Feeds

Malware abusing Windows Autorun plummets

You'll never guess why

Next gen security for virtualised datacentres

Microsoft saw a sharp drop in malware infections that exploit a widely abused Windows Autorun feature almost immediately after it was automatically disabled in earlier versions of the operating system.

As measured by Microsoft's various antimalware programs, Windows XP and Vista suffered 1.3 million fewer infections in the three months following February's retirement of Autorun compared with the three month preceding the change. By last month, attacks hitting Vista machines plummeted 74 percent and fell by 59 percent for those running XP.

Entire families of malware – including Conficker, Taterf, and Rimecud – owe much of their prominence to Autorun, which was designed to make life easier for users by executing code embedded on thumb drives when they were attached to a computer without first prompting the user. Worms and trojans have been abusing the feature for more than a decade to propagate malicious payloads each time an infected drive was inserted.

Microsoft finally killed much of Autorun in Windows 7, but users who wanted to disable the feature in earlier Windows OSes had to make manual changes to their system registry or install a hot fix on Microsoft's website. All of that changed in February, when the company's security team finally began pushing out an automatic update that made the change the default behavior in all supported versions of Windows.

As of last month, Microsoft saw a little more than 400,000 infections by malware that abused the feature, down from a peak of about 1.8 million in June 2010, as shown in the chart below, which Microsoft provided on Tuesday. Almost immediately after the update was released, Microsoft saw a similarly drop in infection attempts, although it wasn't quite as precipitous.

Chart showing infections targeting autorun

Source: Microsoft

What took so long?

The data raises the obvious question: If automatically retiring Autorun reaped such clear benefits, why didn't Microsoft do it years ago?

“There was a lot of work in the industry to get people moved over to new technology built into Windows, and we felt that we had finally got to that point where the industry was in agreement with us that it was time to push it out to everybody,” Jerry Bryant, group manager in Microsoft's Response Communications, told The Reg.

The delay demonstrates one of the challenges that comes when a company commands a market share as massive as Microsoft's Windows. Changes that clearly benefit users have to be weighed against the inconvenience of hardware and software partners, whose embrace is part of the reason Windows is as widely used as it is.

Even now, Autorun hasn't been completely disabled. Windows will dutifully execute code embedded into CDs and DVDs that are inserted into computers. To date, malware criminals have shown little interest in exploiting the weakness, but its survival is a reminder of the tradeoffs that come from keeping users secure. ®

The essential guide to IT transformation

More from The Register

next story
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
Chinese hackers spied on investigators of Flight MH370 - report
Classified data on flight's disappearance pinched
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
Think crypto hides you from spooks on Facebook? THINK AGAIN
Traffic fingerprints reveal all, say boffins
prev story

Whitepapers

A new approach to endpoint data protection
What is the best way to ensure comprehensive visibility, management, and control of information on both company-owned and employee-owned devices?
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Maximize storage efficiency across the enterprise
The HP StoreOnce backup solution offers highly flexible, centrally managed, and highly efficient data protection for any enterprise.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.