Windows 9x and Me lack serious multiuser abilities and have to resort to a friviolous separate screensaver password to protect from malicious users logging in after the legitimate user has idled for a set amount of time. WinNT/2K/XP log out the user instead of prompting the user for a password.
If Auto Insert Notification is enabled, as is by default, arbitrary code can be executed when a CD-ROM is inserted. Through using Autorun.inf's open parameter in the [autorun] section, a program to search and destroy any running screensavers, identified by containing .SCR in their executable filename, can be executed.
This is a well-known problem.
My version of the classic Windows 95, 98, and Me screensaver bypassing utility is available for download below. It is only 5K, compressed with UPX, as the screensaver process killing code is embedded within Autorun.inf itself as a DLL. Rundll32 happily executes the _ (for lack of a better name) function of Autorun.inf once Windows reads the Autorun instructions, which are hidden away in the MS-DOS stub. It could be considered an Autorun.inf/Win32 DLL polyglot.
Download Autorun.inf - burn this to the root of a CD-R(W) and pop it in a screensaver-password-protected box
Valid HTML 4.0?
Modified Sun Mar 25 08:48:47 2007
generated Sun Mar 25 08:56:33 2007