Facebook Plunges Again
Tumblr 101: Tips And Tricks To Get Started
Microsoft removes Autorun from Windows Vista, XP, 2000
Last night, on Patch Tuesday, Microsoft distributed a security fix that disables Autorun with USB drives and other forms of removable storage on Windows Vista, XP and 2000, and Server 2008 and 2003. Windows 7 by default has Autorun disabled for removable storage, so this is just bringing the older OSes into line.This marks the end of an era, at least as far as worms like Conficker are concerned. Historically, all a virus had to do was place a a very basic Autorun.inf file in the root of a removable drive, and it would be automatically executed upon its insertion. As you can imagine, this was a very, very easy attack vector, and incredibly effective too.
Incidentally, because Microsoft says it hasn't seen an in-the-wild malware attack that uses CDs or DVDs, AutoPlay will still work with "shiny media."
Comments
11
Subscribe to commentssharkyncFeb 9th 2011 6:23AM
Can't tell you how long ago I disabled autorun on my windows boxes.
Sebastian AnthonyFeb 9th 2011 7:32AM
@sharkync I did it back on Windows 95!!
(Or was it 98?)
RichardFeb 9th 2011 7:28AM
It's worth noting that the article seems to mix up AutoRun and AutoPlay - and that they are two different things.
AutoRun looks for an autorun.inf file on removable media and, if found, follows the instructions to execute a program (so for example, to start up the installer).
AutoPlay looks at the contents of the removable media and then presents the user with a list of possible actions to perform based on the contents of the media (for example, view pictures using a viewer).
Because AutoPlay uses the contents of the autorun.inf file to present the user the option of executing a program on the media, people (unsurprisingly) often get it muddled up.
In short, the difference between AutoRun and AutoPlay is that AutoRun would blindly run an application whereas AutoPlay presents the user with a list of possible options to perform.
Sebastian AnthonyFeb 9th 2011 7:32AM
@Richard Ah, that clears things up -- thanks!
AemonyFeb 9th 2011 8:56AM
http://nooooooooooooooo.com/
The autorun.inf file was perfect for being used to customize the icon and label of a USB device and while Microsoft claims the functionality of using icons and labels are still present (only the open= was removed), I've yet to get it to work.
And now, my USB device is once again an ugly generic thing....
I need one more for exit as well...
http://nooooooooooooooo.com/
Sebastian AnthonyFeb 9th 2011 9:00AM
@Aemony Wow, that's actually a website...
5hRreDDyFeb 9th 2011 11:08AM
@Sebastian Anthony - lol, it's actually a pretty big internet meme
Anyway, yays for the removal. It caused so much annoyance to me in the past. AutoPlay is all you need.
Sebastian AnthonyFeb 9th 2011 11:13AM
@5hRreDDy I try to insulate myself from memes and pop culture :P
kevjohn2011Feb 9th 2011 11:32AM
They disabled this at my 20k+ employee company in the middle of last year. It cut down on viral infections tremendously. Stupid users.
Lonnie McClureFeb 9th 2011 2:22PM
Since I have to often deal with customer's computers that have not been updated, I took the precaution of placing a autorun.inf *folder* on each of my USB flash drives.
Even if someone one day writes malware that actually checks for an autorun.inf folder and issues an rmdir command to remove it (so they can create an autorun.inf file), not seeing that folder when I view the files would be a big red flag that it had been infected.
HandleFeb 15th 2011 12:56PM
Actually the SanDisk U3 has a virtual CD drive on it for the U3 menu. It can be hacked -
http://www.raymond.cc/blog/archives/2007/11/23/hack-u3-usb-smart-drive-to-become-ultimate-hack-tool/
So the Virtual disk contains your own image - a virus. Once plugged in, runs silently creating txt files with user info/ie passwords/etc. on the main storage of the stick.
I did this at school once. Worked fine on most of the computers, but on one got picked up by the anti-virus. Surprisingly, they confiscated it...