Published: Thursday 30th April, 2009 | Author: Parm Mann
Products: Windows Vista, Windows 7, Windows XP
Companies: Microsoft (All Microsoft content)
External reviews: Microsoft Windows Vista
External reviews: Microsoft Windows 7
printer friendly layout 
discuss in the forums 
email to a friendMicrosoft has revealed plans to improve security of its Windows operating systems by adjusting the AutoRun functionality first introduced in Windows 95 and later expanded via AutoPlay in Windows XP.
According to the software giant, malware such as the Conficker worm is known to utilise the AutoRun feature in an effort to mislead users into activating Trojan Horses. Despite the long-running availability of AutoRun, Microsoft states that a study from Forefront Client Security found 17.7 per cent of all malware infections in the second half of 2008 came as a result of AutoRun misuse.
As the largest single cause of malware infections, it's now working to rectify the apparent flaw. So, how will it go about it?
At present, users making use of removable media such as USB flash drives are presented with an AutoPlay menu that looks a little something like this:
Microsoft's problem, and indeed the user's, is that hidden malware can be easily disguised to trick users into running harmful applications. In the above example, the link highlighted in red would launch the program and potentially infect a system whilst the link highlighted in green would merely run a Windows task.
It's an easy method of misleading users, and Microsoft's solution is to cease to display the AutoRun task for every device other than removable optical media. Following the change - which is already implemented into the Release Candidate of Windows 7 - users will no longer be provided with an AutoRun option in the AutoPlay menu, as shown below.
Whilst an obvious and easy solution, it could create problems for flash media that legitimately utilises the AutoRun functionality. Microsoft states it is "working with ecosystem partners to help mitigate situations where this AutoRun change will have an impact on them". Meanwhile, optical media such as non-writable CDs and DVDs will continue to allow the option to AutoRun.
The change in functionality is expected to appear in next week's Windows 7 Release Candidate, and will be implemented into Windows XP and Windows Vista via future software updates.
Copyright © 1998 - 2009, HEXUS.net. All rights reserved. Terms, conditions and privacy information.
HEXUS® is a registered trademark of HEXUS Limited.
Which OS launch are you more excited by?
IE7 Search
Firefox 2 Search
HEXUS.community :: your right2reply
Using Autorun is a very basic attack vector. It's the sort of thing that is so glaringly obvious, that no-one actually thought about disabling it until now.Quote
Code:
---------
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]
""="@SYS:DoesNotExist"
---------
N.B. When messing around with AutoRun settings be careful not to disable 'Auto Insert Notification' as this prevents Windows from detecting when discs are inserted/ejected.Quote
But the autorun on Vista & Win7 are fine. They don't automatically launch the exe specified in autorun.ini. Instead they, pop up a message asking you if you want to launch it or not. A much better approach IMHO.Quote
Reply