Microsoft's Drops The Curtain On AutoPlay

Born during The Age of Auto Everything, the Windows AutoPlay functionality was anything but a home run. So Microsoft finally lays it to rest.

Dave Methvin, Contributor

February 22, 2011

2 Min Read
InformationWeek logo in a gray background | InformationWeek

The most annoying part about AutoPlay V2, as it's called, is that can take Windows a while to scan the removable media for files and decide what to do. But it's also a potential security risk if you've told Windows to take automatic action based on the content type. For example, someone could create a corrupted music file that exploited a vulnerability in Windows Media Player, and it would run without the user having to approve running the file. So this provides another way to automatically run malicious code even when basic AutoRun is not being used.

AutoRun functionality has been abused in the past, which has led to Microsoft's decision to disable it. The most notorious example was the Sony Rootkit of 2005. In an attempt to keep the music-copying genie in the bottle, Sony issued audio CDs that included a small data partition with an AutoPlay file.

When users put the CD into their computer to play music, it installed a very invasive piece of software that disabled copying of audio CDs. Beyond that, however, bugs in the software caused system instability and left an opening for other malicious software to take advantage of the rootkit's ability to hide files. Sony misusing AutoRun this way set a pretty horrific standard, a behavioral bar so low that nearly anything goes.

The rise of removable media that is writable, such as USB flash drives and portable hard drives, makes AutoPlay even more dangerous. For example, an attacker who wants to break into a specific company could sprinkle a handful of AutoPlay-infected inexpensive USB drives in the company's parking lot.

Odds are good that at least one of them will find its way into an employee's computer at work or at home, and from there the attacker can find his way into the company's secrets. These kind of attacks can be very effective because they are often able to circumvent even tight network controls intended to prevent infiltration.

In the continuing battle between convenience and security, the convenience of AutoPlay has been beaten back to square one by the security issues it raises. We're all used to the additional security problems caused by ubiquitous Internet access, but this one is different. It's a feature that hearkens back to the old floppy boot sector viruses, resurrected for abuse in an era of cheap USB drives. If Microsoft was designing AutoPlay today ... well, I doubt a feature like that would make it at all. The Age of Auto Everything has ended.

See More

Nokia Makes Last Stand With Microsoft

Carriers Sending Mixed Signals On Mobile Bandwidth

Microsoft Needs More Kinect, Less Kin

Microsoft's CES Misdirection Depends On Developers To Succeed

Windows Phone 7, Collateral Damage Edition

13 Technology Predictions For 2011

Read more about:

20112011

About the Author

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights