Windows 7's New Autoplay Helps Stop Malware

News
By Marcus Yam
published

All throughout April, the Conficker worm was one of the top things on the mind of those thinking about PC security.

While Conficker so far hasn’t caused any sort of PC outbreak, it does draw attention to the spread of malware across Windows machines. Like all malware, however, it requires actual user consent (or at least some form of action) for it to infect a system.

Windows 7 aims to protect users better by making a small change that should take away one way that malware sneaks onto Windows XP and Windows Vista – taking away AutoPlay options for removable non-optical media.

“While presenting an AutoRun task in AutoPlay has been available since Windows XP, we have seen a marked increase in the amount of malware that is using AutoRun as a potential method of propagation,” explained Arik Cohen, a program manager on the Core User Experience team. “According to the Security Intelligence Report, an enterprise study by Forefront Client Security found that the category of malware that can propagate via AutoRun accounted for 17.7% of infections in the second half of 2008 – the largest single category of malware infections.”

In Windows 7, freshly inserted USB drives, SD cards and other media (but not CD or DVD) will no longer have the “Install or run program” option available in AutoPlay.

It may seem like a small change, but after seeing the image below, we can see how easy it would be to accidentally click the wrong action.

The way Windows Vista does it

The way Windows 7 does it
Marcus Yam
Marcus Yam
Marcus Yam served as Tom's Hardware News Director during 2008-2014. He entered tech media in the late 90s and fondly remembers the days when an overclocked Celeron 300A and Voodoo2 SLI comprised a gaming rig with the ultimate street cred.
22 Comments Comment from the forums
  • Vettedude
    I always just use the View files with Explorer. I hate that when I have music on my flash drive it says: Do you want windows to open this with iTunes, WMP, Windows Media Center etc. For me, this is more of a annoyance relief.
    Reply
  • akoegle
    disable auto run if it's that annoying. Whats annoying is people complaining about things that they don't understand.
    Reply
  • SirCrono
    It's a welocme change, I too prefer to open windows explorer to browse my files
    Reply
  • Vettedude
    akoegledisable auto run if it's that annoying. Whats annoying is people complaining about things that they don't understand.I love autorun. I just don't like that one section that will be gone with Windows 7. You shouldn't just cherry-pick my comment and deduce that I hate autorun. I said I hate the Install and run option.
    Reply
  • Shadow703793
    I disable Autorun. I just open Explorer with Windows + E, much faster and less annoying imo esp. if you switch flash drives often.
    Reply
  • jsloan
    sounds great!
    Reply
  • hemelskonijn
    I for one do hate autorun and although i know i can turn it off i would prefer autorun to be off by default.

    Those who are able to turn it back on are probaly 1337 enough to handle the dangers like akoegle.

    (this is sarcasm autorun seriously is annoying in my personal opinion and i doubt its wrong to think to turn it of by default gives the user more control and protects the ignorants from the big bad evils)
    Reply
  • brendano257
    I love how autorun in Vista doesn't even save your previous actions (even if you tell it to...?) and the fact that there isn't an option to do nothing, not one that you can save at least. Every time I plug in my iPod I get a pop-up asking me what I want to do, it's annoying to the point of stupidity because all I want is for it to do what it's supposed to (open in iTunes and just have Windows stfu about it.)

    I think general computer educations needs to become more widespread so we don't need stupid-user features questioning our every move...especially for those of us who know what we are doing, possibly more than Windows does....
    Reply
  • seatrotter
    "...taking away AutoPlay options for removable non-optical media."

    How about non-removable such as local drives and network drives? It is rare, if at all, for a local/network drivers to use the autorun feature, but it is enabled by default. I have seen how such an oversight have continually caused malware infection.

    I sometimes help around my parents' shop and one of the things I ensure is that ONLY optical drives are allowed the autorun feature (a small trade-off as opposed to completely disallow all drive types).
    Reply
  • i usually use Ninja Pendisk to auto-delete the file autorun.inf when removable media is inserted. Much safer.

    Unfortunately, i have experienced my vista infected with virus by just opening windows explorer to view the files in my friend's removable usbdrive, even though the autorun has been disabled. Windows is not really safe...
    Reply