Microsoft purges AutoRun from older Windows
Still (woefully) incomplete
Regcast training : Hyper-V 3.0, VM high availability and disaster recovery
Microsoft has finally removed a function from earlier versions of its Windows operating system that has been widely abused by miscreants to surreptitiously install malware on users' computers.
The feature, known as AutoRun, allows Windows machines to automatically execute certain programs - such as media players or installers - as soon as CDs, flash drive,s and other types of media are connected. While that saves users the hassle of having to open a folder and doubleclick on a file, it also makes it easy for criminals to spread malicious payloads.
On Friday, Microsoft announced the availability of updates to the XP, Server 2003, Vista and Server 2008 versions of Windows that removes the AutoRun popup window when some types of removable media is connected. The change doesn't affect optical media such as CDs and DVDs, a shortcoming we'll get to in a moment.
The company made similar changes in April when it introduced Release Candidate 1 of Windows 7. Microsoft said at the time the move was designed to thwart the spread of worms such as Conficker, which has proved especially adept at self-replicating by exploiting the weakness.
As we pointed out then, the move is a step in the right direction, but it doesn't go far enough. That's because certain types of removable drives - those made by U3, for instance - run firmware that advertises the device to Windows as a CD. Such drives will continue to automatically execute the AutoRun routine as soon as they're plugged in.
The new updates are available here. But as we've said before, given the large number of devices that are unaffected by this change, we'll continue to disable AutoRun altogether. ®
COMMENTS
@tuna 1
After reading Olli Mannisto's post, I realize I may have mis-spoke. It was a while ago, so I don't really remember, but I do vaguely recall thanks to Olli's post. I think my issue was not really an issue, but more of an incredible annoyance. I think it was that disabling the shell hardware detection service prevented Windows from automatically executing autorun.inf upon insertion, but Windows still executed it when I double-clicked the drive in My Computer, Explorer, etc (whereas the NoDriveType and HonorAutorunSetting registry entries in KB967715 stopped execution in both instances). I'm nearly positive that's what my issue was. Sorry for the confusion.
@How Simple Can It Be???
And some people like to say that Linux is hard...
Oh, yeah, and the hiding of the extensions by default is pure evil too.
Users unwilling to learn
It's switch off on my Wife's computer. She is an unwilling novice, and a bit of a luddite as well. She does not remember what I tell her about computers from one day to the next, mainly because she just doesn't care.
All I hear from her is "I've put my CD in the drive, and it's not working" when she puts one of her craft CD's in the system.
God knows how many times I've told her, but the instructions on the CD cover tell her that it will autorun, and she trusts that more than she trusts me. It's driving me crazy.
This type of software is written for people who will never care about how computers work, and uses every trick in the book (and some daft ones as well) to try to make sure that the computer is just an applience. I can't even install the software on the hard disk, because the STUPID and SIMPLISTIC copy protection system KNOWS that it will ALWAYS run from drive D, and has hard coded-paths scattered throughout the software. Of course, nobody partitions their hard disks, do they!
Aaaaaaaaargh!!!!!
IT infrastructure monitoring strategies
Agentless Backup is Not a Myth
Top 10 SIEM implementer’s checklist
Steps to Take Before Choosing a Business Continuity Partner
Requirements Checklist for Choosing a Cloud Backup and Recovery Service Provider
