Microsoft Finally Turns Off AutoRun in Vista, XP

AutoPlay/AutoRun is 15 years old and it's time the malware authors adopt newer deployment methods. Good riddance to IE6 and ActiveX too.

This is one of the things I always suggest and turn off for clients, but they always complain later about why "the computer doesn't play music anymore" weeks later when they've forgotten our conversation. ;D

JS/Pornpop ..so I guess your computer CAN get STD's..interesting.

Less convenience and more security, some people won't like it but in my opinion the extra step of opening my computer and then accessing the files are worth it instead of getting malware onto your PC because a friend couldn't keep his PC clean and something got into the drive.

I didn't even install it since I have autorun disabled to begin with and I didn't feel like making sure that it didn't affect my settings.

"Originally AutoRun was called "AutoPlay" and designed as a convenience for end-users in Windows 95, allowing them to automatically install programs from a CD, DVD or USB stick after insertion."

DVDs did not exist when Windows 95 was released. The DVD-ROM spec was finalized in December 1995. Neither did USB. USB support was added in Windows 98/2000.

You are kidding right? Pr0n is what pays the rent in some Mom and Pop operations.

After the scan gets to 100 different viruses or 1000 instances of the same virus, whichever comes first, call the customer. Let them know we won't warranty anything unless we Wipe and Reload. Yes, we will backup all your J-Pegs, at $65 a CD or $150 a DVD. Well yes you can take it home and do it yourself but we'll have to charge you again when you bring it in for the W&R.

(Most opt to forgo the backup, go out and get more porn and the cycle starts again. >:-D )

use kaspersky and you WILL have a security problem if you believe it protects you.

"And it would be odd to refer to AutoRun as a vulnerability."
Makes me want to laugh so hard I'd cry... Pure arrogance and stupidity in my opinion. Ever since the destructive capability of autorun became apparent, the US CERT highlighted it as a severe security risk, and it is. Anyone who uses USB drives on public computers and then inserts it into their computer at home was carrying a death sentence for their home PC if they didn't have autorun disabled. Microsoft's autorun update is a decade late to say the least, but at least now users making the most of their old OS won't have to reformat as often. I suspect Microsoft refused to disable autorun simply because it created a market for antivirus vendors.

The moral of the story is, always use protection, never know what those public PCs are carrying

I have disabled auto run already,but before I just checked the box to do nothing on insetion of any kind of media...I thought it should be up to the owner of the PC to decide what to do with autorun...

There was a power tools pack made by microsoft for winXP users that had an option to turn off auto-play/run, which I used for years. I never realized it was a security risk, I just hated the program because I don't want to do the same thing every time I insert media. Sometimes my CD is a sermon/speech that I don't want added to my library (or those silly Rosetta Stone discs that are rooted in there somewhere but I have yet to bother removing, but always manage to play when in random... but only when someone is near by). Some DVDs play better in VLC, others go to WMP, other times it is going to DVD decryptor, and yet other times I want to get at the data content and not the movie. And don't get me started on USB drives, they have a million uses, most of which require explorer, but some don't, and explorer is always up anyways so I don't need a menu to pop up asking if I want to open it!

Autorun is annoying anyways, so I disable it on new installs regardless of security impact (Group Policy Editor).

This wasn't the correct way to deal with that issue...........

Im not sure about dvd's i do remember they were announced to be on sale by end of 95 but didnt care. And um USB and IE 3.01 OR 4.01 (cant remember which) were added in 95 in revision C which was out before 98. Of course 98 did have native support from the getgo.

Exactly.

CYA on Microsoft's part if you ask me.

Just think how many lawsuits would be filed if Microsoft said something like, "We finally realized that AutoRun is a security problem, and it has seriously damaged some computers as well as taken hundreds of thousands of hours of time, cumulatively, from other users who had to clean or have cleaned their computers after encountering a malicious virus that exploited AutoRun."

Personally, I turned it off years ago. I find it a nuisance to have to respond to some dialog every time I stick a CD/DVD in my drive.

This was turned off a long time ago for me..

it was a race between the antivirus scanning the usb files and the trojan virus running automatically before it gets detected. and a lot of times the latter wins.

Now if they could only come up with a security patch to address blocking the most severe vulnerability - it's bundled and installed with so many other applications... a virus, known as Google.

I disabled WIndows years ago :-D
Now I don't worry about such things..

"CDs, DVD and USB drives with high-end security features will still AutoRun as before." = FAIL
And USB drives?
Why would you do that, it should be done too.
Because you can dress up a usb-stick to programmatically present itself as a USB drive.

Windows 95 did have usb support, if you had B or C versions of windows 95.

Hey, autorun don't kill pcs, viruses did. Most of the antiviruses today will scan and clean or block those nasty autorun infected files.

I always disabled the service; I knew the second day I had XP this feat would cause trouble!

Best autorun is either opening an explorer window, or do nothing at all!

This article is mis-leading.

First, Autorun was not changed by Microsoft this week. That is, nothing happened with automatic updates to Windows. The only change was that a patch from Aug 2009 was made an OPTIONAL update in Windows update. Without manual intervention, the patch is not installed.

Also, the patch only offers partial protection. USB devices can and do present themselves to Windows as CDs and thus AutoRun is enabled on them.

For more see
http://blogs.computerworld.com/178 [...] d_is_right

Ummmm....you are in the wrong story.

Auto-run - When you insert a CD, DVD or USB device, Windows won't try to automatically run whatever it on the device.

Has nothing to do with Automatic UPDATING/Windows Update.

No it wouldn't.

Configuring Programs That Run Automatically

An extremely common performance problem occurs when Windows automatically loads an excessive number of programs at startup. The result, especially on systems with minimal memory, is unpleasant: Startup takes unnecessarily long, applications that you never use steal memory from programs you use frequently, and the page file gets more of a workout than it should. Some programs, such as antivirus utilities, need to start up automatically. But in most cases you’re better served by running programs when you need them and closing them when they’re not needed.

Overcrowded startups are most common on computer systems sold in retail outlets, where Windows XP is preinstalled, along with a heaping helping of applications. In some cases, the bundled programs are welcome; but a free software program is no bargain if it takes up memory and you never use it. After purchasing a new PC, it’s always a good idea to look through the list of bundled software so that you can keep the programs you plan to use and discard the ones you don’t want or need. In previous versions, you could spot the symptoms of an overstuffed system by looking at the long line of icons in the notification area at the right of
the taskbar. Because Windows XP tidies these icons regularly, you might not realize that you have a problem on your system.

Tracking down programs that start automatically isn’t as easy as it sounds. A program can be configured to run at startup by any of the following methods:

● Startup folder (User) The %UserProfile%\Start Menu\Programs\Startup folder contains shortcuts that run when a specific user account logs on.

● Startup folder (Common) Shortcuts in the %AllUsersProfile%\Start Menu\
Programs\Startup folder run automatically whenever any user logs on.

● Run key (Machine) Programs listed in the registry’s HKLM\Software\ Microsoft\Windows\CurrentVersion\Run key are available to all users.

● Run key (User) Programs listed in the HKCU\Software\Microsoft\Windows\
CurrentVersion\Run registry key run when the current user logs on. A similar subkey, HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Run, may also be used.

● Load value Programs listed in the Load value of the registry key HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows run when any user logs on.

● Scheduled Tasks folders You can use Scheduled Tasks to specify per-user tasks that run at startup. In addition, an administrator can set up startup tasks for your user account; by default such tasks are listed only in the administrator’s Scheduled Tasks folder, not your own. Other users can also schedule tasks that run when you log on; these tasks run as background processes only.

● Win.ini Programs written for 16-bit Windows versions may add commands to the Load= and Run= lines in the [Windows] section of this startup file located in %SystemRoot%, a legacy of the Windows 3.1 era.

● RunOnce and RunOnceEx keys This group of registry keys identifies programs that run once and only once at startup. These keys may be assigned to a specific user account or to the machine.

■ HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
■ HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
■ HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
■ HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

● RunServices and RunServicesOnce keys As the names suggest, these rarely used keys can control automatic startup of services. They may be assigned to a specific user account or to a computer.

● Winlogon key The Winlogon key controls actions that occur when you log on to a computer running Windows XP. Most of these actions are under the control of the operating system, but you can also add custom actions here; if you set up automatic logon using the Windows XP version of Tweak UI, for instance, your saved settings are stored here.

The HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
Winlogon\Userinit and HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
Winlogon\Shell subkeys can automatically launch programs.

● Group Policy The Group Policy console includes two policies called Run These Programs At User Logon that specify a list of programs to be run whenever any user logs on.

● Policies\Explorer\Run keys Using policies to specify startup programs, as described in the previous paragraph, creates corresponding values in either of two registry keys:

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run or
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run.

It is possible for a legitimate program or rogue process to create or modify these registry values directly—that is, without using the Group Policy object. Note that disabling the Run These Programs At User Logon policies in Group Policy Editor does not prevent Windows from launching the items listed in the Policies\Explorer\Run registry keys.

● BootExecute value By default, the multi-string BootExecute value of the registry key HKLM\System\CurrentControlSet\Control\Session Manager is set to autocheck autochk *. This value causes Windows, at startup, to check the file-system integrity of your hard disks if your system has been shut down abnormally. It is possible for other programs or processes to add themselves to this registry value. (Note: Microsoft warns against deleting the default BootExecute value. For information about what to do if your system hangs while Autocheck is running, see Microsoft Knowledge Base article
151376, “How to Disable Autochk If It Stops Responding During Reboot.”)

● Shell service objects Windows loads a number of helper dynamic-link libraries (DLLs) to add capabilities to the Windows shell. The list of authorized objects includes a DLL to create the CD Burning folder, for instance, as well as another that permits Internet Explorer to check Web sites for updates. Writers of viruses and Trojan horse
programs have also discovered the HKLM\SOFTWARE\Microsoft\Windows\
CurrentVersion\ShellServiceObjectDelayLoad key, however, and some have used this location to surreptitiously start up unauthorized software.

● Logon scripts Logon scripts, which run automatically at startup, can open other programs. Logon scripts are specified in Group Policy in Computer Configuration\Windows Settings\Scripts and User Configuration\Windows Settings\Scripts (Logon/
Logoff).

Windows XP includes a System Configuration Utility, Msconfig.exe, which allows you to see most of the programs that run at startup. Although it resembles the Windows 98/Me utility of the same name, it adds important features not found in those operating systems. For anyone upgrading to Windows XP from Windows 2000, this utility is a completely new
addition. To start the System Configuration Utility, type msconfig in the Run dialog box and press Enter.

I hope this helps out the Poweruser as it did for me, still reading Windows XP inside out 2th Edition 8 Chapters left the information came from Chapter 10 page 446, 447, 448.

Yeah I know the book is old but so much of it exists in windows 7 witch I'll be getting every soon!

PhoneyVirus