Redmond Reins in AutoRun, AutoPlay to Help Make Windows More Secure
Posted 05/01/09 at 07:04:35 PM by Mark Edward Soper

AutoRun and AutoPlay, Microsoft's "dangerous duo" for launching programs from CD/DVD and other removable media types, have become among malware authors' favorite infection vectors - and Microsoft has finally said, "enough already!"
A research study by Forefront Client Security cited by the Engineering Windows 7 blog determined that infections that can be started with AutoRun amounted to 17.7% of detected infections in the second half of 2008.
Although AutoRun was originally designed strictly for optical media, it can be used for other types of media. For example, you can create an autorun.inf file that adds the program on the media to the AutoPlay menu Windows displays, and change the default icon to make the malware program mimic a legitimate program. Conficker used this method to spread, as illustrated here.
Starting in Windows 7 RC, Microsoft has changed how both AutoRun and AutoPlay work:
- AutoPlay no longer supports AutoRun on non-optical removable media. An autorun.inf file on a USB or other type of non-optical removable media will be disregarded. Only AutoPlay options that pertain to the types of files on the media will be listed.
- When AutoPlay displays programs present on the media, the dialog now states that those programs will be run from the media.
Microsoft's Security Research and Defense blog provides sample dialogs and more details of how these changes work. The best news? Microsoft is planning to extend these security improvements to Windows Vista and XP users as well.
Are there any downsides? For a vigorous discussion of programs and devices that might not work after this change, see the comment thread at the Engineering Windows 7 blog. To start a MaximumPC-style discussion, you know what to do: click Comment and sound off!
regülatör hizmetlerini
Submitted by amacdizayn on Thu, 09/03/2009 - 3:37pm
regülatör hizmetlerini size kalitemizle sunuyoruz.
vaillant hizmetlerini size kalitemizle sunuyoruz.
kombi hizmetlerini size kalitemizle sunuyoruz.
modül basımı hizmetlerini size kalitemizle sunuyoruz.
thanks
Submitted by favori (not verified) on Mon, 06/15/2009 - 3:25am
www.favoriforum.net 2009 seo yarışması www.favoriforum.net 2009 seo yarışması www.favoriforum.net 2009 seo yarışması www.favoriforum.net 2009 seo yarışması www.favoriforum.net 2009 seo yarışması www.favoriforum.net 2009 seo yarışması www.favoriforum.net 2009 seo yarışması www.favoriforum.net 2009 seo yarışması
thanxx ilaçlama haşere
Submitted by seo (not verified) on Mon, 06/01/2009 - 2:43am
thanxx
ilaçlama haşere ilaçlama istanbul ilaçlama kene ilaçlama bit ilaçlama fare ilaçlama
pire | fare | güve | akrep | çiyan | seo | kene | ilaçlama
Thanks a ton virus making
Submitted by Shalbatana on Sat, 05/02/2009 - 8:38pm
Thanks a ton virus making jerkwads! Another [usually] great feature ruined by your handiwork.
_______________________________
"There's no time like the future."
One small step
Submitted by MeTo on Sat, 05/02/2009 - 5:31am
One small step in the right direction. Autoplay,Autorun was for lazy people and malware authors' favorite infection vectors. Nothing should Auto launch or install without giveing permision. IMHO
Linux Mint,AMD Athlon+ x2 5600,3 Gig ram,500 Gig HDD,ATI 1300 Video.
Custom Icon
Submitted by GrimResistance on Fri, 05/01/2009 - 11:23pm
Can you still assign a custom icon with autorun.inf? Or is there another way to do it?
Please tell me this won't
Submitted by yogurt80 on Fri, 05/01/2009 - 8:37pm
Please tell me this won't effect virtual drives? Like daemon Tools?
Even though this is a huge
Submitted by dgourd on Fri, 05/01/2009 - 6:04pm
Even though this is a huge bonus toward protecting ourselves from USB drives, you can still partition part of a USB drives into a CDFS format. I do it on my U3 device. This makes windows thinks the CDFS partition is an optical drive. Its not perfect, but it helps alot.
Thank you Microsoft!
Submitted by Looksback on Fri, 05/01/2009 - 5:02pm
Also, stop hiding file name extensions by default. Bad practice!
Feature
Review
Feature
Feature
Feature






