256.jpg)
Windows is mostly vulnerable because of the silly autorun feature, so the question basically is - does OS X run anything on the insertion of a USB stick? I have a USB stick which has been in many badly infected Windows machines and somehow I feel concerned inserting it into my Mac, so I thought I'd ask this. I'm not aware of anything in (modern) OSX that will autorun content from a USBs. The closest option to do something like this is available in System Preferences CDs & DVDs where picture/music/video discs can be set to autostart with specific apps. Another similar autostart option is available in Safari Preferences General Open 'safe' files after download. Also note that Windows viruses (just like Windows apps) will not run on OSX, so your main worry is limited to mac viruses, which are fairly rare.
Most mac viruses are actually trojans/malware (e.g. Fake Flash updates / MacKeeper) that require a manual install i.e. They can't install themselves.
Edit: take note of D4r1s post as well when dealing with unknown USB devices. Thanks for the comprehensive reply. Windows viruses (just like Windows apps) will not run on OSX Of course I understand this, however there must be a possibility that a Windows virus might write an OS X executable on the disk. Most mac viruses are actually trojans/malware.
i.e. They can't install themselves Yeah, I get it. However, if something gets to automatically run on a UNIX-based system, it can be still very malicious (off the top of my head: 'rm -rf ' wouldn't require any password input but you can imagine how it would mess your machine up). Windows viruses (just like Windows apps) will not run on OSX Of course I understand this, however there must be a possibility that a Windows virus might write an OS X executable on the disk. There are plenty of ways to get files with possible bad content onto the mac, either by social engineering e.g.
By tricking the user to download stuff, via mail attachments from compromised email clients/servers or by simply copying it from a disc/USB stick. Getting a file onto the mac is only half the battle, as a user will have to run the app / open the file for anything to happen. There are also things like especially crafted images/documents that are designed to use buffer overruns to insert code into running apps. I've got the impression that Apple is pretty good at fixing these for OSX and Apple apps.
Other common non-Apple software could possibly pose an issue. Some apps like MS Office have historically had issues with macro viruses. Some apps like Office can embed scripts in their files that will be run by the Office, which could have bad results if the script is malicious or badly written. There are also useful apps that have malware installers (Filezilla comes to mind).
Installers will sometimes need to install files at system locations, which requires an admin password. A 'bad' installer may request the same to replace/modify system files, something which SIP (System Integrity Protection) in OS X 10.11 partly protects against. Most mac viruses are actually trojans/malware.
i.e. They can't install themselves Yeah, I get it. However, if something gets to automatically run on a UNIX-based system, it can be still very malicious (off the top of my head: 'rm -rf ' wouldn't require any password input but you can imagine how it would mess your machine up). Bad things can indeed occur without the user entering passwords, but they will typically only occur due to some kind of user action (open file, start app, run installer, typ 'rm -rf ' in Terminal) that may in turn result in bad things happening.