MISCELLANEOUS

Microsoft Enables Autorun Disabling

Gaping Security Hole Patched, Somewhat

It’s time for good news, for once. A “non-security” update was released by Microsoft this week, which patches a bug in the disk autorun feature.

In traditional Microsoft fashion, the update is described as not security-related , even though the bug in question happens to be one of the reasons the Conficker virus is still spreading. Indeed, the problem is that in some instances, even if the registry is set to disable autorun, the system still autoruns stuff on mounted network drives.

Without a doubt, the millions (estimate pulled from thin air) of people owning systems infected by Conficker/Downadup variants will rejoice knowing there is now one less way for their malware-ridden computers to infect others’.

The recent Downadup epidemic notwithstanding, autorun has been an enabler
for countless e-threats over the years, mostly of the file infector variety, but also for backdoors and other assorted malware such as the infamous Sony rootkit. Perhaps it is time to patch it out of existence altogether?

UPDATE:

The patch has been first pushed out the door in May 2008 by Microsoft, but was optional and was not published via auto-update (i.e. you had to know it existed to apply it).

 

About the author

Răzvan STOICA

Razvan Stoica is a journalist turned teacher turned publicist and
technology evangelist. When Bitdefender isn't paying him to bring complex subjects to wide audiences, he enjoys writing fiction, skiing and biking.

Razvan Stoica started off writing for a science monthly and was the chief
editor of a science fiction magazine for a short while before moving on to
the University of Medicine in Bucharest where he lectured on the English
language. Recruited by Bitdefender in 2004 to add zest to the company's
online presence, he has fulfilled a bevy of roles within the company since.

In his current position, he is primarily responsible for the communications and community-building efforts of the Bitdefender research and technology development arm.