Microsoft Finally Turns Off AutoRun in Vista, XP
The latest Patch Tuesday turned off AutoRun for Windows Vista and Windows XP.
In addition to the numerous security updates released on Patch Tuesday, Microsoft finally turned off AutoRun for Windows Vista and Windows XP. Now programs will not execute automatically when loaded from USB devices like external hard drives or flash drive sticks. This prevents disguised malware from automatically loading the AutoRun menu when the USB devices are attached. Unfortunately, this also affects legit programs stored on USB storage devices.
Holly Stewart of the Microsoft Malware Protection Center said that the top ten families of malware--including JS/Pornpop, Win32/Autorun and Win32/Taterf--all share one common trait: they abuse the AutoPlay feature of AutoRun. "Although AutoRun is not the only technique these families use (why be a one-trick pony when you can be a swiss army knife?), the statistics on the infection rate of these families by platform indicate that the abuse of AutoRun is more effective on older platforms, like Windows XP," Stewart said.
Originally AutoRun was called "AutoPlay" and designed as a convenience for end-users in Windows 95, allowing them to automatically install programs from a CD, DVD or USB stick after insertion. But as malware writers began to make use of the feature over the years, Microsoft made a few changes with the release of Windows 7, disabling AutoRun whenever the end-user inserts a USB storage device. Microsoft also offered the revised AutoRun as an optional download for the older operating systems. Now it's included in the Windows Update channel.
"We're marking this as an 'Important, non-security update,'" said Adam Shotack from the Microsoft Security Response Center. "It may seem a little odd to call this a 'non-security update,' especially since we're delivering it alongside our February bulletins. But at Microsoft we reserve the term 'Security Update" to mean "a broadly released fix for a product-specific security-related vulnerability.' And it would be odd to refer to AutoRun as a vulnerability."
Shotack said that now was the right time to bring the update to a wider audience. Users will still see the AutoRun menu when a USB storage device is inserted, but there will no longer be an option to run the program(s) from the device. CDs, DVD and USB drives with high-end security features will still AutoRun as before.
"We are aware that someone could write malware to take advantage of [shiny media], but we haven't seen it in the wild," he added. "We also think malware on shiny media would be less likely to have widespread impact, because people burn CDs less often than they insert USB drives."
Microsoft is aware that many Windows users might not like the disabled AutoRun, and is providing a Fix It that reverses the change, located here.
- Autorun ,
- autoPlay ,
- Malware ,
- USB-Storage ,
- Patch-Tuesday
- Acer Announces Nvidia-Based HDMI 3D Display
- IBM Builds 10 PFlops Supercomputer
- Intel May Show Ivy Bridge CPUs at Computex
- Intel Resumes Shipments of Faulty Cougar Point
- Blizzard-Themed Amusement Park in the Works?
- Engineers grow nanolasers on silicon
- Battlefield 3 PC will Be ''Lead Platform''
- TI Announces Quad-Core, 2 GHz Smartphone SoC
- Scythe's New Mine 2 HSF Has Eight Heatpipes
- HP TouchPad: A Reinvented Palm Foleo
- MSI Launches AMD-Based Online Competition
- Hot Apps of 2011, Week 6
- HP's webOS Coming to PC
- BioWare: World of Warcraft Set MMO Standards
- Zotac's New GTX 560 Ti Clocks @ 950 MHz
- IBM and Samsung In Huge Patent Deal
- Deals for February 10: 1TB Seagate External $80
- MeeGo Drops Netbooks
I wouldn't call that a solution,I want autoplay back
Autoplay's pissed me off more times than it's been a good feature. This is a step in the right direction in my opinion. The menu that comes up is perfectly adequate.
Nice one. I've been disabling autorun via local GPO for years.