nicatronTg Posted April 28, 2009 Posted April 28, 2009 Microsoft's security team plans to retire a much-abused feature in its Windows operating system that uses flash drives and other removable media to spread malware. Beginning with Release Candidate 1 of Windows 7, the operating system will no longer display AutoRun when most removable media is connected. Up to now, the feature has automatically opened a window each time a drive is connected that presents a list of tasks the user can instruct Windows to carry out. Malware purveyors have long manipulated the feature to display options that say things like "open folder to view files" but install malware when clicked instead. http://www.theregister.co.uk/2009/04/28/mi...etires_autorun/ Looks like this is the end of USB hacks. According to the article, after they retire it in Windows 7 RC1, it will then be applied to XP and Vista. Quote
WhollyMindless Posted April 29, 2009 Posted April 29, 2009 But how is Sony going to deliver their rootkits?? Quote
Freyar Posted April 29, 2009 Posted April 29, 2009 They will inject it into your bloodstream by forcing you to deal with even more wrap-rage. Quote
dr0p Posted April 29, 2009 Posted April 29, 2009 Took them long enough, it's been a huge security flaw forever, will be nice no longer having to be paranoid about who sticks their drive into my computer. Quote
FireTime Posted April 29, 2009 Posted April 29, 2009 "...paranoid about who sticks their drive into my computer." thats what... never mind. Glad they are finally removing this security flaw. (I'm just glad i was around when it first originated, and got to use it for evi... GOOD!) Quote
ADM1NX Posted April 29, 2009 Posted April 29, 2009 good riddance. i'm tired of that shit popping up asking me if i want to use windows media player. it's a fucking nuisance and i won't miss it Quote
Whedgit Posted April 29, 2009 Posted April 29, 2009 this is going to be good from a security standpoint. make it harder to steal someone's credit card info or passwords but then again, i wont be able to mess with my friends anymore :( Quote
FireTime Posted April 29, 2009 Posted April 29, 2009 You can always walk up to their computer and hold the windows key and begin tapping F1. Thats still my favorite way to mess with people on computers. (only works on XP) Brings back memories of high school. Quote
DingleBerries Posted April 29, 2009 Posted April 29, 2009 Still wont stop boot hijack. Long live physical access! Quote
h3%5kr3w Posted April 29, 2009 Posted April 29, 2009 Still wont stop boot hijack. Long live physical access! w00t! @first when I read this I thought of msconfig... silly me. Quote
shonen Posted April 29, 2009 Posted April 29, 2009 lol it only took em a few variants of conficker to wisen up, I am with adminx and am glad to see the back of this annoying feature. It now saves me time on disabling this feature after a fresh nuking. Quote
SomethingToChatWith Posted April 29, 2009 Posted April 29, 2009 Took them long enough, it's been a huge security flaw forever, will be nice no longer having to be paranoid about who sticks their drive into my computer. After seeing some of the things a person can exploit using autorun why even have it enabled? I've disabled it on all of my computers, not that I let anyone else use them anyway... I'm for it. But its going to be a pain to train non technical savy people to go to computer to access thier devices. Most of the people I know panic when they plug in thier device and don't see the autorun show up or the folder to thier device automatically open. IT's going to have a lot of support calls on this one lol. But seriously though, yay for MS for finally doing something right for a change :) Hmmm... Looks like this is the end of USB hacks. According to the article, after they retire it in Windows 7 RC1, it will then be applied to XP and Vista. From the article: A fair number of today's flash drives, including those made by U3, will continue to evoke an AutoRun popup window upon connecting to Windows. That's because Windows sees the devices as a CD or DVD drive and Microsoft will continue to display AutoRun when such optical drives are attached. Appears as if U3 hacks well continue to work :) Quote
VaKo Posted April 30, 2009 Posted April 30, 2009 Its like I've been saying for a while now, W7 will be the best OS Microsoft has released. Quote
shonen Posted April 30, 2009 Posted April 30, 2009 it will be the best windows release thus far due to the fact they are actually listening to people for a fucking change! As for the auto run on optical media they should piss that off as well, it annoys me! Quote
silentknight329 Posted May 1, 2009 Posted May 1, 2009 i actually found the auto run feature very useful... and no one near me knows how to usb hack.. so i'm perfectly safe... Quote
psydT0ne Posted May 1, 2009 Posted May 1, 2009 and no one near me knows how to usb hack.. so i'm perfectly safe... or just perfectly naive... Quote
TheHermit Posted May 1, 2009 Posted May 1, 2009 whilst i can appreciate that people over the age of 60 or complete technophobes may find the Autorun feature handy. i for one will not miss it. when i plug my usb HUB in for my 4 or 5 external drives it is most annoying to have windows scan them all at the same time just to give me a pop up asking me what i want to do. the other thing that annoys me. not sure if it is part of the same sytem or not. If i have WMP open when i plug a drive in. it switches whatever i am watching from the now playing tab to the library tab then asks me what i want to do with it Quote
Bit Hunter Posted May 1, 2009 Posted May 1, 2009 It was bound to happen sooner of latter, although Autoplay is still there (if i remember it right). Quote
foo Posted May 1, 2009 Posted May 1, 2009 it will be the best windows release thus far due to the fact they are actually listening to people for a fucking change! As for the auto run on optical media they should piss that off as well, it annoys me! Agreed...well said. Quote
VaKo Posted May 1, 2009 Posted May 1, 2009 I can see W7 putting a spanner in the works for the likes of Ubuntu myself. With the Longhorn/Vista debacle linux managed to gain serious ground but if W7 is good its going to be a lot harder to persuade non-geeks to try alternatives with the usual arguments. Quote
IOSys Posted May 1, 2009 Posted May 1, 2009 There's only 2 problems with this : 1 : It's not true ! because : But how is Sony going to deliver their rootkits?? -------------------- Quote : Wholly Mindless therefore : CD or DVD drive and Microsoft will continue to display AutoRun when such optical drives are attached. (and that includes U3 drives, you think M$ bought in on that for fun ?) 2 : None of you guys actually read the article, did you ? Besides, everybody seems totally obsessed with the "autorun"-part and are totally missing the actual point of "USB-hacks" .. that you can run anything you want on nearly ALL windows-boxes no matter what is installed and that physical access means pwnage .. btw : For those of you who find autorun a useful feature on your own computers (I do), there is a quite safe way to do it and it's even free : USB Drive Letter Manager www.uwe-sieber.de/usbdlm_e.html Quote
digip Posted May 1, 2009 Posted May 1, 2009 A fair number of today's flash drives, including those made by U3, will continue to evoke an AutoRun popup window upon connecting to Windows. That's because Windows sees the devices as a CD or DVD drive and Microsoft will continue to display AutoRun when such optical drives are attached. This is an easy option though, where you can go into the registry and even group policy and turn off Auto-run on ALL drives. I have mine set to turn off autorun for all drives, but physical access negates any security feature, because you can still just open the drive and run whatever you want, so long as it doens't set off your anti-virus software. Physical access is the end game anyway, but turning off auto-run at least somewhat protects if you are say in a cafe, someone can't walk over and run somehting if you walk a way. They wouldn't have enough time to do much else in a public setting, other than walk off with your laptop, and at that point, its game over anyway. Quote
redxine Posted May 2, 2009 Posted May 2, 2009 CD or DVD drive and Microsoft will continue to display AutoRun when such optical drives are attached. So now all you have to do is burn the rootkit along with some torrent your friend has been begging you for. "Who wants a copy of $MOVIE || $SOFTWARE?" Quote
SomethingToChatWith Posted May 10, 2009 Posted May 10, 2009 Ok I did a little searching on the topic. Autoplay/autoruns not going away, its just that they've changed its behavior. See here under the section entitled: "Improvements to AutoPlay". Basically to sum it up here, unless whats been inserted is optical media you well still get an autorun/autoplay prompt, but only the installed default actions of the system well be displayed to you. Unfortunately, they're keeping it the way it is for optical media due to user habit of expecting the installer for their software or their dvd to start playing immediately when they insert a disc into their systems. Regardless its still exciting to know you wont haft to worry about somebody's latest usb infection unless these u3 drives and what have you become more popular. They already are I suppose, but its going to only get worse. Really we need to start training users to manually find the installers on thier discs or launch thier favorites movies with the programs they want to play them in, so MS can put an end to autorun/autoplay for good regardless of what type of storage device it is. Quote
Darkmist! Posted May 11, 2009 Posted May 11, 2009 After seeing some of the things a person can exploit using autorun why even have it enabled? I've disabled it on all of my computers, not that I let anyone else use them anyway... I'm for it. But its going to be a pain to train non technical savy people to go to computer to access thier devices. Most of the people I know panic when they plug in thier device and don't see the autorun show up or the folder to thier device automatically open. IT's going to have a lot of support calls on this one lol. But seriously though, yay for MS for finally doing something right for a change :) Hmmm... From the article: Appears as if U3 hacks well continue to work :) yay! i deal with customers all the time that turn off updates because its annoying for them. in fact i have to turn on updates for id say oh about 85% or more customers PCs. so we will still get to pwn people Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.