Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Kills AutoRun In Windows

Posted by samzenpus on from the so-long-farewell-aufedersein-goodbys dept.

aesoteric writes "Microsoft has finally decided to push out an update to disable AutoRun in its XP operating system, a Windows feature that had been increasingly exploited by virus writers over the years. But because Microsoft still sees AutoRun as a feature and not a security hole, it isn't calling its Windows Update a "security update" but rather an "Important, non-security update" — but it effectively disables the AutoRun feature anyway."

8 of 340 comments (clear)

  1. Should have never been there. by olsmeister · · Score: 4, Insightful

    If you do not know how to start a piece of software running, or cannot follow some simple directions to do so, you really have no business using a computer in the first place.

    1. Re:Should have never been there. by haruchai · · Score: 5, Insightful

      You've never worked a helpdesk, have you?

      --
      Pain is merely failure leaving the body
    2. Re:Should have never been there. by LordNimon · · Score: 5, Insightful

      Betty Crocker has a FAQ on all the ways you can screw up cooking Hamburger Helper. Would you say the people who need the help have no business eating?

      No, I would say they have no business cooking.

      --
      And the men who hold high places must be the ones who start
      To mold a new reality... closer to the heart
    3. Re:Should have never been there. by Junior+J.+Junior+III · · Score: 4, Insightful

      I'd wager he has.

      --
      You see? You see? Your stupid minds! Stupid! Stupid!
  2. Re:Option? by stonewallred · · Score: 4, Insightful

    One of the most annoying things about Windows. Hiding the file extension by default.

  3. Re:How does autorun get you a virus? by pz · · Score: 4, Insightful

    Or an infected CD-ROM or DVD, etc. Or the infected ISO you downloaded and mounted as a drive. Or the network drive that was just mounted. Or your MP3 player mounted in UMS mode. Or an infected external drive. Or a CF or SD/SDHC card mounted through a USB adapter. Or ...

    You get the picture. Auto-Run was a bad idea. I'm glad they disabled it.

    --

    Put my fist through my alarm clock with its ding-dong death inside my ear. - The Blackjacks.
  4. AutoRun was always broken by scdeimos · · Score: 5, Insightful

    Given that PKI (Public Key Infrastructure) has been around longer than Internet Explorer, I could never understand why autorun.inf files weren't signed. Didn't Microsoft learn from all the problems induced by autorun-like behaviours on Amiga and Macintosh?

    Up until about MacOS 8 (I think) the Finder used to automatically execute .CODE resources in files on disk/HDD/CD whenever a new disc came online which is how most Mac viruses got propagated.

  5. Re:Option? by Hooya · · Score: 4, Insightful

    A file name lolcat.jpg.exe is a mighty tempting thing to double click on. Granted, the user is the vector. But then, the OS is not helping by making it easy to dupe people into thinking a file is an image vs an exe.

    even if the OS fingerprinted the file instead of relying on the extension, the above scenario doesn't change. the file contents never lied about what the file was. the name was just mis-represented and the OS helped dupe the user into thinking it was an image.