Windows optimize

AutoRun turned off permanently in Windows XP by Microsoft

Microsoft has decided to modify the way AutoRun works in all Windows systems to increase security and prevent malware. Does this change satisfy your need for security?

A few weeks ago, I republished an IT Security Blog post by Chad Perrin: "Help Protect Windows from Malware with No Autorun." You can read it for yourself, but the basic gist was that AutoRun should be turned off on all Windows systems as a security measure against malware attacks. Chad explained some ways to accomplish that task.

Microsoft had previously modified the way AutoRun works in Windows 7 to increase security and reduce malware attacks, but the manner in which Windows XP handled AutoRun was still a problem.

Well, on February 8, 2011, Microsoft announced that they would be applying the Windows 7 security protocols for AutoRun to Windows XP systems via the normal Update process. This change effectively disables AutoRun in Windows systems, closing a large security vulnerability. At least that is the plan.

Do you think this change closes the book on AutoRun security vulnerabilities or do you expect it will be necessary to stay vigilant to protect your systems?

About

Mark Kaelin is a CBS Interactive Senior Editor for TechRepublic. He is the host for the Microsoft Windows and Office blog, the Google in the Enterprise blog, the Five Apps blog and the Big Data Analytics blog.

11 comments
Who Am I Really
Who Am I Really

as I have almost completely toasted the autoplay / autorun crap with a 3 step process a> GPEdit.msc - computer configuration\...\turn off autoplay (Enabled) - user configuration\...\turn off autoplay (Enabled) b> TweakUI - turn off autoplay for all drive types and all drive letters from A: through Z: c> Old .reg hack from win9x as follows: REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf] @="@SYS:DoesNotExist" insert that into a plain text doc and save it as a .reg file and then apply it I haven't had any autoplay / autorun problems since doing this quite a while ago. the reason for my using such a configuration is: I got tired of the ages it took for the winders exploder content sniffers scanning huge external drives for media etc .files when connected

jjmcgaffey
jjmcgaffey

supporting my clients - home users who will suddenly find that their CDs won't run. I doubt they were particularly vulnerable - they were unlikely to have someone sticking a poisoned CD or USB drive into their machines - and they will be highly disconcerted when their new software won't install, music won't play, etc. Standard MS - if there's a possible problems, apply a broad brush to 'fix' it.

pgit
pgit

...someone's machine that has been updated is "broken," aka autorun no longer happens... My users haven't had autorun on XP for years, one of the first things we disable.

Franciscus101
Franciscus101

Perhaps it is safer, to some degree. It does however create its own set of problems. Those of us who are not techinically adept, may have problems getting certain CD/DVD based programs to load or install. The install file is not always easy to find. It may be hidden in sub-directories, to which the autorun points. While those of us reading this blog would be able to find the right file, I'm sure that my mother, Rest her soul, would never have been able to do so. Thus, clear one set of problems and create others

inouyde
inouyde

We ended up ignoring/disabling the Windows Update trying to fix AutoRun because it never installed correctly. Same deal with the one about Vector XML something something... always bombed out.

OH Smeg
OH Smeg

Like all things M$ Windows related what gets plugged now doesn't plug any as yet [b]Unknown[/b] issues. ;) Col

Mark W. Kaelin
Mark W. Kaelin

Do you think this change closes the book on AutoRun security vulnerabilities or do you expect it will be necessary to stay vigilant to protect your systems?

Gis Bun
Gis Bun

If you [like me] support "clients/home users", won't you charge to show them how to get around the issue? :-) Can't call it a "broad brush" when Windows 7 does this already. Most home users are novices. They click on stuff they shouldn't [i.e. fake anti-virus software]. They change/botch setting they shouldn't do. They uninstall programs with System Restore [I kid you not!]. They shut off the computer always by pressing and holding the poower button. I would rather disable something than let them screw things up [even if I don't get as much work from them].

awgiedawgie
awgiedawgie

IMHO, those who can't find the installation executable probably shouldn't be installing software in the first place. I would much rather help MY mother install software on her computer than fix it after she's screwed something up. If it's a disk from a legitimate and trustworthy source, and if the install file isn't blatantly obvious, all it takes is a quick look at the autorun.inf file with a text editor to point the way. And if it's not from a trusted source, it's best to have an expert check it out first anyway. Quite frankly, I think Autorun was one of M$'s more inane ideas, and disabling it was the best thing that could have happened to it. I don't like Autoplay much better, but at least it's a lot easier to switch off.

seanferd
seanferd

Many people who ring me up already have Autorun turned off per previous updates and security configuration, and cannot find even obvious install or CD start files while I'm telling them what to look for. (All it takes is a bit of attention rather than letting your eyes glaze over at the prospect of looking at a short list of files.) At this point, though, application vendors should be planning for this behavior change. XP users as a whole can also look forward to the level of support offered for Windows 98 & 2000 anyway, so it is time to start taking the hint if you are not a savvy user. OTOH, Autorun was one of the very first things I learned to kill when first starting to use Windows, so you don't really have to be super clever. As for finding install files in older software disks, changing other stupid MS defaults like "hide file extension" and "open" (as opposed to "explore"), and icon or tile view to detail view will help. Camera software and similar can be started from the Start menu if it doesn't have a tray app.

Gis Bun
Gis Bun

So you just gave up? Ever thought of posting the problem in the WSUS newsgroup/answer forum? You are just basically leaving your systems vulnerable.