AutoRun neutered in Windows 7

 

Gallery

Posted on 30 Apr 2009 at 11:52

Microsoft is taking the hatchet to aspects of AutoRun in Windows 7, as it reacts to new attacks by hackers.

Autoplay is the dialog box that pops up when you connect removable media, such as flash drives to your computer. Autorun options are those which appear in the dialog box allowing you to install a program or browse files.

Autorun is typically used to start an installation program running when you first insert a CD or DVD.

However, in recent times it has become the plaything of hackers, most prominently in the spread of the Conficker worm. Conficker spread through USB drives by creating an extra AutoRun option that when clicked would automatically install the malware.

During the latter half of 2008, Microsoft claims that AutoRun abusing malware accounted for 18% of infections, the biggest single malware category.

To stop this behaviour, Microsoft will modify Autoplay in the first Release Candidate of Windows 7 so that AutoRun options don't appear when most removable media is connected.

"Windows will no longer display the AutoRun task in the AutoPlay dialog for devices that are not removable optical media (CD/DVD) because there is no way to identify the origin of these entries," says Arik Cohen, a program manager on the Windows 7 team, on the Engineering Windows 7 blog.

"With these changes, if you insert a USB flash drive that has photos and has been infected by malware, you can be confident that the tasks displayed are all from software already on your computer."

Microsoft says it will also roll out the modifications across XP and Vista in due course, though no timeframe has been given.

Author: Stuart Turton