Microsoft Resurrects Autorun, Sort of...

The Windows autorun feature has been a boon to malware distributors, making it ever so easy to create a fast spreading network worm. Microsoft eventually released a couple of patches to prevent autorun from, well, running, but those initial attempts failed due to cacheing and other inconsistent behavior. Eventually a patch was finally released that fully disabled autorun, but rather than chance it this site has continued to recommend a simple registry edit to truly disable the wormable autorun feature.

Now Microsoft has released yet another autorun update - but this one actually threatens to put previously protected users at risk of autorun worms once again. According to Microsoft:

"In Windows XP, Windows Vista, and Windows Server 2003, AutoRun entries were populated for all devices that had mass storage and had a validly formatted AutoRun.inf file in the root directory. This included CDs, DVDs, USB thumb drives, external hard disks, and any volume that exposed itself as mass storage. This update disables AutoRun entries in AutoPlay, and displays only entries that are populated from CD and DVD drives. Effectively, this prevents AutoPlay from working with USB media."

The problem, as Dan Goodin at The Register points out, is that a USB device can easily present itself to Windows as a CD drive, meaning that instead of effectively preventing AutoPlay from working with USB media, it effectively just lulls the user into a false sense of security and continues the autorun worm plague.

My advice? Stick with the tried and true registry edit to really disable autorun.