Microsoft Finally Turns Off AutoRun in Latest Windows Update.
1 view
Skip to first unread message
Abhishek Choubey
Feb 9, 2011, 2:37:34 PM2/9/11
to FOSS Community of NIT Jamshedpur
In addition to releasing a large number of security updates on
Tuesday, Microsoft released an important change to the behavior of
Windows XP and Windows Vista. Windows will not run or offer to run
programs automatically off of USB media, both flash keys and hard
disks.
This feature goes all the way back to Windows 95, which automatically
played music CDs and ran programs on CD-ROMs. This was called AutoPlay
and has evolved into a broader set of features AutoRun. The feature
has turned into a big security problem on USB media.
Malware programs these days typically search for USB-based storage and
write themselves to it. When the key or hard disk is inserted into a
new computer, the AutoRun menu offers to run the malware which is
disguised as something to entice the user.
This malicious use has become so common that Microsoft is disabling it
by default. Users who apply the update will still see an AutoRun menu
when they plug in a key, but it will not have any options for running
programs off of the device. This is the behavior that Windows 7 has
had from its release. Certain high-end, security-hardened USB keys
will still have the old behavior, as will CDs and DVDs.
The update is not labeled as a security update but it is rated
"Important," so users with the recommended settings for Windows Update
will have it installed automatically. If you want to re-enable the
feature, Microsoft has also created a Fix It to turn it back on.
Tuesday, Microsoft released an important change to the behavior of
Windows XP and Windows Vista. Windows will not run or offer to run
programs automatically off of USB media, both flash keys and hard
disks.
This feature goes all the way back to Windows 95, which automatically
played music CDs and ran programs on CD-ROMs. This was called AutoPlay
and has evolved into a broader set of features AutoRun. The feature
has turned into a big security problem on USB media.
Malware programs these days typically search for USB-based storage and
write themselves to it. When the key or hard disk is inserted into a
new computer, the AutoRun menu offers to run the malware which is
disguised as something to entice the user.
This malicious use has become so common that Microsoft is disabling it
by default. Users who apply the update will still see an AutoRun menu
when they plug in a key, but it will not have any options for running
programs off of the device. This is the behavior that Windows 7 has
had from its release. Certain high-end, security-hardened USB keys
will still have the old behavior, as will CDs and DVDs.
The update is not labeled as a security update but it is rated
"Important," so users with the recommended settings for Windows Update
will have it installed automatically. If you want to re-enable the
feature, Microsoft has also created a Fix It to turn it back on.
Reply all
Reply to author
Forward
0 new messages