Microsoft Enables Autorun Disabling

It’s time for good news, for once. A “non-security” update was released by Microsoft this week, which patches a bug in the disk autorun feature.

In traditional Microsoft fashion, the update is described as not security-related , even though the bug in question happens to be one of the reasons the Conficker virus is still spreading. Indeed, the problem is that in some instances, even if the registry is set to disable autorun, the system still autoruns stuff on mounted network drives.

Without a doubt, the millions (estimate pulled from thin air) of people owning systems infected by Conficker/Downadup variants will rejoice knowing there is now one less way for their malware-ridden computers to infect others’.

The recent Downadup epidemic notwithstanding, autorun has been an enabler
for countless e-threats over the years, mostly of the file infector variety, but also for backdoors and other assorted malware such as the infamous Sony rootkit. Perhaps it is time to patch it out of existence altogether?

UPDATE:

The patch has been first pushed out the door in May 2008 by Microsoft, but was optional and was not published via auto-update (i.e. you had to know it existed to apply it).