Microsoft disables AutoRun on Windows XP/Vista to prevent malware infections

Microsoft disables AutoRun on Windows XP/Vista to prevent malware infections

Summary: Microsoft has decided to disable the AutoRun feature on Windows XP. The "non-security update" doesn't affect shiny media" such as CDs or DVDs that contain Autorun files.

SHARE:

With hundreds of thousands users still running Windows XP despite the security considerations of doing so, in a largely anticipated move by the security community, Microsoft has decided to disable the AutoRun feature on Windows XP. The "non-security update" doesn't affect shiny media" such as CDs or DVDs that contain Autorun files, and is targeting other removable media.

The move aims to limit the number of AutoRun infections, with the feature itself now an inseparable part of every modern and modular malware bot.

According to Microsoft's data, Win32/Autorun remains within the most popular malware families, with Windows XP users more likely to experience such an infection, compared to Windows 7 users.

A similarity all of these worms share is a common propagation method. They all abuse the autoplay feature of Autorun, many by creating or manipulating Autorun.inf files on network drives and removable media, so that when a user connects, the malware is automatically executed on their system. On average in 2010, about 9% of Windows 7 Security Essentials users reported seeing one of these families at least once per month in comparison to 13% of Windows XP users. In other words, a Windows XP user was 43% more likely to report one of these Autorun detections in any given month in comparison to a Windows 7 user..

Should Linux users worry about AutoRun infections? From theory into practice a security researcher has recently demonstrated a similar scenario, where the AutoRun functionality is successfully exploited on Linux host.

Why do you think so many users are still running Windows XP? What about the millions of users who would not receive this update taking into consideration the fact that they're running pirated Windows software, whose least worry are AuroRun infections?

Talkback.

Topics: Operating Systems, Malware, Microsoft, Security, Software, Windows

Dancho Danchev

About Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

135 comments
Log in or register to join the discussion
  • RE: Microsoft disables AutoRun on Windows XP/Vista to prevent malware infections

    More proof of the need to ditch XP ASAP! I caught one of those autorun baddies a few weeks back after coming home from school.... It was an XP machine, since my school is downright in love with XP.... It's quite disgusting. Either way, MSE caught it before it could do its thing and removed it.
    I promptly e-mail my school's IT staff after hunting them down in the school's directory and gave them a piece of my mind.
    The one and only, Cylon Centurion
    • Try this on for siize

      <i>Why do you think so many users are still running Windows XP? </i><br><br>Hmmm, could it have something to do with the cost of shiny new O$'s from M$? <br><br>Nah! Couldn't be that! [*burps Vista*]
      klumper
    • Should never have been enabled

      Another dumb MS idea
      Richard Flude
      • RE: Microsoft disables AutoRun on Windows XP/Vista to prevent malware infections

        @Richard Flude

        Not dumb, a good idea, that has been taken advantage of.
        The one and only, Cylon Centurion
      • @Cylon Centurion 0005

        No .. like he said .. it was just another dumb idea from MS developers.
        thx-1138_
  • RE: Microsoft disables AutoRun on Windows XP/Vista to prevent malware infections

    Thing is, Linux barely has Autorun to speak of. While it exists, I'm uncertain how many distros have it enabled or how reliable it seems to be.

    Not that hackers are really targeting Linux that much anyways - it's not a big enough target to be useful to them.

    But yeah - those who claim the security of Vista or Windows 7 is "no better" than XP are just fooling themselves.

    "Why do you think so many users are still running Windows XP?"

    In the case of my grandparents, it's a case of they don't want to buy a new OS/computer right now :(. And I do think their XP machine is infected, unfortunately. They can access most every website, except for Windows Update - a sure sign that something is blocking it :(. What's worse, the AV solutions I've tried don't detect anything, so they're definitely looking at a drive wipe and OS reinstall or a new computer to fix it.
    CobraA1
    • RE: Microsoft disables AutoRun on Windows XP/Vista to prevent malware infections

      @CobraA1
      You need to be an administrator or (I think) a backup user to make use of windowsupdate.
      AndyPagin
      • RE: Microsoft disables AutoRun on Windows XP/Vista to prevent malware infections

        @AndyPagin First of all, I'm sure they *are* an admin. Second, that shouldn't block the web site completely - the web site itself should still function, it should just refuse to install the updates.
        CobraA1
    • Make them an unprivileged user.

      @CobraA1: Problem solved.
      ye
    • RE: Microsoft disables AutoRun on Windows XP/Vista to prevent malware infections

      [i]But yeah - those who claim the security of Vista or Windows 7 is "no better" than XP are just fooling themselves.[/i]

      Really? Then why is M$ releasing similar security patches for [b]both systems[/b]?

      If an exploit is out there that affects XP but doesn't affect Win7 (due to it's [i]'enhanced security features'[/i]), then it stands to reason that the need for two similar patches wouldn't be necessary.

      Sounds like another FUD bill of goods is being sold here...
      LTV10
      • Learn the difference between vulnerability and exploit.

        @LTV10: [i]If an exploit is out there that affects XP but doesn't affect Win7 (due to it's 'enhanced security features'), then it stands to reason that the need for two similar patches wouldn't be necessary.[/i]

        A vulenerability can exist in both XP and Windows 7 yet not affect the latter due to its enhanced security. And by enhanced security you're essentially referring to a more secure default configuration compared to Windows XP.

        Mostly Windows 7 doesn't add much over Windows XP. The two features I can think of off the top of my head are MIL and ASLR. Everything else is available in XP.

        [i]Sounds like another FUD bill of goods is being sold here...[/i]

        No need to be so hard on your own posts.
        ye
      • RE: Microsoft disables AutoRun on Windows XP/Vista to prevent malware infections

        @LTV10

        "Then why is M$ releasing similar security patches for both systems?"

        Because no security is perfect.

        "If an exploit is out there that affects XP but doesn't affect Win7"

        Microsoft actually discovered a rootkit when they enabled ASLR, if I remember correctly. It was tied to a static location in a file that wasn't so static when they moved it to ASLR.

        "then it stands to reason that the need for two similar patches wouldn't be necessary."

        No, not really. It's still a good idea to fix buffer overruns (it's good coding practice), and since XP and Windows 7 may share some files, you might as well roll the change for Windows 7 as well. It doesn't hurt to fix it in both OSes, even if one OS is affected more than the other.

        Good, solid code is still a good idea, even if it's not a big security risk.
        CobraA1
      • Works both ways

        @LTV10, if Linux and Apple systems are so secure, why do they have a constant stream of updates? Windows Vista and 7 are a huge improvement over XP, but that does not mean that they need no patches at all.
        itpro_z
      • You're really good at FUD too, LTV10

        @LTV10

        You should get paid for it.
        AllKnowingAllSeeing
      • RE: Microsoft disables AutoRun on Windows XP/Vista to prevent malware infections

        [i]Because no security is perfect.[/i]

        That's true but that doesn't answer the question.

        [i]Microsoft actually discovered a rootkit when they enabled ASLR, if I remember correctly. It was tied to a static location in a file that wasn't so static when they moved it to ASLR.[/i]

        With that particular patch, that may be true. But what about all the others released for the past year? It's almost a security patch-per OS patch.

        [i]No, not really. It's still a good idea to fix buffer overruns (it's good coding practice), and since XP and Windows 7 may share some files, you might as well roll the change for Windows 7 as well. It doesn't hurt to fix it in both OSes, even if one OS is affected more than the other.[/i]

        I thought you folks said this was a 'safer' OS? As far as I'm concerned, a measure of how safe it is needs to be should be compared with what existed previously. Given the hype around here, I would expect [b]fewer[/b] patches to be issued with Win7. Not the same amount.

        Notice I said [i][b]fewer[/b][/i]. I didn't say [i][b]none[/i][/b].

        [i]Good, solid code is still a good idea, even if it's not a big security risk.[/i]

        Well they should've done that to begin with. MIL and ASLR should minimize the need for the amount of patches that are being issued to Win7. Otherwise, it's nothing more than marketing FUD, propagated by the likes of you and ye.
        LTV10
      • @AllKnowingAllSeeing, you're actually pretty good...

        ..at knowing nothing and not seeing anything. It fits you well.
        LTV10
      • It is much safer.

        @LTV10: [i]I thought you folks said this was a 'safer' OS?[/i]

        It's out of the box configuration is much more secure than Windows XP and it includes a few new technologies which also make it safer.

        For example Protected Mode and MIL. While the same vulnerability may exist in both Windows XP and Windows 7 Protected Mode greatly minimizes what a piece of malware can do. Thus Windows 7 is much safer while surfing the web.
        ye
      • RE: Microsoft disables AutoRun on Windows XP/Vista to prevent malware infections

        "I thought you folks said this was a 'safer' OS?"

        It is.

        "As far as I'm concerned, a measure of how safe it is needs to be should be compared with what existed previously."

        By that measure, Windows 7 is safer.

        "Given the hype around here, I would expect fewer patches to be issued with Win7"

        The number of patches is not equivalent to how safe an OS is. Not by a long shot. That is perhaps the poorest measure of the safety of an OS you could come up with.

        By that standard, Linux is less safe than Windows 3! Guess which OS had more patches . . .

        Obviously, the # of patches is not a measure of the security of an OS.

        "Well they should've done that to begin with."

        If you can find a developer that creates perfect code all the time, tell him/her to send a resume to Microsoft. They'll hire him/her on the spot.

        "MIL and ASLR should minimize the need for the amount of patches that are being issued to Win7."

        Eh, no, that's not their job. You don't leave unfixed code around just because you have some protections. That is so very, very wrong.
        CobraA1
      • RE: Microsoft disables AutoRun on Windows XP/Vista to prevent malware infections

        <i>By that measure, Windows 7 is safer.</i><br><br>So you say.<br><br><i>The number of patches is not equivalent to how safe an OS is. Not by a long shot. That is perhaps the poorest measure of the safety of an OS you could come up with.</i><br><br>It's a generalized yardstick to show how much progress has been made on the security front. And given the frequency and amount of security patches so far, it doesn't like like much progress has been made on that particular point. <br><br><i>By that standard, Linux is less safe than Windows 3! Guess which OS had more patches . . .</i><br><br>That's a specious argument. You can't compare Linux with it because they are two entirely different OSes that come from two entirely different source codes. You <b>can</b> compare two products made by the same vendor though, especially when each OS shares much of the same code. <br><br>Notice I said <i>"much of"</i> <b>not</b> <i>"all of"</i>. I do realize some of you all are too dense and need further clarification.<br><br><i>Obviously, the # of patches is not a measure of the security of an OS.</i><br><br>So you say.<br><br><i>If you can find a developer that creates perfect code all the time, tell him/her to send a resume to Microsoft. They'll hire him/her on the spot.</i><br><br>I never said "perfect" so that's the second specious argument you've made here. Talk about moving goalposts.<br><br><i>Eh, no, that's not their job. You don't leave unfixed code around just because you have some protections. That is so very, very wrong.</i><br><br>Then stop with the FUD about it being "safer" because I don't see any progress on the <b>monthly</b> security front at all. This is nothing more than the same old business as usual that we've come to expect from Micro$oft. <br><br>No difference. <br><br>Little change. <br><br>All hype.
        LTV10
      • RE: Microsoft disables AutoRun on Windows XP/Vista to prevent malware infections

        "It's a generalized yardstick . . ."

        It's an arbitrary yardstick with no meaning.

        The reason why it has no meaning is because the number of holes patched has little, if any, correlation with the number of successful attacks.

        How secure a system is is based on how often an attack is successful, not how many holes were patched.

        "I never said 'perfect' so that's the second specious argument you've made here. Talk about moving goalposts."

        The answer to the statement "Well they should've done that to begin with" is "yeah, they should've, but they're human."

        "Then stop with the FUD about it being "safer" because I don't see any progress on the monthly security front at all."

        That's only because you are measuring security with a totally meaningless yardstick. Sorry.
        CobraA1