The famous Autorun feature in Windows has made life easier for many people at the same time being a boon to hackers and virus creators. Good or bad but Microsoft has decided to put an end to the Autorun feature in Windows and will soon be releasing an update that will kill this feature.
Microsoft sees Autorun as a feature and not a security hole, although it has been exploited by virus creators for years. Microsoft thus doesn’t like to call the update a “Security Update” but rather an “Important-Non Security” update. But nonetheless, this update will stop the possibilities of exploiting Autorun with a USB drive.
The Autorun feature lets programs input commands without user authorization via the Autorun.inf files. The Autorun feature is prevalent even in Windows 7 and Microsoft hadn’t seen it as much of a concern until lately. Windows 7 for sure has better security system than Windows XP and is somewhat immune to Autorun Exploits. But Windows XP users are 10 times more vulnerable to Autorun Exploits.
The Autorun feature has been in existence since the days of Windows 95. Since then, Autorun has been a major concern for Security Gurus. Microsoft’s Adam Shostack says in a blog entry that it isn’t possible to obtain data on the number of attacks caused by Autorun feature but he says that a sizeable number of malwares exploit it for propagation through computers.
Microsoft had brought forth an update in 2009 Microsoft had made some improvements in Autoplay for Windows 7 that disabled certain functionalities that were exploited by malwares and also released updates to backport the changes to older operating systems. But with this new update, the Autorun feature will be totally put to an end. Lets see if this update enhances security for systems running Windows.