Microsoft's Drops The Curtain On AutoPlay

Born during The Age of Auto Everything, the Windows AutoPlay functionality was anything but a home run. So Microsoft finally lays it to rest.

Dave Methvin, Contributor

February 22, 2011

2 Min Read

The most annoying part about AutoPlay V2, as it's called, is that can take Windows a while to scan the removable media for files and decide what to do. But it's also a potential security risk if you've told Windows to take automatic action based on the content type. For example, someone could create a corrupted music file that exploited a vulnerability in Windows Media Player, and it would run without the user having to approve running the file. So this provides another way to automatically run malicious code even when basic AutoRun is not being used.

AutoRun functionality has been abused in the past, which has led to Microsoft's decision to disable it. The most notorious example was the Sony Rootkit of 2005. In an attempt to keep the music-copying genie in the bottle, Sony issued audio CDs that included a small data partition with an AutoPlay file.

When users put the CD into their computer to play music, it installed a very invasive piece of software that disabled copying of audio CDs. Beyond that, however, bugs in the software caused system instability and left an opening for other malicious software to take advantage of the rootkit's ability to hide files. Sony misusing AutoRun this way set a pretty horrific standard, a behavioral bar so low that nearly anything goes.

The rise of removable media that is writable, such as USB flash drives and portable hard drives, makes AutoPlay even more dangerous. For example, an attacker who wants to break into a specific company could sprinkle a handful of AutoPlay-infected inexpensive USB drives in the company's parking lot.

Odds are good that at least one of them will find its way into an employee's computer at work or at home, and from there the attacker can find his way into the company's secrets. These kind of attacks can be very effective because they are often able to circumvent even tight network controls intended to prevent infiltration.

In the continuing battle between convenience and security, the convenience of AutoPlay has been beaten back to square one by the security issues it raises. We're all used to the additional security problems caused by ubiquitous Internet access, but this one is different. It's a feature that hearkens back to the old floppy boot sector viruses, resurrected for abuse in an era of cheap USB drives. If Microsoft was designing AutoPlay today ... well, I doubt a feature like that would make it at all. The Age of Auto Everything has ended.

See More

Nokia Makes Last Stand With Microsoft

Carriers Sending Mixed Signals On Mobile Bandwidth

Microsoft Needs More Kinect, Less Kin

Microsoft's CES Misdirection Depends On Developers To Succeed

Windows Phone 7, Collateral Damage Edition

13 Technology Predictions For 2011

Read more about:

20112011

About the Author(s)

Dave Methvin

Dave Methvin

Contributor

See more from Dave Methvin
Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.
SIGN-UP

You May Also Like

More Insights
Webinars
More Webinars
Reports
More Reports

Editor's Choice

NHL's Calgary Flames at New Jersey Devils on February 8, 2024 in Newark, NJ
IT Infrastructure
NHL, Presidio, and a Transformation Power Move with Hybrid CloudNHL, Presidio, and a Transformation Power Move with Hybrid Cloud
byJoao-Pierre S. Ruth
Apr 5, 2024
6 Min Read
Online Privacy Security Threat Abstract Background Art
Cyber Resilience
Cyber Risks When Job Hunters Become the HuntedCyber Risks When Job Hunters Become the Hunted
byCarrie Pallardy
Apr 9, 2024
9 Min Read
Business innovative solution and creative concept as a paper boat tied to a light bulb
IT Leadership
9 Ways to Ensure Continuous Innovation9 Ways to Ensure Continuous Innovation
byLisa Morgan
Apr 2, 2024
9 Slides
Hand charging an electric car, leaves and butterflies emerge from the cars exhaust, idea of sustainable transportation. Green energy, eco friendly
Sustainability
Sustainable Transportation Takes OffSustainable Transportation Takes Off
bySamuel Greengard
Mar 26, 2024
5 Min Read
Robotic hand takes a slice out of a coin, representing money
Machine Learning & AI
Special Report: What's Next for the GenAI Market in 2024?Special Report: What's Next for the GenAI Market in 2024
bySara Peters
Mar 12, 2024
3 Min Read
Webinars
More Webinars
White Papers
More White Papers
Live Events
More Live Events
Reports
More Reports
May 2, 2024
While there are plentiful options in cyber resiliency and business continuity tools and platforms, there isn’t one that can knock out everything from sudden cloud outages to prolonged ransomware attacks in a single punch. What can you do to keep the company on its feet no matter what is thrown at it? Find out in this new virtual event.
Reserve Your Seat Now