Latest Windows Patch Disables Autorun

On February 14, 2011, in InfoSec, by ggwalker

I was just reading a ZDNet report announcing that Microsoft’s most recent patches are turning off the Autorun/Autoplay feature in XP and Vista.  This is a great idea and should help quite a bit with the fight against malware entering through the USB and disk vector.

Many users are unaware of the risks autorun creates, as evidenced by the frequently-quoted (and frequently claimed) Secure Network Technologies study “The Cost of Human Curiosity” in which penetration testers “seeded” a credit union parking lot with pre-infected USB thumb drives.  Fifteen of the twenty drives were found by employees and plugged into company computers.  The Autorun/Autoplay feature allowed the Trojan to run, collecting passwords, usernames, and other proprietary data, and emailing it back to the security researchers.

The Microsoft Malware Protection Center also posted “Breaking up the Romance between Malware and Autorun”, attributing improved security around autorun in Windows 7 as the reason why “Windows XP users were nearly 10 times as likely to get infected by one of these worms in comparison to Windows 7. “

If you want to be sure of your settings, though, I found a great tutorial entitled “How to disable the Autorun functionality in Windows” on Microsoft’s support page.

Good news, though.  Won’t do much for browser-based threats, I am afraid, but a good start.