Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Microsoft Kills AutoRun In Windows

samzenpus posted more than 3 years ago | from the so-long-farewell-aufedersein-goodbys dept.

Security 340

aesoteric writes "Microsoft has finally decided to push out an update to disable AutoRun in its XP operating system, a Windows feature that had been increasingly exploited by virus writers over the years. But because Microsoft still sees AutoRun as a feature and not a security hole, it isn't calling its Windows Update a "security update" but rather an "Important, non-security update" — but it effectively disables the AutoRun feature anyway."

Sorry! There are no comments related to the filter you selected.

FP (-1)

Anonymous Coward | more than 3 years ago | (#35157708)

Just a simple FP....

Re:FP (1, Funny)

gringer (252588) | more than 3 years ago | (#35157734)

did you use autorun to post that?

Re:FP (1, Insightful)

Anonymous Coward | more than 3 years ago | (#35157764)

Hopefully Ubuntu will do the same thing now.

XP now more secure than Linux? (2, Interesting)

Anonymous Coward | more than 3 years ago | (#35157744)

After the recent AutoRun on Linux scare, will this mean patched XP boxes are more secure than Linux? The mind BOGGLES!

Re:XP now more secure than Linux? (4, Funny)

MrEricSir (398214) | more than 3 years ago | (#35157822)

As long as you never run IE, don't connect your computer to the internet, and never insert external media, then YES!

Re:XP now more secure than Linux? (1)

black6host (469985) | more than 3 years ago | (#35158150)

Man, that's too much trouble. Want the surefire way to avoid viruses, rootkits, malware, etc.? Simple: don't plug the damn thing in!

As long as there are people, there will be such things. Or, if you prefer, as long as there are computers.

Re:XP now more secure than Linux? (4, Informative)

0123456 (636235) | more than 3 years ago | (#35158426)

After the recent AutoRun on Linux scare, will this mean patched XP boxes are more secure than Linux? The mind BOGGLES!

The 'autorun on Linux scare' appears to be primarily due to automatically displaying thumbnails of corrupted files which exploit holes in image and video rendering libraries; so Windows is at least as insecure. Windows was far more insecure when it would also happily load a DLL from the USB drive in order to perform that rendering because '.' was first in the DLL search path.

Plus Ubuntu, at least, now seem to be wrapping the thumbnail generators in Apparmor which makes it far more difficult to exploit.

Microsoft were kind enough (1)

Anonymous Coward | more than 3 years ago | (#35157758)

To donate the functionality to Ubuntu. That's nice of them.

Option? (2)

silentphate (1245152) | more than 3 years ago | (#35157776)

Would be nice to have the option to enable/disable the feature..

Re:Option? (5, Informative)

BradleyUffner (103496) | more than 3 years ago | (#35157828)

Would be nice to have the option to enable/disable the feature..

It has been an option for as long as I can remember. It used to be one of the first things I turned off after a new install, right after I turned on the display of File Extensions.

Re:Option? (4, Insightful)

stonewallred (1465497) | more than 3 years ago | (#35157976)

One of the most annoying things about Windows. Hiding the file extension by default.

Re:Option? (0)

CastrTroy (595695) | more than 3 years ago | (#35158018)

OMG I hate this behaviour. It's the first thing I turn off on any windows install. Big vector for viruses, plus it's just plain annoying.

Re:Option? (3, Insightful)

kindbud (90044) | more than 3 years ago | (#35158194)

Hiding the filename extension is not a virus vector. Having the OS assume a file is just the type that the name says it is, is the vector whether the extension is hidden or not. Granting execute permissions based on its name rather than its permissions, is a virus vector. Assuming a jpg file is a image format and passing it unchecked to a thumbnail rendering subsystem is a vector, not hiding the jpg extension.

You can hide file extensions in Linux file managers. MacOS hides file extensions. Files with hidden extension are not going to be a vector for you or for Mac users on account of the hidden extension. They don't work that way.

Re:Option? (-1)

Anonymous Coward | more than 3 years ago | (#35158262)

You're an idiot. As if the shebang line hasn't done the same thing for years.

Re:Option? (4, Insightful)

Hooya (518216) | more than 3 years ago | (#35158300)

A file name lolcat.jpg.exe is a mighty tempting thing to double click on. Granted, the user is the vector. But then, the OS is not helping by making it easy to dupe people into thinking a file is an image vs an exe.

even if the OS fingerprinted the file instead of relying on the extension, the above scenario doesn't change. the file contents never lied about what the file was. the name was just mis-represented and the OS helped dupe the user into thinking it was an image.

Re:Option? (4, Interesting)

exomondo (1725132) | more than 3 years ago | (#35158462)

A file name lolcat.jpg.exe is a mighty tempting thing to double click on. Granted, the user is the vector. But then, the OS is not helping by making it easy to dupe people into thinking a file is an image vs an exe.

If, when UAC pops up to tell the user that the *program* lolcat.jpg.exe is about to make changes to the system, the user still clicks allow/yes/whatever then there's really not much more you can do.

Re:Option? (4, Informative)

QuantumG (50515) | more than 3 years ago | (#35158308)

Sigh. On a Mac, my drunken bigoted friend, a Mach-O file renamed to foo.jpg will happily run *because* the operating system dives into the file format to figure out how to run it. If I embed the appropriate icon resource in the file it'll even look like your default image viewer is going to open it, and if I subsequently start that image viewer once I've got control you'll never know it wasn't.

That's the security flaw: you can make an icon look to the user like it will only open up the image viewer, when actually arbitrary code will be executed.

Without file extensions being hidden you see foo.jpg.exe and say "that's an exe, I'm not going to run that", even if it has a friendly jpg icon embedded in it.

Re:Option? (1)

Eponymous Coward (6097) | more than 3 years ago | (#35158496)

How long has it been since execute permissions were based on the name? I'm pretty sure that hasn't been true since Windows 2000 and maybe even NT. At least with NTFS.

Should have never been there. (4, Insightful)

olsmeister (1488789) | more than 3 years ago | (#35157780)

If you do not know how to start a piece of software running, or cannot follow some simple directions to do so, you really have no business using a computer in the first place.

Re:Should have never been there. (5, Insightful)

haruchai (17472) | more than 3 years ago | (#35157788)

You've never worked a helpdesk, have you?

Re:Should have never been there. (0)

Anonymous Coward | more than 3 years ago | (#35158180)

Are helpdesks exempt from removing infections spread via USB?

Re:Should have never been there. (4, Insightful)

Junior J. Junior III (192702) | more than 3 years ago | (#35158192)

I'd wager he has.

Re:Should have never been there. (0)

Anonymous Coward | more than 3 years ago | (#35158388)

I'd wager he has...which is why he's got the position he has.

Re:Should have never been there. (1)

artor3 (1344997) | more than 3 years ago | (#35157834)

Betty Crocker has a FAQ on all the ways you can screw up cooking Hamburger Helper. Would you say the people who need the help have no business eating?

I'm not entirely joking - it's in the best interest of everyone for companies to make their products accessible to as large a market as possible. In this case, MS probably decided that autorun was doing more harm than good, but the concept (make it as easy as possible to install software) was a good one.

Re:Should have never been there. (5, Insightful)

LordNimon (85072) | more than 3 years ago | (#35158176)

Betty Crocker has a FAQ on all the ways you can screw up cooking Hamburger Helper. Would you say the people who need the help have no business eating?

No, I would say they have no business cooking.

Re:Should have never been there. (1)

Craig Maloney (1104) | more than 3 years ago | (#35158440)

Betty Crocker has a FAQ on all the ways you can screw up cooking Hamburger Helper. Would you say the people who need the help have no business eating?

I'm not entirely joking - it's in the best interest of everyone for companies to make their products accessible to as large a market as possible. In this case, MS probably decided that autorun was doing more harm than good, but the concept (make it as easy as possible to install software) was a good one.

I'd say the person involved needs to save up that Hamburger Helper money and order pizza.

Re:Should have never been there. (1)

Surt (22457) | more than 3 years ago | (#35158480)

Yes, anyone who can't cook hamburger helper has no business eating.

Re:Should have never been there. (3, Insightful)

dnaumov (453672) | more than 3 years ago | (#35157902)

For as long as stupid people will continue to have money, computers and operating systems will be made (and sold) to accomodate such people. That's just the way it is.

Re:Should have never been there. (0)

Anonymous Coward | more than 3 years ago | (#35158044)

HUR HUR lookit me, all-knowing and smart. One can't learn by not doing it and making mistakes, asshole.

Re:Should have never been there. (1)

cinderellamanson (1850702) | more than 3 years ago | (#35158304)

Hehe, no, what he's saying is that the A+ Certification, in fact, most first level certifications are filled with stuff engineers thought normal people could do and they still tell normal people they can do it, but all added together - everything the engineers thought you could do adds up to too much very quickly.

Incidentally, we've had this turned off on XP at work for some time.

Re:Should have never been there. (1)

brusk (135896) | more than 3 years ago | (#35158046)

True in general, but some Windows installation disks do more than just run setup.exe on startup and instead have rather involved scripts in autorun.inf. I had a driver/utility CD for an NAS device that created a menu of the manufacturer's different models via autorun and could not be invoked any other way. Since I had autorun disabled, this was very annoying.

Re:Should have never been there. (3, Interesting)

Anonymous Coward | more than 3 years ago | (#35158256)

This is not a commentary on autorun. This is a commentary on a vendor's piss-poor software quality. If the software could not be invoked any way other than autorun, then the vendor, and not Microsoft, is to blame.

Re:Should have never been there. (3, Informative)

nabsltd (1313397) | more than 3 years ago | (#35158434)

True in general, but some Windows installation disks do more than just run setup.exe on startup and instead have rather involved scripts in autorun.inf. I had a driver/utility CD for an NAS device that created a menu of the manufacturer's different models via autorun and could not be invoked any other way

There is no scripting in AUTORUN.INF...it's really just a very simple INI file. The only thing that could be considered a "script" is the ability to run different programs based on the machine architecture and OS version (controlled by square-bracketed INI section heading tags).

If you trust a disc, you can just open the AUTORUN.INF file with a text editor and copy what is to the right of "open=" and paste it into the start menu run box and it will do exactly what would have happened if autorun was enabled.

Re:Should have never been there. (2)

sharkey (16670) | more than 3 years ago | (#35158132)

Too true. How hard is LOAD AUTORUN.EXE,8,1 anyway?

Re:Should have never been there. (0)

Anonymous Coward | more than 3 years ago | (#35158318)

Too hard, as you forgot to enclose the name in quotes. SHIFT-RUN/STOP was so much easier.

Re:Should have never been there. (0)

Anonymous Coward | more than 3 years ago | (#35158200)

I like the auto-run/auto-play in some flavors of Linux. That way I know if multimedia/DVD playback works on a particular distro, out-of-the-box. No sound or no video? Next, please.

Re:Should have never been there. (0)

BitZtream (692029) | more than 3 years ago | (#35158280)

Perhaps if there was actually a standard intuitive way to do it, something as simple as say ... putting a key in the ignition and turning it like a car ... then you might be right.

The reality of it is, most people I know have far better things to do than giving a shit about this sort of thing so autorun works well.

As surprising as it may seem, some people have better things to do than play with a PC to understand how it all works.

Saying it never should have been there just makes it obvious your a curmudgeon who doesn't actually have anything of value to the discussion but repeats of what we've already heard a thousand times before and rejected. Yes there are security issues to worry about, but unless you're completely locking down the PC the person who's going to get you infected via autorun is going to do it some other way do to their ignorance anyway, so from a practical standpoint you just sound like a raving loon.

Security is worthless if no one bothers to use the system.

Re:Should have never been there. (1)

0123456 (636235) | more than 3 years ago | (#35158472)

As surprising as it may seem, some people have better things to do than play with a PC to understand how it all works.

If I may use a car analogy, those are the people who get eaten by inbred cannibal rednecks because they don't know how to change a flat tire.

Re:Should have never been there. (2)

shentino (1139071) | more than 3 years ago | (#35158566)

If you're not a mechanic you have no business driving a car.

Removing a feature? That I PAID for? (4, Funny)

nebaz (453974) | more than 3 years ago | (#35157810)

Man, this is just like Sony removing the "Other OS" feature from the PS3. I PAID for Windows XP because of the Auto-Run feature, as I'm sure many others have as well. This is a clear case of bait-and-switch deceptive marketing practicing. I wonder if a legal case could be made...

not the same thing this is just takeing away a aut (1)

Joe The Dragon (967727) | more than 3 years ago | (#35157848)

not the same thing this is just taking away auto running you can still run stuff manually and the up date is not forced on you.

Re:not the same thing this is just takeing away a (5, Informative)

Anonymous Coward | more than 3 years ago | (#35157986)

Whoosh.

Re:Removing a feature? That I PAID for? (0)

Bobakitoo (1814374) | more than 3 years ago | (#35157918)

Agree. Now Windows is not easy as advertised. I cannot just insert the CD and have it work like magic!

Seriously, autorun is full of shit and i always disabled it when i had a windows workstation. Microsoft is such a bad corporate citizen, it deserve to be sued and sued for all the harm it did. I do hope there is a case for this. For great justice ..or for the LULZ.

Re:Removing a feature? That I PAID for? (1)

Palpatine_li (1547707) | more than 3 years ago | (#35157946)

Trolling? Window update is NOT mandatory. You can choose not to install a specific fix and then it will not prompt you for it in the future. It's not like PS3, where you have to update to play online.

Re:Removing a feature? That I PAID for? (0)

Anonymous Coward | more than 3 years ago | (#35158032)

Also whoosh.

Re:Removing a feature? That I PAID for? (1)

ffreeloader (1105115) | more than 3 years ago | (#35158138)

Trolling? Window update is NOT mandatory. You can choose not to install a specific fix and then it will not prompt you for it in the future. It's not like PS3, where you have to update to play online.

Hmmmm.... Seems you must be unable to recognize sarcasm. And here I thought I was humorless. ;)

Re:Removing a feature? That I PAID for? (0)

Pharmboy (216950) | more than 3 years ago | (#35158076)

Since it is not considered a "security update", you can always not install it. Or uninstall it easily from the built in "add/remove programs" menu in the control panel.

This is not remotely the same thing as your strawman argument makes it out to be.

Re:Removing a feature? That I PAID for? (0)

Anonymous Coward | more than 3 years ago | (#35158322)

If it makes you feel any better, you got me to laugh. I didn't seriously think you were standing up for that other company.

Now how the heck do I get the "bonus software" on this hot new pop audio CD from $corporate_label_x to install on my system? Root-kit? what's that? Is that what the dentist uses to perform a root-canal?

Funny (0)

Anonymous Coward | more than 3 years ago | (#35157818)

It's funny that MS disables this right after this article showed up. [slashdot.org]

Re:Funny (2)

bky1701 (979071) | more than 3 years ago | (#35158414)

One might even suggest it wasn't a coincidence, but that would be absurd!

What about AutoPlay? (2)

paultwang (946947) | more than 3 years ago | (#35157820)

When I insert a USB stick, Windows XP opens an AutoPlay window asking me what action to take. If the autorun.inf file is found, the default choice in the AutoPlay window is to run whatever is in autorun.inf. What now? Does XP completely ignore autorun.inf with this update?

Re:What about AutoPlay? (4, Informative)

The MAZZTer (911996) | more than 3 years ago | (#35157914)

According to the MS article thing on it, that won't happen anymore. Autorun only happens for CD/DVD discs now. In fact this update SPECIFICALLY targets thumb drives for disabling autorun (though it affects all non-disc drives).

Re:What about AutoPlay? (1)

grayn0de (1301165) | more than 3 years ago | (#35157968)

When I insert a USB stick, Windows XP opens an AutoPlay window asking me what action to take. If the autorun.inf file is found, the default choice in the AutoPlay window is to run whatever is in autorun.inf. What now? Does XP completely ignore autorun.inf with this update?

That is what I gathered from the article. For instance, you pop your new software disc into the optic drive and are prompted with the installer. This will not happen, post update. This loss of "functionality" also prevents certain attacks utilized by hackers and malware, think USB switchblades, Conficker, etc..., but also slightly decreases the usability that average users have grown used to.

Personally, I think this is a good call, provided there is a way to enable it. Features like Autoplay should, IMO, be disabled by default with an accessible option to enable it. I say that with a security mindset, mind you. My question is: Why only on XP and not Vista or 7?

Correction:What about AutoPlay? (1)

grayn0de (1301165) | more than 3 years ago | (#35158002)

That is what I gathered from the article. For instance, you pop your new software disc into the optic drive and are prompted with the installer. This will not happen, post update.

You pop in your external harddrive and are prompted with the installer for the manufacturers proprietary software... Parent was a bad example.

Re:What about AutoPlay? (1)

venom8599 (1743286) | more than 3 years ago | (#35158098)

My question is: Why only on XP and not Vista or 7?

Probably because Vista and 7 already use this same behavior.

Re:What about AutoPlay? (1)

Anachragnome (1008495) | more than 3 years ago | (#35158510)

"What now?"

The functionality of the following...

"Open up regedit, and go to
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom
Look for the key 'AutoRun', and toggle between 1 for 'Enable' and 0 for 'Disable'."

will now apply to external drives, but, oddly, the above is STILL not in effect with this update. You still need to do the above if you want to block autorun on CDs/DVDs in a drive. My guess is soooooo many people are used to installers coming up automatically after popping a disc in a drive that many less-informed users might assume a problem with their drives when that doesn't happen anymore, not to mention that many will not know what to do at that point anyways. Figuring out to double-click the setup.exe may seem obvious to you and I, but...

I've always found it very annoying to plug in an external drive and have it start installing backup/crypto/anti-virus software without asking, and this will stop that.

So, basically no more holding down the SHIFT button while plugging in external drives (which, by the way, blocks both auto-run and auto-play, and as far as I know, and always has). For full coverage, install the update and make the above registry alteration--no auto-run or auto-play on CDs/DVDs or external drives and no holding SHIFT.

HA-Ha! (0)

Anonymous Coward | more than 3 years ago | (#35157830)

;
;
autorun=NelsonMunt.exe

What about Autoplay (1)

wiredlogic (135348) | more than 3 years ago | (#35157864)

XP also has Autoplay which can also be coerced into doing nefarious things. Is that taken care of as well?

Re:What about Autoplay (1)

JoltinJoe77 (1199263) | more than 3 years ago | (#35158452)

Yes, this update specifically updates autoplay's autorun functionality. You might be thinking of other types of "autoruns" such as the run key in the registry, etc, but those are out of scope for this update.

How does autorun get you a virus? (1)

rsilvergun (571051) | more than 3 years ago | (#35157870)

Unless it's from an infected USB drive I guess...

Re:How does autorun get you a virus? (4, Insightful)

pz (113803) | more than 3 years ago | (#35157994)

Or an infected CD-ROM or DVD, etc. Or the infected ISO you downloaded and mounted as a drive. Or the network drive that was just mounted. Or your MP3 player mounted in UMS mode. Or an infected external drive. Or a CF or SD/SDHC card mounted through a USB adapter. Or ...

You get the picture. Auto-Run was a bad idea. I'm glad they disabled it.

"shiny media" not affected, actually (0)

Anonymous Coward | more than 3 years ago | (#35158100)

Or an infected CD-ROM or DVD, etc. Or the infected ISO you downloaded and mounted as a drive.

Presuming it's mounted as an optical drive, all of the aforementioned are not affected by this update. You have to follow a few links to find it, but...
http://blogs.technet.com/b/msrc/archive/2011/02/04/deeper-insight-into-the-security-advisory-967940-update.aspx [technet.com]

it does not impact "shiny media" such as CDs or DVDs that contain Autorun files. We are aware that someone could write malware to take advantage of that, but we haven't seen it in the wild. (We also think malware on shiny media would be less likely to have widespread impact, because people burn CDs less often than they insert USB drives.)

Re:How does autorun get you a virus? (1)

shoehornjob (1632387) | more than 3 years ago | (#35158282)

Can anyone say Sony Root Kit? Disabling autorun was a good (if long overdue) idea but it's like closing the barn door after the horses have been let out.

Sony will be annoyed (4, Funny)

Ynot_82 (1023749) | more than 3 years ago | (#35157888)

Their CD rootkits won't run automatically

Bet you there's a super-secret way to re-enable autorun on a specific medium for just such reasons
(which will be discovered and exploited by malware writers)

Re:Sony will be annoyed (3, Interesting)

Centurix (249778) | more than 3 years ago | (#35157992)

Wonder if they've disabled the fetching of custom icon files from the drive as you insert it. Nice place to find buffer overflows.

Re:Sony will be annoyed (0)

Anonymous Coward | more than 3 years ago | (#35158364)

Actually this only affects USB drives and similar. CD and DVD autorun still works like normal.

So don't worry, Sony can rest assured that their rootkits still work like normal.

Flashback to the 80s (0)

Anonymous Coward | more than 3 years ago | (#35157912)

Autorun was one of the main reasons Amiga was the darling of the virus writers and Windows just carried on the tradition. Here it took them two decades to finally throw in the towel. That's stubborn.

Still available for CDs and DVDs. (2)

Kippesoep (712796) | more than 3 years ago | (#35157922)

This is only for things like USB sticks etc. It's not like every CD-ROM that John W. Clueless has ever bought is suddenly going to stop auto-running. From the original source:

...so this update does not turn off the feature entirely. For example, it does not impact "shiny media" such as CDs or DVDs that contain Autorun files.

I for one think this is a sensible thing to do.

Opt-In option... (0)

wb5bbw (143967) | more than 3 years ago | (#35157934)

This is simply a way to enhance the User Experience to Empower them by having them cooperate in their pwnage.
Obviously, Micro$loth is continuing its effort to encourage the masses, and Make the World a Better Place.

For myself, I've always considered the Auto-Run the tool of Satan.

Knowledge Base references (5, Informative)

Anonymous Coward | more than 3 years ago | (#35157950)

This is an update to KB967940 [microsoft.com] , regarding the patch offered in KB971029 [microsoft.com] going to automatic updates.

I had to look up the numbers, so I thought I'd just share, and save anyone else the trouble.

Re:Knowledge Base references (3, Informative)

initialE (758110) | more than 3 years ago | (#35158420)

Someone needs to mod this up. Anyway another interesting link: http://blogs.technet.com/b/msrc/archive/2011/02/08/deeper-insight-into-the-security-advisory-967940-update.aspx [technet.com]

Re:Knowledge Base references (5, Informative)

initialE (758110) | more than 3 years ago | (#35158502)

Hate to reply to myself, but this http://blogs.technet.com/b/mmpc/archive/2011/02/08/breaking-up-the-romance-between-malware-and-autorun.aspx [technet.com] needs a read too. It plots the relationship between autorun and malware. Interesting how Microsoft still considers this a "non-security related update", as autorun has been an easy vector with which to poison your windows installation. Important to note that autorun will still work as expected on CD and DVD media, meaning Sony Rootkits are still going to be installed on your computer.

Why only XP? (0)

Anonymous Coward | more than 3 years ago | (#35158010)

I don't see how the situation would be any better in Vista or Win 7, other than the fact they are theoretically more secure. Or do they "solve" the problem in Vista/Win 7 by popping up a nagging warning box in addition to the silly task window that I never used in XP?

it's not only XP (1)

story645 (1278106) | more than 3 years ago | (#35158174)

I run vista and I'm installing it right now, using windows update. I think the summary's just bad or people focused on XP 'cause so many of the attacks are geared towards it (the computers at my school get infected all the time through USBs).

Re:Why only XP? (0)

c0lo (1497653) | more than 3 years ago | (#35158468)

You ask "Why only XP?" ??? I'm asking "why only autorun?"

Like in "Why MS kills only autorun? There are plenty other things that need killing, Vista included".

Not where I work... (1)

voxra (68079) | more than 3 years ago | (#35158026)

A computer that would run owt from a CD, unchallenged, needs her head's examined (sorry Sian Massey).

7 and Vista still vulnerable (3, Informative)

KiloByte (825081) | more than 3 years ago | (#35158082)

Interesting that this bugfix was released only for XP. In 7, there's a dialog, but autorun.inf can show anything there, so most users will be just as easily fooled.

Re:7 and Vista still vulnerable (0)

Anonymous Coward | more than 3 years ago | (#35158336)

That's only half accurate. The update was released for Vista also, as well as Server 2003/8.

http://support.microsoft.com/kb/971029 [microsoft.com]

Also, it has always been possible on XP and Server 2003 domains to disable autorun in group policy. Anyone with Win7 can (and should) still do that.

We Need: Verify hardware prior to system start! (0)

Anonymous Coward | more than 3 years ago | (#35158104)

The kernel should include rootkit/trojan protection with frequent updates and comparison of signatures of valid firmware on PCI, AGP, etc. including router firmware. Enough of the malware scanner updates, the system should ship and run with powerful scans each boot, complete with a BIOS checksum verification.

The dirty malware which survives drive wipes hides in BIOS and PCI cards, but how many antiviruses protect against PCI card attacks? Tell me of one and of how they do it, I've noted ZERO so far.

Only when a system and all of its HARDWARE firmware is checked and verified EACH BOOT, should an OS load if security matters at all.

Sadly, how many router and pci cards (and other hardware like dvd drives) ship with checksums and firmware checksums and/or verified gpg signed files?

The state of HARDWARE security is pitiful! Some BIOS allows you to enable protection against writes, but most do not, this in and of itself could be a conspiracy.

When an OS starts and verifies ALL devices attached, prior to autoloading ANYTHING, then and only then will I begin to have faith in the security process of mainstream IT.

Microsoft's not the only one (1)

XxtraLarGe (551297) | more than 3 years ago | (#35158106)

The thing that boggles my mind is Apple has 'Open "safe" files after downloading' as the default for Safari (and yes, "safe" is in quotation marks in the preferences)! I have to remember to uncheck it every time I use a new Mac.

Re:Microsoft's not the only one (0)

Anonymous Coward | more than 3 years ago | (#35158352)

On the mac it is opening a file not launching an unknown piece of software. It may not be to your taste but it's not quite the same thing.

Re:Microsoft's not the only one (1)

0123456 (636235) | more than 3 years ago | (#35158446)

On the mac it is opening a file not launching an unknown piece of software. It may not be to your taste but it's not quite the same thing.

It is when that's a PDF file exploiting the latest hole in Adobe's PDF viewer.

Optional for 7 and vista (0)

Anonymous Coward | more than 3 years ago | (#35158108)

You can pull the autoupdate disable from the optional updates.

Incomplete Solution (1)

Rizimar (1986164) | more than 3 years ago | (#35158122)

Sure, Auto-Run can help execute malicious code. But what's stopping users from navigating to that CD or flash drive and executing the code themselves? Aren't they the ones connecting the devices or putting the disks in their computer in the first place?

I know plenty of people who try to do things like download MP3s, somehow end up downloading and running viruses on their machines instead. I'm kind of seeing this as a similar problem. Unfortunately, there isn't a universally-satisfactory solution to these sorts of incidents on the software level: disabling autorun for everyone will take away the ability to do something like pop in an audio CD and have it play right away. Enforcing the use of antivirus software to catch all potentially malicious code can be taxing on older systems. Blocking the execution of programs when they're starting up until the user clicks an "Allow" button can be frustrating for anyone wanting to perform a few simple tasks. These features may prevent something bad from happening, but until that thing happens, the average user will probably find them to be annoying and disable them. Microsoft seems to think that it's best to hold the hands of those who may not entirely know better and take away this feature completely when they should just make an attempt to educate their users as to why they should be cautious when having auto-run enabled to keep them aware.

Then again, as this is an optional update, I could just be blowing smoke. Still, an update that removes a feature doesn't seem like the optimal solution.

AutoRun was always broken (5, Insightful)

scdeimos (632778) | more than 3 years ago | (#35158154)

Given that PKI (Public Key Infrastructure) has been around longer than Internet Explorer, I could never understand why autorun.inf files weren't signed. Didn't Microsoft learn from all the problems induced by autorun-like behaviours on Amiga and Macintosh?

Up until about MacOS 8 (I think) the Finder used to automatically execute .CODE resources in files on disk/HDD/CD whenever a new disc came online which is how most Mac viruses got propagated.

Re:AutoRun was always broken (5, Interesting)

Anonymous Coward | more than 3 years ago | (#35158244)

As the inventor of AutoRun (Microsoft even contacted me for prior art when they were sued over it) it saddens me to have it killed off like this.

The original autorunner on the Amiga had a UI element to easily toggle it on/off for a drive, which is about as secure as trusting users not to just click on spyware.exe anyway. You can't protect users from running spyware if they are careless, but you can make it easy for them to control the behavior. Instead Microsoft buried the controls and made it next to impossible to turn off for a particular disk... I think you could disable it by holding shift, or alt, or control, or something. Nobody can remember that and there's no indication that it's working.

Back in the days of swapping actual disks because there was no HD or it was tiny autorun was an awesome tool, and it's still a nice convenience for users to install drivers, etc. It didn't need to be such a security problem like it was on Windows.

Re:AutoRun was always broken (0)

Anonymous Coward | more than 3 years ago | (#35158410)

Is that you Dave?

Re:AutoRun was always broken (0)

Anonymous Coward | more than 3 years ago | (#35158438)

For what it's worth, I'm not installing the update.

AutoRun works perfectly fine for me. If it ain't broke, I ain't gonna fix it. I don't insert random USB drives into my computer, and if I insert a CD or DVD, it's probably because I intend to install whatever's on it, so go ahead and save me an extra click.

Oh, and it's SHIFT that you hold down to bypass AutoRun on a CD/DVD. I do it all the time when I'm just browsing a disc without intending to install what's on it.

Re:AutoRun was always broken (1)

JoltinJoe77 (1199263) | more than 3 years ago | (#35158506)

The recent stuxnet virus revealed that even PKI isn't foolproof, as someone issued stuxnet a valid verified realtek signature so that autorun could direct Windows to install the virus as a trusted signed-driver. Even companies that tried to be safe by enforcing policies that only allowed signed-drivers from trusted publishers on their systems were suddenly vulnerable. The next stop in raising the bar is to simply not allow autoruns. Malware authors kill all our fun features. :(

Re:AutoRun was always broken (0)

Anonymous Coward | more than 3 years ago | (#35158544)

I could never understand why autorun.inf files weren't signed.

Signed with whose key? Microsoft's?
No autorun is definitely better than that can of worms.

Sysinternals Stuffs (0)

Anonymous Coward | more than 3 years ago | (#35158188)

I've been using sysinternals [microsoft.com] stuff seemingly forever. Mark Russinovich, he of Sony rootkit fame, has made his utilities available for download since the web was young. Many of the utilities, such as Procmonitor, aren't for neophytes, but Process Explorer and autorun [microsoft.com] should be on every windows box. Please note I'm not well informed as to the details of the story and am just throwing the above out there should it be of benefit to anyone.

The Feature Was Actually Removed Because... (0)

Anonymous Coward | more than 3 years ago | (#35158264)

Microsoft designers felt it was too "Ubuntu-like."

auto run (0)

Anonymous Coward | more than 3 years ago | (#35158310)

it's always something..if it's not one thing it's another..you gotta take the bad with the good...

"Doctors are whippersnappers in ironed white coats

who spy up your rectums and look down your throats

And press you and poke you with sterilized tools

And stab at solutions that pacify fools.

I used to revere them and do what they said

Till I learned what they learned on was already dead."

                                                                              -poem by Gilda Radner

Finally (0)

Anonymous Coward | more than 3 years ago | (#35158362)

Nice of them to FINALLY remove this "feature". Seems a little late now though, you can't even buy machines with Windows XP still on them...

Yeah (1)

jbeaupre (752124) | more than 3 years ago | (#35158382)

And the villagers rejoiced.

This was a needful thing. (3, Funny)

symbolset (646467) | more than 3 years ago | (#35158390)

Will nobody else say it? Ok, I'll say it without inserting some criticism about the timing, the need for this change, or whatever.

This needed to be done. The patch needed to be the default. The patch is here and it provides an improvement on the Windows experience not only for the Windows users, but for those of us who share an Internet with them.

So thank you, Microsoft, for doing the right thing.

Re:This was a needful thing. (0)

Anonymous Coward | more than 3 years ago | (#35158404)

BLASPHEMY!

misleading; just disabled for *some* media (0)

Anonymous Coward | more than 3 years ago | (#35158460)

They've only disabled it for media that appear not to be "optical". CDs, DVDs, and the partitions on "U3" thumb drives that pretend to be CD-ROM drives will still trigger AutoRun. For more authoritative info, see Adam Shostack's blog post: http://blogs.technet.com/b/msrc/archive/2011/02/08/deeper-insight-into-the-security-advisory-967940-update.aspx

non-security updates don't always auto-update (3, Informative)

Culture20 (968837) | more than 3 years ago | (#35158526)

non-security updates don't always auto-update. This will remain an attack vector until they declare it a security update.

And what about the U3 style CD-ROM automount? (0)

Anonymous Coward | more than 3 years ago | (#35158560)

If you don't kill this, what's to stop a virus from creating the same fake CD-ROM drive and auto-running from there?

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?