AutoRun and AutoPlay, Microsoft's "dangerous duo" for launching programs from CD/DVD and other removable media types, have become among malware authors' favorite infection vectors - and Microsoft has finally said, "enough already!"
A research study by Forefront Client Security cited by the Engineering Windows 7 blog determined that infections that can be started with AutoRun amounted to 17.7% of detected infections in the second half of 2008.
Although AutoRun was originally designed strictly for optical media, it can be used for other types of media. For example, you can create an autorun.inf file that adds the program on the media to the AutoPlay menu Windows displays, and change the default icon to make the malware program mimic a legitimate program. Conficker used this method to spread, as illustrated here .
Starting in Windows 7 RC, Microsoft has changed how both AutoRun and AutoPlay work:
Microsoft's Security Research and Defense blog provides sample dialogs and more details of how these changes work. The best news? Microsoft is planning to extend these security improvements to Windows Vista and XP users as well.
Are there any downsides? For a vigorous discussion of programs and devices that might not work after this change, see the comment thread at the Engineering Windows 7 blog. To start a MaximumPC -style discussion, you know what to do: click Comment and sound off!