Sign in with
Sign up | Sign in

Windows 7's New Autoplay Helps Stop Malware

By - Source: Tom's Hardware US | B 22 comments

All throughout April, the Conficker worm was one of the top things on the mind of those thinking about PC security.

While Conficker so far hasn’t caused any sort of PC outbreak, it does draw attention to the spread of malware across Windows machines. Like all malware, however, it requires actual user consent (or at least some form of action) for it to infect a system.

Windows 7 aims to protect users better by making a small change that should take away one way that malware sneaks onto Windows XP and Windows Vista – taking away AutoPlay options for removable non-optical media.

“While presenting an AutoRun task in AutoPlay has been available since Windows XP, we have seen a marked increase in the amount of malware that is using AutoRun as a potential method of propagation,” explained Arik Cohen, a program manager on the Core User Experience team. “According to the Security Intelligence Report, an enterprise study by Forefront Client Security found that the category of malware that can propagate via AutoRun accounted for 17.7% of infections in the second half of 2008 – the largest single category of malware infections.”

In Windows 7, freshly inserted USB drives, SD cards and other media (but not CD or DVD) will no longer have the “Install or run program” option available in AutoPlay.

It may seem like a small change, but after seeing the image below, we can see how easy it would be to accidentally click the wrong action.

The way Windows Vista does itThe way Windows Vista does itThe way Windows 7 does itThe way Windows 7 does it

Display 22 Comments.
This thread is closed for comments
  • 8 Hide
    Vettedude , April 28, 2009 11:19 PM
    I always just use the View files with Explorer. I hate that when I have music on my flash drive it says: Do you want windows to open this with iTunes, WMP, Windows Media Center etc. For me, this is more of a annoyance relief.
  • -3 Hide
    akoegle , April 29, 2009 12:05 AM
    disable auto run if it's that annoying. Whats annoying is people complaining about things that they don't understand.
  • 3 Hide
    SirCrono , April 29, 2009 12:06 AM
    It's a welocme change, I too prefer to open windows explorer to browse my files
  • 1 Hide
    Vettedude , April 29, 2009 12:25 AM
    akoegledisable auto run if it's that annoying. Whats annoying is people complaining about things that they don't understand.

    I love autorun. I just don't like that one section that will be gone with Windows 7. You shouldn't just cherry-pick my comment and deduce that I hate autorun. I said I hate the Install and run option.
  • 3 Hide
    Shadow703793 , April 29, 2009 1:07 AM
    I disable Autorun. I just open Explorer with Windows + E, much faster and less annoying imo esp. if you switch flash drives often.
  • 0 Hide
    jsloan , April 29, 2009 1:19 AM
    sounds great!
  • 3 Hide
    hemelskonijn , April 29, 2009 1:21 AM
    I for one do hate autorun and although i know i can turn it off i would prefer autorun to be off by default.

    Those who are able to turn it back on are probaly 1337 enough to handle the dangers like akoegle.

    (this is sarcasm autorun seriously is annoying in my personal opinion and i doubt its wrong to think to turn it of by default gives the user more control and protects the ignorants from the big bad evils)
  • -4 Hide
    brendano257 , April 29, 2009 1:59 AM
    I love how autorun in Vista doesn't even save your previous actions (even if you tell it to...?) and the fact that there isn't an option to do nothing, not one that you can save at least. Every time I plug in my iPod I get a pop-up asking me what I want to do, it's annoying to the point of stupidity because all I want is for it to do what it's supposed to (open in iTunes and just have Windows stfu about it.)

    I think general computer educations needs to become more widespread so we don't need stupid-user features questioning our every move...especially for those of us who know what we are doing, possibly more than Windows does....
  • 1 Hide
    seatrotter , April 29, 2009 3:46 AM
    "...taking away AutoPlay options for removable non-optical media."

    How about non-removable such as local drives and network drives? It is rare, if at all, for a local/network drivers to use the autorun feature, but it is enabled by default. I have seen how such an oversight have continually caused malware infection.

    I sometimes help around my parents' shop and one of the things I ensure is that ONLY optical drives are allowed the autorun feature (a small trade-off as opposed to completely disallow all drive types).
  • 2 Hide
    Anonymous , April 29, 2009 5:38 AM
    i usually use Ninja Pendisk to auto-delete the file autorun.inf when removable media is inserted. Much safer.

    Unfortunately, i have experienced my vista infected with virus by just opening windows explorer to view the files in my friend's removable usbdrive, even though the autorun has been disabled. Windows is not really safe...
  • 0 Hide
    vaskodogama , April 29, 2009 7:04 AM
    deadguysleeps... Windows is not really safe...

    no, viruses are more inteligent than windows! just a good security suit can solve the problems. and there are too many dumb people using this OS! so, in about 90% market share, that is normal I think!
  • -1 Hide
    fuser , April 29, 2009 7:06 AM
    deadguysleepsi usually use Ninja Pendisk to auto-delete the file autorun.inf when removable media is inserted. Much safer.Unfortunately, i have experienced my vista infected with virus by just opening windows explorer to view the files in my friend's removable usbdrive, even though the autorun has been disabled. Windows is not really safe...

    It sounds like your friend isn't safe.
  • -1 Hide
    shqtth , April 29, 2009 8:23 AM
    There should be an option to have it enabled/disabled on a device.

    WHat happens if in the future programs are sold on flash cards?

    Flash cards can work as a security device to prevent piracy if a security chip is hooked up to the io. example: SDIO (wifi on sd).....



    Also some usb drives rely on auto run, to run the decryption program to unlock the device.

    Or some usb devices such as a phone adapter, when hooked in the pc run their custom software to interact with the usb sound card to make pc to internet calls.


    So it is a needed feature for some devices.

    Maybe check if the device is read only media? (optical is read only)

  • 0 Hide
    shqtth , April 29, 2009 8:25 AM
    You know what a nice feature would be: Disable the low on disk space bubble/info window on a particular drive.

    I use an Gigabyte I-RAM 4GB for my pagefile and its always out of space, and that stupid warning comes up all the time.
  • 1 Hide
    eklipz330 , April 29, 2009 12:40 PM
    i hate this new format on toms, i liked it better with my avatar =[
  • 2 Hide
    Marcus Yam , April 29, 2009 1:10 PM
    eklipz330i hate this new format on toms, i liked it better with my avatar =[

    I'm with you on this one. If for no other reasons, avatars make it easier to identify the speaker and conversations, especially since our comments aren't threaded.
  • 1 Hide
    A Stoner , April 29, 2009 1:34 PM
    akoegledisable auto run if it's that annoying. Whats annoying is people complaining about things that they don't understand.

    So, let me get this straight. Your position is that only people who know everything about a subject have a good reason to complain about something such that it does not annoy you? What a crappy person you are.
  • 1 Hide
    Anonymous , April 29, 2009 2:24 PM
    If Windows knows the diference between "Open" a file and "Execute" a file, and if it knows how to show this diference clearly to the user, it will be much more safe.
    At least half the virus use this single (not so) little bug to infect systems all around.
  • 1 Hide
    rags_20 , April 29, 2009 3:00 PM
    MS is just desperate to sell more copies of their OS.
  • 2 Hide
    bounty , April 29, 2009 4:19 PM
    Well then what's the point of the UAC?
Display more comments