Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror
×
Security IT

Microsoft Kills AutoRun In Windows 340

Posted by samzenpus from the so-long-farewell-aufedersein-goodbys dept.
aesoteric writes "Microsoft has finally decided to push out an update to disable AutoRun in its XP operating system, a Windows feature that had been increasingly exploited by virus writers over the years. But because Microsoft still sees AutoRun as a feature and not a security hole, it isn't calling its Windows Update a "security update" but rather an "Important, non-security update" — but it effectively disables the AutoRun feature anyway."
This discussion has been archived. No new comments can be posted.

Microsoft Kills AutoRun In Windows More

Microsoft Kills AutoRun In Windows

Comments Filter:

  • XP now more secure than Linux? (Score:2, Interesting)

    by Anonymous Coward on Wednesday February 09, 2011 @10:00PM (#35157744)

    After the recent AutoRun on Linux scare, will this mean patched XP boxes are more secure than Linux? The mind BOGGLES!

  • Re:Sony will be annoyed (Score:4, Interesting)

    by Centurix ( 249778 ) <centurix@gmail . c om> on Wednesday February 09, 2011 @10:25PM (#35157992) Homepage

    Wonder if they've disabled the fetching of custom icon files from the drive as you insert it. Nice place to find buffer overflows.

  • Re:AutoRun was always broken (Score:5, Interesting)

    by Anonymous Coward on Wednesday February 09, 2011 @10:59PM (#35158244)

    As the inventor of AutoRun (Microsoft even contacted me for prior art when they were sued over it) it saddens me to have it killed off like this.

    The original autorunner on the Amiga had a UI element to easily toggle it on/off for a drive, which is about as secure as trusting users not to just click on spyware.exe anyway. You can't protect users from running spyware if they are careless, but you can make it easy for them to control the behavior. Instead Microsoft buried the controls and made it next to impossible to turn off for a particular disk... I think you could disable it by holding shift, or alt, or control, or something. Nobody can remember that and there's no indication that it's working.

    Back in the days of swapping actual disks because there was no HD or it was tiny autorun was an awesome tool, and it's still a nice convenience for users to install drivers, etc. It didn't need to be such a security problem like it was on Windows.

  • Re:Should have never been there. (Score:3, Interesting)

    by Anonymous Coward on Wednesday February 09, 2011 @10:59PM (#35158256)

    This is not a commentary on autorun. This is a commentary on a vendor's piss-poor software quality. If the software could not be invoked any way other than autorun, then the vendor, and not Microsoft, is to blame.

  • Re:Option? (Score:5, Interesting)

    by exomondo ( 1725132 ) on Wednesday February 09, 2011 @11:39PM (#35158462)

    A file name lolcat.jpg.exe is a mighty tempting thing to double click on. Granted, the user is the vector. But then, the OS is not helping by making it easy to dupe people into thinking a file is an image vs an exe.

    If, when UAC pops up to tell the user that the *program* lolcat.jpg.exe is about to make changes to the system, the user still clicks allow/yes/whatever then there's really not much more you can do.

  • Re:AutoRun was always broken (Score:4, Interesting)

    by Pentium100 ( 1240090 ) on Thursday February 10, 2011 @01:07AM (#35158948)

    Autorun made some sense when it worked only on CD-ROM disks, though sometimes it still was annoying (start a game, the game asks for the CD, insert the CD and the installer starts - this on slow PCs with little memory and slow CD drives). It did not work on floppies, so maybe someone saw that it would be bad. When USB flash drives replaced floppies in every day use it was only a matter of time before virus writers took advantage of Autorun.

Slashdot Top Deals

If a train station is a place where a train stops, what's a workstation?

Close