A Little Windows Change Makes A Big Difference

This week, a Microsoft blog post revealed that Windows 7 will disable AutoRun on all removable media except for optical drives such as CD and DVD. The motivation for this change is the growing category of malware that can spread via AutoRun, including the notorious Conficker virus.A flash card from a digital camera, a removable hard drive, or a USB thumb drive can easily act as the carrier for viruses. When the device is plugged into an infected system, the virus can put an AutoRun file onto the device with a deceptive icon and/or description. For example, the virus may label its malicious entry as "Open folder to view files" with a standard folder icon. When the device is plugged into an uninfected system, the user may be fooled into clicking the entry thinking it's the standard Windows entry for viewing files.

This "shared hardware" infection vector has been with PCs since the 1980s; back then, floppy disks played the role of unwashed hands. Booting off an infected floppy -- either intentionally or by accidentally leaving it in the drive after use -- could spread a virus across several PCs. By the late 1990s very few people were using floppies, and attackers gravitated to the easy infection avenue offered by the Internet. Unfortunately, the emergence of cheap flash memory and the AutoRun functionality has made removable media a target of opportunity again.

Microsoft is only making this change on Windows 7, but it's a best practice for earlier versions of Windows as well. I've been recommending it for years, not just because of malware concerns but because AutoRun and AutoPlay can be just plain annoying. Here's one example: With AutoPlay enabled I mount a backup file with Acronis TrueImage and Windows immediately starts scanning the entire backup so that it can offer me a list of things I can do with it (Add music to Windows Media Player, view thumbnails of images, and so on).

According to Microsoft's blog, this same change will eventually be rolled into Windows Vista and XP. There's no ned to wait, though; it's not hard to disable AutoRun and AutoPlay on any version of Windows. If you want to bring your current OS up to Windows 7 standards, you'll just have to do it yourself.