Microsoft improves AutoPlay to combat USB malware

Filed Under: Malware

Here's some good news.

Microsoft has revealed on one of its blogs that the next version of Windows will change the way in which the operating system handles USB flash drives to fight the growing problem of AutoRun malware.

Malware like the Conficker worm can spread via USB memory sticks, taking advantage of the AutoRun facility to execute on computers. In this following example, taken from the Microsoft blog, a malicious program (circled in red) is pretending to be the safe option (circled in green) of viewing and opening files.

The good news is that Windows 7 will no longer display the AutoRun task in the AutoPlay dialog for devices that are not CDs or DVDs. In other words, you won't be able to accidentally choose the wrong option and fall into the virus writer's trap.

Which means, that when you insert a USB thumb drive you'll see a dialog like this (the safe option is highlighted in green once again):

Meanwhile, AutoPlay will continue to give you the option on CDs and DVDs to install or run a program of the manufacturer's choice:

Of course, it is worth bearing in mind that there is malware which adds itself as auto-running code to DVDs and CDs when they are burnt, so although this is a definite improvement users will still need to be cautious about what they choose to run on their computer.

Microsoft has said it will be changing the functionality of Vista and XP in due course to be in line with how Windows 7 will operate. Make sure to read more about this new functionality on Microsoft's Engineering Windows 7 blog.

You might like

About the author

Graham Cluley is an award-winning security blogger, and veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.