MSRC: AutoRun a Security Risk for Windows 7, Default Behavior of AutoPlay Modified
MSRC (Microsoft Security Response Center) has announced that due to the fact that the online threat landscape is constantly changing and evolving, it will implement a security mod in the next iteration of the Windows-based operating system, mainly Windows 7. The change mentioned by the MSRC is related to how the default behavior of AutoPlay enables AutoRun for all kinds or removable media.
“Today, we’re announcing modifications in Windows that adapts to recent changes in the threat environment. Specifically, we’re announcing changes to the behavior in AutoPlay so that it will no longer enable an AutoRun task for devices that are not removable optical media (CD/DVD.). However, the AutoRun task will still be enabled for media like CD-ROM. The reason we’re making this change is that we’ve seen an increase, since the start of 2009, in malicious software abusing the current default AutoRun settings to propagate through removable media like USB devices. The best known malicious software abusing AutoRun is Conficker, but it’s not alone in that regard: there is other malicious software that abuses this feature,” explained the Microsoft Security Response Center.
It is quite important that you do not confuse AutoPlay for AutoRun and the other way around. AutoRun is the feature that automatically starts programs when you insert a CD/DVD/other media storage device; it is the software’s way of responding to hardware actions. AutoPlay on the other hand is a Windows-specific feature that lets you choose which program will start when you insert a CD/DVD or connect a media storage device; like for example when you choose Media Player to launch automatically when you insert a music CD. With the recent change that MSRC announced in Windows 7, AutoPlay will no longer support the AutoRun functionality for non-optical removable media (in layman’s terms, AutoPlay will work with CDs/DVDs but not with USB devices).
MSRC again: “Because we’ve seen such a marked increase in malicious software abusing AutoRun to propagate, we’ve decided that it makes sense to adjust the balance between security and usability around removable media. We’ve tried to be very measured in this adjustment to maximize both customer convenience and protection. Since non-writable media such as CD-ROMs generally aren’t avenues for malicious software propagation (because they’re not writable) we felt it made sense to keep the current behavior around AutoPlay for these devices and make this change only for generic mass storage class devices.”
This security mod will be implemented in the upcoming Windows 7 Release Candidate which will be shortly released to the public (details here).
“Today, we’re announcing modifications in Windows that adapts to recent changes in the threat environment. Specifically, we’re announcing changes to the behavior in AutoPlay so that it will no longer enable an AutoRun task for devices that are not removable optical media (CD/DVD.). However, the AutoRun task will still be enabled for media like CD-ROM. The reason we’re making this change is that we’ve seen an increase, since the start of 2009, in malicious software abusing the current default AutoRun settings to propagate through removable media like USB devices. The best known malicious software abusing AutoRun is Conficker, but it’s not alone in that regard: there is other malicious software that abuses this feature,” explained the Microsoft Security Response Center.
It is quite important that you do not confuse AutoPlay for AutoRun and the other way around. AutoRun is the feature that automatically starts programs when you insert a CD/DVD/other media storage device; it is the software’s way of responding to hardware actions. AutoPlay on the other hand is a Windows-specific feature that lets you choose which program will start when you insert a CD/DVD or connect a media storage device; like for example when you choose Media Player to launch automatically when you insert a music CD. With the recent change that MSRC announced in Windows 7, AutoPlay will no longer support the AutoRun functionality for non-optical removable media (in layman’s terms, AutoPlay will work with CDs/DVDs but not with USB devices).
MSRC again: “Because we’ve seen such a marked increase in malicious software abusing AutoRun to propagate, we’ve decided that it makes sense to adjust the balance between security and usability around removable media. We’ve tried to be very measured in this adjustment to maximize both customer convenience and protection. Since non-writable media such as CD-ROMs generally aren’t avenues for malicious software propagation (because they’re not writable) we felt it made sense to keep the current behavior around AutoPlay for these devices and make this change only for generic mass storage class devices.”
This security mod will be implemented in the upcoming Windows 7 Release Candidate which will be shortly released to the public (details here).
