Since Microsoft launched Windows 95, Autorun has had excellent intentions, but also become a fantastic headache as well. It began as Autoplay, which was meant to help novice users navigate their new computers. However, it did not take long before the bad guys caught on and began using it for their devious plans.
It worked something like this (up until a few days ago): Once a user plugged in their device, such as a USB flash drive, a code which was embedded in autorun.inf would be automatically executed. In other words, a USB auto launch would be performed. So, worms and viruses would hop onboard, in effect tricking the user into contaminating their own system.
The fact that malware has been widely spread through USB autorun is not a secret. Actually, such worms as Stuxnet and Conficker were widely propagated just this way, and pretty much everybody knows it.
That is why we now have a new Microsoft Update for all older systems (Windows 2007 and Windows Server 2008 R2 has this feature built in). It is labeled as Important, although it is not considered a security update by Microsoft standards. Users who have regular settings in place will automatically get the update. Anyone who does not want the feature disabled can reverse this update as well.
One huge question floating around is if Microsoft Autorun has been a well-known problem for years, why the delay in the update? Jerry Bryant, group manager in Microsoft’s Response Communications indicates that the delay is because many Microsoft partners used Autorun to install their hardware.
In the meantime, other methods have been developed for this purpose, such as the U3 function on some thumb drives. Bryant states that Microsoft believes now is the “right time” to make this change to help “further protect the ecosystem.”
Garden variety PC users are going to find that they still get most of their standard menu options, such as to view files or play their media. CD and DVD venues are unchanged, because ‘shiny media’ is not viewed as much of a threat at this point by most, though certainly not all.
This update is a new way to enable us to protect ourselves from malicious code, although it will certainly provide a few hurdles to be jumped as well. A lack of USB Autorun may slow some users down and prevent instant access to promotional multimedia that some marketing strategies rely on. However for the most part, we will still be able to utilize our beloved flash drives, without too much hassle. And, there is always the ‘Fix It’ button for those who feel strongly about having access to Autorun.
How do you feel about the AutoRun changes for Microsoft? Will it help or hurt the way you use your USB flash drives? Weigh in below!