MSRC: AutoRun a Security Risk for Windows 7, Default Behavior of AutoPlay Modified
MSRC (Microsoft Security Response Center) has announced that due to the fact that the online threat landscape is constantly changing and evolving, it will implement a security mod in the next iteration of the Windows-based operating system, mainly Windows 7. The change mentioned by the MSRC is related to how the default behavior of AutoPlay enables AutoRun for all kinds or removable media.
“Today, we’re announcing modifications in Windows that adapts to recent changes in the threat environment. Specifically, we’re announcing changes to the behavior in AutoPlay so that it will no longer enable an AutoRun task for devices that are not removable optical media (CD/DVD.). However, the AutoRun task will still be enabled for media like CD-ROM. The reason we’re making this change is that we’ve seen an increase, since the start of 2009, in malicious software abusing the current default AutoRun settings to propagate through removable media like USB devices. The best known malicious software abusing AutoRun is Conficker, but it’s not alone in that regard: there is other malicious software that abuses this feature,” explained the Microsoft Security Response Center.
It is quite important that you do not confuse AutoPlay for AutoRun and the other way around. AutoRun is the feature that automatically starts programs when you insert a CD/DVD/other media storage device; it is the software’s way of responding to hardware actions. AutoPlay on the other hand is a Windows-specific feature that lets you choose which program will start when you insert a CD/DVD or connect a media storage device; like for example when you choose Media Player to launch automatically when you insert a music CD. With the recent change that MSRC announced in Windows 7, AutoPlay will no longer support the AutoRun functionality for non-optical removable media (in layman’s terms, AutoPlay will work with CDs/DVDs but not with USB devices).
MSRC again: “Because we’ve seen such a marked increase in malicious software abusing AutoRun to propagate, we’ve decided that it makes sense to adjust the balance between security and usability around removable media. We’ve tried to be very measured in this adjustment to maximize both customer convenience and protection. Since non-writable media such as CD-ROMs generally aren’t avenues for malicious software propagation (because they’re not writable) we felt it made sense to keep the current behavior around AutoPlay for these devices and make this change only for generic mass storage class devices.”
This security mod will be implemented in the upcoming Windows 7 Release Candidate which will be shortly released to the public (details here).
Tags: Microosft, MSRC, Microsoft Security Response Center, Windows 7, AutoRun, Autoplay
“Today, we’re announcing modifications in Windows that adapts to recent changes in the threat environment. Specifically, we’re announcing changes to the behavior in AutoPlay so that it will no longer enable an AutoRun task for devices that are not removable optical media (CD/DVD.). However, the AutoRun task will still be enabled for media like CD-ROM. The reason we’re making this change is that we’ve seen an increase, since the start of 2009, in malicious software abusing the current default AutoRun settings to propagate through removable media like USB devices. The best known malicious software abusing AutoRun is Conficker, but it’s not alone in that regard: there is other malicious software that abuses this feature,” explained the Microsoft Security Response Center.
Advertising
It is quite important that you do not confuse AutoPlay for AutoRun and the other way around. AutoRun is the feature that automatically starts programs when you insert a CD/DVD/other media storage device; it is the software’s way of responding to hardware actions. AutoPlay on the other hand is a Windows-specific feature that lets you choose which program will start when you insert a CD/DVD or connect a media storage device; like for example when you choose Media Player to launch automatically when you insert a music CD. With the recent change that MSRC announced in Windows 7, AutoPlay will no longer support the AutoRun functionality for non-optical removable media (in layman’s terms, AutoPlay will work with CDs/DVDs but not with USB devices).
MSRC again: “Because we’ve seen such a marked increase in malicious software abusing AutoRun to propagate, we’ve decided that it makes sense to adjust the balance between security and usability around removable media. We’ve tried to be very measured in this adjustment to maximize both customer convenience and protection. Since non-writable media such as CD-ROMs generally aren’t avenues for malicious software propagation (because they’re not writable) we felt it made sense to keep the current behavior around AutoPlay for these devices and make this change only for generic mass storage class devices.”
This security mod will be implemented in the upcoming Windows 7 Release Candidate which will be shortly released to the public (details here).
Tags: Microosft, MSRC, Microsoft Security Response Center, Windows 7, AutoRun, Autoplay
I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular News
By George Norman on 10 Feb 2012
With the release of Wolfram|Alpha Pro, the team behind the popular computational knowledge engine took a very big step forward
By George Norman on 10 Feb 2012
Microsoft has just announced that this February, as part of the Patch Tuesday program, it will roll out a grand total of 9 security bulletins to all customers all over the world.Related News
By George Norman on 27 Oct 2011
It is true that the mouse is one of the most used peripheral and it is just as true that if you want to get things done and get them done fast, using keyboard shortcuts is a lot more efficient than clicking.
By George Norman on 26 Oct 2011
I know it’s been a long time and I can understand if you forgot about it: the Windows XP operating system reached general availability on the 25th of October 2001. That means that Windows XP, as of this week, is ten years old.
By George Norman on 14 Nov 2011
Artists of all ages can now enjoy a digital palette and infinite canvas on the internet. Redmond-based software giant Microsoft has recently unveiled a new project called “The Art of Touch.” Inspired by the Microsoft Touch Mouse family of products, the project allows internet users to create, save and share digital art
By George Norman on 23 Nov 2011
With the huge success of Windows 7, all eyes are on the next big version of the Microsoft-developed operating system, Windows 8. We already know that the operating system (OS) will come with a fresh Advertising
Hot Software Updates
Top Downloads
2.
Opera5.
Trillian8.
AIM9.
Skype10.
Ad-Aware12.
Nero13.
Google Earth14.
Picasa15.
Winamp16.
iTunes17.
RealPlayer18.
uTorrent19.
eMule20.
WinRAR21.
BitComet22.
WinZip23.
Shareaza24.
CCleaner25.
Recuva26.
Tweak UI27.
CuteFTP Home29.
Adobe Reader30.
NewsPiperBecome A Fan!
Link To Us!
MSRC: AutoRun a Security Risk for Windows 7, Default Behavior of AutoPlay Modified
HTML Linking Code
HTML Linking Code