Story image

Microsoft to drop 'Autorun'

11 Feb 11

Microsoft will drop the Autorun feature in an attempt to stop Windows computers being compromised.

AutoRun and its companion feature AutoPlay are components of the Windows operating system that decide what actions the system takes when a new device is plugged in. 

Adam Shostack, Program Manager at Microsoft, said that a lot of malware uses Autorun as one of several propagation mechanisms.

“Because of the very real positive uses of Autorun, we didn't want to simply shut it off without a conversation,” he wrote in a blog post. “On the other hand, we believed action should be taken to shut down the misuse.”

In 2009 Microsoft made some changes to the way the feature worked in an effort to improve security, even though some partners expressed concerns.

Microsoft doesn’t class Autorun as a vulnerability though.

“That term is generally used to mean accidental functionality that allows someone to violate the security of the system,” Shostack continued. “But Autorun isn't an accident - it's by design, and as I mentioned we care about the very real positive uses of the feature. In other words, in a very real sense, it's not a bug, it's a feature, and we documented it as such.”

The update won’t affect any CDs or DVDs that contain Autorun files. “We are aware that someone could write malware to take advantage of that, but we haven't seen it in the wild,” said Shostack.

You can read the full post here.