Here’s some good news for anyone who has been struck by auto-running malware from a USB stick in the past.
Microsoft has rolled-out an “important, non-security update” through Windows Update, changing the behaviour of Autorun when you plug a USB stick into your computer.
Not sure what Autorun is? It’s the technology which causes a program to start automatically when you insert a CD or USB stick into your Windows PC. You may have spotted the Autorun.inf files in the root directory of your USB sticks and on CDs in the past.
It may sound like a neat idea, but a lot of malware (The Conficker worm would be perhaps the most infamous example) has exploited the technology to infect computers via USB sticks in the past.
The more recent versions of Windows, like Windows Vista and Windows 7, have made changes to the way that Autorun operates and this has helped fight the spread of Autorun malware. But older versions of Windows, such as Windows XP, were still often at risk.
In fact, in a blog post published yesterday, Microsoft’s Holly Stewart presented statistics which suggested that “Windows XP users were nearly 10 times as likely to get infected by [Autorun malware] in comparison to Windows 7.”
Yesterday, Microsoft rolled out an update via its Windows Update infrastructure, to users running versions prior to Windows 7, which effectively prevents Autorun malware from automatically infecting computers without the user’s permission.
Note, however, that this isn’t the death of Autorun entirely. As Microsoft’s Adam Shostack explains on the MSRC blog, Autorun is still available for “shiny media” such as CDs and DVDs.
Hmm. I guess that will be welcome news for any misguided company which tries to emulate Sony’s disastrous scheme from 2005 where music CDs automatically installed a rootkit as part of their DRM copy protection.
All in all, though, Microsoft has done a good thing here. Autorun was never a necessary technology in my point of view, and its exploitation by malware made it a dangerous liability. Locking it in a windowless room, handing it a service revolver and appealing to its sense of decency is probably the best move that can we make.
Related Posts
- Microsoft update for restricting the USB Autorun
Microsoft has released an "important, non-security update" ( KB971029) that restricts Autorun entries in the AutoPlay dialog to only CD and DVD drives.
This update is apply for Windows XP/Vista/no... - Boonana Mac Trojan was ‘not Koobface’, says Microsoft
The widely-reported ‘Boonana’ Trojan was a new piece of malware after all and had nothing directly to do with Koobface, Microsoft and other security companies have reported a week after the event.
... - PSN update now live across the U.S., go change your password now
In case you missed it — and you very well might have considering what time this ball got rolling — Sony has officially flipped the switch on the PlayStation Network, restoring service in a limited... - Silverlight Update Available, (Thu, Apr 21st)
Microsoft has issued a security patch for Silverlight KB2526954. It fixes several security issues. However, the Microsoft link to KB2526954 is still not live. If you have Microsoft update running, it ... - Infiltrate 2011 and Offensive Security
Security researchers from around the world are digesting the weekend's fare at Infiltrate2011, organized by security outfit Immunity. "No policy or high-level presentations, just hardcore thought-prov... - KB2506014 kills TDL4 on x64
Not so long ago, Microsoft released a security patch addressing the way Windows x64 operating systems check integrity of the loaded modules. In our recent report (The Evolution of TDL4: Conquering x64... - Adobe to Patch Flash Zero Day on Windows, Mac on Friday
Adobe is planning to patch the recently disclosed Flash Player vulnerability on Friday for users on Windows, Mac OS X and Linux. The vulnerability is being used in targeted attacks right now that use ... - Analysis of the New Adobe Flash Attacks
When Adobe warned customers earlier this week about a newly discovered vulnerability in the Flash Player software, company officials said that there were already attacks underway against the bug. Thos... - New Zero-Day Attack in Adobe Products (CVE-2011-0611)
Last month, Adobe had released a security advisory and a product update about a critical flaw affecting Flash Player versions and a vulnerable component, authplay.dll, of Adobe Reader and Acrobat that... - Building Reputation with Microsoft Security Essentials
Internet Explorer 9 includes a great new application reputation feature driven by SmartScreen. As described in this Building Reputation blog post by Ryan Colvin, SmartScreen uses file hashes an...
Posted on 09 February 2011. Tags: Autorun, Good, Microsoft, riddance', Says
