 | By Woody Leonhard By disabling AutoRun and changing the wording of the top entry in the AutoPlay dialog, Microsoft has made the forthcoming Windows 7 more secure without significantly inconveniencing Windows customers. The company also promises to make similar security changes in AutoRun and AutoPlay available for XP and Vista users, although it hasn’t yet said when this will happen. |
The problems with how AutoRun and AutoPlay work
The Conficker worm, which was widely hyped in the last couple of months, illustrated a huge security hole in Windows’ AutoRun and AutoPlay functions. In a nutshell, AutoRun automatically executes instructions it finds when a removable drive is inserted, and AutoPlay automatically plays audio and video files. Either function can silently install malware if an infected disc or USB drive is used.
One major problem involved a small text file known as autorun.inf. WS contributing editor Susan Bradley’s March 5 Top Story explained some steps Microsoft has taken to mitigate the security threat. She also explained why the official fix fails to completely protect Windows systems. (The patch finally makes it possible for Windows users to easily disable AutoRun — not just appear to have turned it off — but the patch doesn’t actually disable anything.)
Last month, Microsoft announced on its Security Response Center blog that the company had decided to disable AutoRun in Windows 7. Microsoft has also changed the way AutoPlay works. The details, as provided on the Engineering Windows 7 blog, are a bit difficult to follow, but here’s how things stand right now:
As I explained in my Jan. 22 Top Story, a few well-written lines in an autorun.inf file on a USB drive, CD, or DVD can trick just about anyone into running a hacker’s program. Such a custom-made autorun.inf file causes Windows to display an option titled Open folder to view files at the top of the AutoPlay menu. (See Figure 1.) In reality, if you click this option, the hacker’s program will silently install rather than simply running a file viewer. It’s easy for users to overlook the fact that this option is located in the dialog box’s Install or run program section.
Related posts:
