madison

Zero Day

Ryan Naraine and Dancho Danchev
Home / News & Blogs / Zero Day

Microsoft disables AutoRun on Windows XP/Vista to prevent malware infections

By | February 10, 2011, 6:54am PST

Summary: Microsoft has decided to disable the AutoRun feature on Windows XP. The “non-security update” doesn’t affect shiny media” such as CDs or DVDs that contain Autorun files.

With hundreds of thousands users still running Windows XP despite the security considerations of doing so, in a largely anticipated move by the security community, Microsoft has decided to disable the AutoRun feature on Windows XP. The “non-security update” doesn’t affect shiny media” such as CDs or DVDs that contain Autorun files, and is targeting other removable media.

The move aims to limit the number of AutoRun infections, with the feature itself now an inseparable part of every modern and modular malware bot.

According to Microsoft’s data, Win32/Autorun remains within the most popular malware families, with Windows XP users more likely to experience such an infection, compared to Windows 7 users.

A similarity all of these worms share is a common propagation method. They all abuse the autoplay feature of Autorun, many by creating or manipulating Autorun.inf files on network drives and removable media, so that when a user connects, the malware is automatically executed on their system. On average in 2010, about 9% of Windows 7 Security Essentials users reported seeing one of these families at least once per month in comparison to 13% of Windows XP users. In other words, a Windows XP user was 43% more likely to report one of these Autorun detections in any given month in comparison to a Windows 7 user..

Should Linux users worry about AutoRun infections? From theory into practice a security researcher has recently demonstrated a similar scenario, where the AutoRun functionality is successfully exploited on Linux host.

Why do you think so many users are still running Windows XP? What about the millions of users who would not receive this update taking into consideration the fact that they’re running pirated Windows software, whose least worry are AuroRun infections?

Talkback.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Zero Day”

Topics

Infection, Microsoft Windows XP, Malware, Microsoft Corp., Malware Infection, Spyware, Adware & Malware, Microsoft Windows, Cyberthreats, Viruses And Worms, Security, Operating Systems, Software, Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.

Disclosure

Dancho Danchev

More details on Dancho Danchev's current and past professional affiliations, can be found in his LinkedIn profile.

Biography

Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, and cybercrime incident response. He's been an active security blogger since 2007, and maintains a popular security blog sharing real-time threats intelligence data with the rest of the community on a daily basis. More details on Dancho Danchev's current and past professional affiliations, can be found in his LinkedIn profile. You can also follow him on Twitter

Talkback Most Recent of 136 Talkback(s)

  • RE: Microsoft disables AutoRun on Windows XP/Vista to prevent malware infections
    More proof of the need to ditch XP ASAP! I caught one of those autorun baddies a few weeks back after coming home from school.... It was an XP machine, since my school is downright in love with XP.... It's quite disgusting. Either way, MSE caught it before it could do its thing and removed it.
    I promptly e-mail my school's IT staff after hunting them down in the school's directory and gave them a piece of my mind.
    ZDNet Gravatar
    Cylon Centurion
    10th Feb 2011
  • Try this on for siize
    Why do you think so many users are still running Windows XP?

    Hmmm, could it have something to do with the cost of shiny new O$'s from M$?

    Nah! Couldn't be that! [*burps Vista*]
    ZDNet Gravatar
    klumper
    10th Feb 2011
  • Should never have been enabled
    Another dumb MS idea
    ZDNet Gravatar
    Richard Flude
    10th Feb 2011
  • RE: Microsoft disables AutoRun on Windows XP/Vista to prevent malware infections
    @Richard Flude

    Not dumb, a good idea, that has been taken advantage of.
    ZDNet Gravatar
    Cylon Centurion
    11th Feb 2011
  • @Cylon Centurion 0005
    No .. like he said .. it was just another dumb idea from MS developers.
    ZDNet Gravatar
    thx-1138_@...
    11th Feb 2011
  • RE: Microsoft disables AutoRun on Windows XP/Vista to prevent malware infections
    so cute *__* thank you for sharing replica watches best
    ZDNet Gravatar
    lovedong
    13th Sep
  • RE: Microsoft disables AutoRun on Windows XP/Vista to prevent malware infections
    Thing is, Linux barely has Autorun to speak of. While it exists, I'm uncertain how many distros have it enabled or how reliable it seems to be.

    Not that hackers are really targeting Linux that much anyways - it's not a big enough target to be useful to them.

    But yeah - those who claim the security of Vista or Windows 7 is "no better" than XP are just fooling themselves.

    "Why do you think so many users are still running Windows XP?"

    In the case of my grandparents, it's a case of they don't want to buy a new OS/computer right now sad. And I do think their XP machine is infected, unfortunately. They can access most every website, except for Windows Update - a sure sign that something is blocking it sad. What's worse, the AV solutions I've tried don't detect anything, so they're definitely looking at a drive wipe and OS reinstall or a new computer to fix it.
    ZDNet Gravatar
    CobraA1
    10th Feb 2011
  • RE: Microsoft disables AutoRun on Windows XP/Vista to prevent malware infections
    @CobraA1
    You need to be an administrator or (I think) a backup user to make use of windowsupdate.
    ZDNet Gravatar
    AndyPagin
    10th Feb 2011
  • RE: Microsoft disables AutoRun on Windows XP/Vista to prevent malware infections
    @AndyPagin First of all, I'm sure they *are* an admin. Second, that shouldn't block the web site completely - the web site itself should still function, it should just refuse to install the updates.
    ZDNet Gravatar
    CobraA1
    10th Feb 2011
  • Make them an unprivileged user.
    @CobraA1: Problem solved.
    ZDNet Gravatar
    ye
    10th Feb 2011
  • RE: Microsoft disables AutoRun on Windows XP/Vista to prevent malware infections
    But yeah - those who claim the security of Vista or Windows 7 is "no better" than XP are just fooling themselves.

    Really? Then why is M$ releasing similar security patches for both systems?

    If an exploit is out there that affects XP but doesn't affect Win7 (due to it's 'enhanced security features'), then it stands to reason that the need for two similar patches wouldn't be necessary.

    Sounds like another FUD bill of goods is being sold here...
    ZDNet Gravatar
    LTV10
    10th Feb 2011
  • Learn the difference between vulnerability and exploit.
    @LTV10: If an exploit is out there that affects XP but doesn't affect Win7 (due to it's 'enhanced security features'), then it stands to reason that the need for two similar patches wouldn't be necessary.

    A vulenerability can exist in both XP and Windows 7 yet not affect the latter due to its enhanced security. And by enhanced security you're essentially referring to a more secure default configuration compared to Windows XP.

    Mostly Windows 7 doesn't add much over Windows XP. The two features I can think of off the top of my head are MIL and ASLR. Everything else is available in XP.

    Sounds like another FUD bill of goods is being sold here...

    No need to be so hard on your own posts.
    ZDNet Gravatar
    ye
    10th Feb 2011
  • RE: Microsoft disables AutoRun on Windows XP/Vista to prevent malware infections
    @LTV10

    "Then why is M$ releasing similar security patches for both systems?"

    Because no security is perfect.

    "If an exploit is out there that affects XP but doesn't affect Win7"

    Microsoft actually discovered a rootkit when they enabled ASLR, if I remember correctly. It was tied to a static location in a file that wasn't so static when they moved it to ASLR.

    "then it stands to reason that the need for two similar patches wouldn't be necessary."

    No, not really. It's still a good idea to fix buffer overruns (it's good coding practice), and since XP and Windows 7 may share some files, you might as well roll the change for Windows 7 as well. It doesn't hurt to fix it in both OSes, even if one OS is affected more than the other.

    Good, solid code is still a good idea, even if it's not a big security risk.
    ZDNet Gravatar
    CobraA1
    10th Feb 2011
  • Works both ways
    @LTV10, if Linux and Apple systems are so secure, why do they have a constant stream of updates? Windows Vista and 7 are a huge improvement over XP, but that does not mean that they need no patches at all.
    ZDNet Gravatar
    itpro_z
    10th Feb 2011
  • You're really good at FUD too, LTV10
    @LTV10

    You should get paid for it.
    ZDNet Gravatar
    AllKnowingAllSeeing
    10th Feb 2011
View More Comments

Talkback - Tell Us What You Think

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
Click Here

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources