14 DAY TRIAL // As an added security mitigation Microsoft has amputated the functionality associated with Autorun in a move designed to block malicious code abusing the feature.
The Redmond company built the new Autorun behavior by default into Windows 7, but also backported the new security measures to Windows Vista and Windows XP.
Last week, the software giant announced that the Windows Autorun update would be served automatically to XP and Vista users via Windows Update.
The decision was catalyzed by the fact that Microsoft data indicated a lower rate of infections related to malware know for traditionally abusing the autoplay feature of Autorun in order to spread.
Malicious code such as Taterf, Rimecud, or Conficker all feature capabilities of manipulating Autorun.inf files on network drives and removable media.
The malware uses Autorun.inf in order to execute itself automatically and compromise new machines as soon as the user connects to a network, or plugs in an USB device.
By limiting the Autorun options available to UBS devices the Redmond company is effectively blocking an avenue which malware used to spread.
Of course, at the same time, Microsoft is well aware that some customers might actually want, or need the full Autorun features.
In this regard, the company produced a Fix It solution designed to automatically enable Autorun for Windows.
“At the same time, we're aware that some customers prefer the existing Autorun functionality and will want to reverse the effects. So we have a Fix It available that accomplishes that,” revealed Adam Shostack, a program manager working in TWC Security.
“To disable or enable Autorun automatically, click the appropriate Fix this problem link. Then, click Run in the File Download dialog box and follow the steps in this wizard,” Microsoft informed.
“Note these wizards may be in English only; however, these automatic fixes also work for other language versions of Windows.”