Microsoft to disable AutoRun on writeable devices
The first option under "Install or run program" on the left would run a malware app. However, with AutoRun disabled, only the genuine option for opening a folder is shown.
According to Microsoft, the decision was made as a result of disturbing figures from its latest Security Intelligence Report, which revealed that 17.7 percent of malware infections in the second half of 2008 came from AutoRun. Microsoft says that this makes it “the largest single category of malware infections,” and says that it’s also seen a further increase in the number of infections via AutoRun since the start of 2009.
Microsoft says that malicious software, such as the Conficker worm, can currently abuse “the current default AutoRun settings to propagate through removable media like USB devices.” As such, Microsoft says that “it makes sense to adjust the balance between security and usability around removable media.”
However, the company claims that it’s “tried to be very measured in this adjustment to maximise both customer convenience and protection.” Basically, when you plug in a writeable device, such as a USB thumb drive or external hard drive , you’ll now just be given the general AutoPlay menu, which allows you to open files, but you won’t be able to automatically run an executable on the device from the AutoPlay menu.
You can see this in the example pictured above, where the first option under AutoRun in the picture on the left would run a malware app, while giving an average user the impression that they were just opening a folder. With AutoRun disabled on the device, only the genuine option for opening a folder is shown, shutting the malware’s obvious entrance to your system.
Microsoft also points out that non-writable media, such as standard DVD-ROMs and CD-ROMs, will not be affected by the changes, so AutoRun will still work as before on these types of media. “Since non-writeable media such as CD-ROMs generally aren’t avenues for malicious software propagation (because they’re not writeable),” says Microsoft, “we felt it made sense to keep the current behavior around AutoPlay for these devices and make this change only for generic mass storage class devices.”
Microsoft says that the new changes have been made in the Release Candidate build of Windows 7, and also says that it’s planning to bring the changes to Windows Vista and XP in a future update too. Will you miss the AutoRun feature on writable devices, or is this a sensible move to cut down malware infecftions? Let us know your thoughts in the forums.
Via Slashdot.
Previous Article
16 Comments
Discuss in the forums Replypossible. but the secure doohickery may well be on a small bit of onboard ROM, which could still autoplay. i'm only speculating here. if that's how it's not done now, it's how it will need to be done in THE FUTURE.
I have never liked the autorun feature. I pretty much always set it to open the folder for USB drives and I disable it for my CD-ROMs.
denial.. the truth is the botnet is huge.. I dunno how they can stop it because alot of people with computers don't know how they actually work- they know how to get on facebook though.. autorun is a big deal in this area- it's like a easy way into a choobies rig..
I gotta tell this story cause it's just too funny and it relates directly to this.. I used to trojan alot of the games I handed out- this was back in the late 90's.. so anyways I traded this one guy who used to talk mad smack about how he was a hack and how he was learning java rofl reality check.. he didn't know much
I silkroped a trojan onto one of the games I gave him.. anyways got all his passwords online- the irc used to be blowing up with ips as it spread around.. well one day got bored and (since I knew this guy thought it'd be funny).. so I made his machine call him a black midget and all this other stuff about him violating microsoft codes rofl- omg he just froze then shutdown
well turns out wasn't so funny.. see in his world, a computer was a physical thing- he thought someone had hacked him and so he took his computer apart and took out the chip (I think he thought that would get rid of it) and put it back in.. the computer was fubared after that- that little prank cost him 500 dollars :D I mean I felt really bad about it for quite awhile and he was out to kick my ass after that- used to run into buddies of mine at this computer show what would come into town every month, they'd tell me he was lookin for me..
this guy, serious wouldn't put it past him, would have probably shot me.. I stopped with the antics after that.. but it was all because of windows- I mean what mental midget thought that would be a good idea- stick in a cd and whatever it says in the ini runs without permission.. oh yeah let's set that by default while were at it!
good they are getting rid of this.. if they would maybe make a 'wizard' that explained how file systems work- instead of trying to dumb everything down it'd go a long way imo
still, it's about time!
who care about security programmed USB sticks, they should be able to execute it manually, as TreeDude said. and hopefully this will also break those annoying U3 programs that gets attached to USB devices.
all we want is a storage device! if we wanted portable applications, we'd boot Live session off the USB drive for maximum security and native programs.
I dont use autorun also. I want to put a CD/DVD/USB in to the PC and have it do NOTHING. Then when im ready ill tell it what to do.
if it does, they were already broken. you've been able to manually disable autorun since forever ago.
either way, it will keep us busy