Microsoft doctors AutoRun in Windows 7 to stymie Conficker
Prompted by the spread of the Conficker worm through infected USB drives, Microsoft Corp. will unveil changes in next week's public Windows 7 Release Candidate that are designed to stymie such hacker strategies.
But Microsoft, which has promised to update the operating systems currently being used by customers -- Windows XP and Vista -- with a similar change at some point, has not set a timeline for that task.
In four different company blogs -- including a trio of security blogs, as well as one devoted to Windows 7 -- Microsoft spelled out how it has modified AutoRun and AutoPlay, a pair of technologies originally designed for CD-ROM content, to keep malware from silently installing on a victim's PC.
"Windows will no longer display the AutoRun task in the AutoPlay dialog for devices that are not removable optical media (CD/DVD) because there is no way to identify the origin of these entries," Arik Cohen, a program manager on the Windows 7 team, said in the entry on the Engineering Windows 7 blog.
AutoRun is the technology that starts some programs automatically when a CD, DVD or other media is inserted. One of its most common uses is to start an installation program when a user puts a CD into the optical drive.
AutoPlay, on the other hand, is the Windows feature that lets a user pick which program starts when a specific type of media, like a DVD containing photos, is inserted.
Conficker leveraged both. The worm, which first appeared in November 2008 and exploded in January 2009 -- in part because a new variant added the ability to spread using USB flash drives -- copied a malicious "autorun.inf" file to any USB storage device that was connected to an infected machine. It then spread to any other PC if the user connected the device to another computer, then picked the "Open folder to view files" option under "Install or run program" in the AutoPlay dialog. (Conficker also spread to a PC if the user had earlier told AutoRun to make that choice by default.)
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
windows
Powered by Twitter
jfruh
Apple syncing patent can't come soon enough
pasmith
New Twitter features borrow from 3rd party clients
Esther Schindler
Open Source Changes the Software Acquisition Process
mikelgan
How to set up continuous podcast play on the new iTunes
David Strom
Five important Windows 7 mobility features
sjvn
Guard your Wi-Fi for your own sake
Sandra Henry-Stocker
Grepping on Whole Words
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
