Microsoft removes (most of) AutoRun!

Finally, Microsoft disables Windows’ AutoRun facility for USB devices.

With Tuesday’s update, Microsoft has removed the AutoRun feature (for USB devices anyway) from Windows. It’s about time. AutoRun has been a feature of Windows going back to Windows 95: you can insert a CD or CD-ROM, and Windows will play the music CD or execute the (setup, usually) program that it finds on the CD-ROM. This is convenient, but very insecure, because it removes control of what executes from the computer user. Bad guys have used the AutoRun feature to trick users into unknowingly installing malware.

To say that Microsoft has removed AutoRun isn’t accurate. It has disabled AutoRun for USB devices. AutoRun (unfortunately) is still enabled by default for CD-ROMs and DVDs. The update — KB971029 — is optional(!) Why? I guess that Microsoft finds it hard to admit that AutoPlay and AutoRun were bad ideas.

PC Magazine summarized what this means.

This is ironic, since Ubuntu (a very popular Linux distro) has recently been demonstrated to be vulnerable to attack due to its recent incorporation of AutoRun. Once again, we’re confronted with the tension between convenience and security.

Visit my website:

© Russ Bellew · Fort Lauderdale, Florida, USA · phone 954 873-4695

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s