Microsoft shuts down malware-friendly Autorun

Microsoft has finally disabled the feature in older Windows versions that helped spread worms like Conficker

Microsoft has, at long last, put the brakes on the notoriously exploitable Autorun feature found in older versions of Windows. Arguably synonymous with "autoinfect," the Autorun feature is directly responsible for helping propagate worms by giving bad guys a way to easily spread malware via USB devices.

Autorun works by automatically executing code embedded in autorun.inf files on USB devices and other portable media. The change to Autorun, pushed out Tuesday among an array of security patches, disables Autorun via Windows Upate. Disabling the feature previously required manually tweaking the registry or applying a roundabout fix.

The update affects Windows Server 2008 and pre-Windows 7 versions of the desktop OS. Windows 7 comes with Autorun pre-disabled.

Importantly, the change does not affect the behavior of autoplay, which automatically executes the code on CDs and DVDs. Microsoft offer website guidance on its on how to disable that feature.

This story, "Microsoft shuts down malware-friendly Autorun," was originally published at InfoWorld.com. Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest business technology news, follow InfoWorld.com on Twitter.

Copyright © 2011 IDG Communications, Inc.

How to choose a low-code development platform