April 28th, 2009
Windows AutoRun gets a makeover to combat malware
In direct response to Conficker and an increased wave of malware attacks targeting the dangerous Windows AutoRun mechanism, Microsoft today announced significant changes to the way the operating system operates when USB drives are used.
[ Roel Schouwenberg: Is there no end to the AutoRun madness? ]
The changes, detailed on Redmond’s Security Research & Defense blog, have been built into Windows 7 will be back-ported to Windows Vista and Windows XP in the near future.
Here’s a breakdown of the changes in Windows 7:
- AutoPlay will no longer support the AutoRun functionality for non optical removable media. In other words, AutoPlay will still work for CD/DVDs but it will no longer work for USB drives. For example, if an infected USB drive is inserted on a machine then the AutoRun task will not be displayed. This will block the increasing social engineer threat highlighted in the SIR. The dialogs below highlight the difference that users will see after this change. Before the change, the malware is leveraging AutoRun to confuse the user. After the change, AutoRun will no longer work, so the AutoPlay options are safe.
- A dialog change was done to clarify that the program being executed is running from external media.
There are images on the SR&D blog explaining the changes.
ALSO SEE:
- Under worm attack, US Army bans USB drives ]
- US-CERT warning: Windows does not disable AutoRun properly
Ryan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.
For daily updates on Ryan's activities, follow him on Twitter.
Subscribe to Zero Day via Email alerts or RSS.
