Windows 7 Eliminates AutoRun/AutoPlay Security Hole

By  |  Tuesday, April 28, 2009 at 2:47 pm

It seems unlikely that Microsoft has any major news involving Windows 7 features up its sleeve, but interesting tidbits are still coming out. The latest is today’s news that it’s eliminating the venerable AutoRun feature for USB drives. A blog post at the company’s Engineering Windows 7 blog explains that the Conficker worm  used AutoRun (which identifies programs on a removable device and lets users choose to have them run automatically) and AutoPlay (which notices that you’ve inserted a removable storage device and provides a menu of tasks to choose from) to provide an AutoPlay item that looks like it’ll open up a folder but which actually launches Conficker. Windows 7 won’t display AutoRun items in this menu, and Microsoft says it’ll update Windows Vista and Windows XP to behave the same way. Conficker may be devious, but the security hole was pretty gaping all along; it’s surprising that it took this long for it to be publicized and for Microsoft to seal it up.

AutoPlay will still display AutoRun items on CDs and DVDs–which are presumably far less likely to carry worms than USB drives–but Microsoft is tweaking the message you get to make it clearer that launching an AutoRun item involves running a program from an external device.

Side note: Microsoft’s Security Research and Defense Blog also has an item on the change, in which it says that “AutoPlay will no longer support the AutoRun functionality for non removable optical media” This momentarily confused me–it brought to mind visions of a DVD drive with a single disc sealed up inside the computer–but I’m reasonably sure that it’s a typo and that the poster meant to say “non-optical removable media.”

 
6 Comments


Read more: , ,

0 Comments For This Post

6 Trackbacks For This Post

  1. Windows 7 Eliminates AutoRun/AutoPlay Security Hole « 天下 THe World Says:

    [...] By Harry McCracken | Posted at 2:47 pm on Tuesday, April 28, 2009 It seems unlikely that Microsoft has any major news involving Windows 7 features up its … See all stories on this topic [...]

  2. Windows 7 Blog » Blog Archive » Windows 7 Eliminates AutoRun/AutoPlay Security Hole Says:

    [...] Originally posted here:  Windows 7 Eliminates AutoRun/AutoPlay Security Hole [...]

  3. Windows 7 Eliminates AutoRun/AutoPlay Security Hole | Windows Seven 7 Says:

    [...] Windows 7 Changes Feature to Fight Malware eWeekall 4 news articles Originally posted here:  Windows 7 Eliminates AutoRun/AutoPlay Security Hole Share and [...]

  4. Computers ! » Windows 7 Eliminates AutoRun/AutoPlay Security Hole Says:

    [...] posted here:  Windows 7 Eliminates AutoRun/AutoPlay Security Hole Permalink [...]

  5. WindowsObserver.com » Windows Vista Google Alerts for 29 April 2009 Says:

    [...] Windows 7 Eliminates AutoRun/AutoPlay Security Hole Technologizer – Daly City,CA,USA Windows 7 won’t display AutoRun items in this menu, and Microsoft says it’ll update Windows Vista and Windows XP to behave the same way. … See all stories on this topic [...]

  6. Linkpost | 4.29.2009 Says:

    [...] Windows 7 Eliminates AutoRun/AutoPlay Security Hole – You won’t be able to auto-run programs from a USB drive, which is one way that Conficker [...]