Members
  • Total Members: 12809
  • Latest: Dorel
Stats
  • Total Posts: 28477
  • Total Topics: 8238
  • Online Today: 797
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)












Author Topic: Windows AutoRun gets a makeover to combat malware  (Read 2551 times)

0 Members and 1 Guest are viewing this topic.

georgecloner

  • SCF VIP Member
  • *****
  • Posts: 171
  • KARMA: 16
  • Gender: Male
Windows AutoRun gets a makeover to combat malware
« on: 29. April 2009., 17:35:02 »


In direct response to Conficker and an increased wave of malware attacks targeting the dangerous Windows AutoRun mechanism, Microsoft today announced significant changes to the way the operating system operates when USB drives are used.

The changes, detailed on Redmond’s Security Research & Defense blog, have been built into Windows 7 will be back-ported to Windows Vista and Windows XP in the near future.

Here’s a breakdown of the changes in Windows 7:

    * AutoPlay will no longer support the AutoRun functionality for non removable optical media. In other words, AutoPlay will still work for CD/DVDs but it will no longer work for USB drives. For example, if an infected USB drive is inserted on a machine then the AutoRun task will not be displayed. This will block the increasing social engineer threat highlighted in the SIR. The dialogs below highlight the difference that users will see after this change. Before the change, the malware is leveraging AutoRun to confuse the user. After the change, AutoRun will no longer work, so the AutoPlay options are safe.

    * A dialog change was done to clarify that the program being executed is running from external media.

There are images on the SR&D blog explaining the changes:

http://blogs.technet.com/srd/archive/2009/04/28/autorun-changes-in-windows-7.aspx

{ZDNet}
Creativity is a mental and social process involving the generation of new ideas or concepts, or new associations of the creative mind between existing ideas or concepts.

Samker's Computer Forum - SCforum.info

Windows AutoRun gets a makeover to combat malware
« on: 29. April 2009., 17:35:02 »




georgecloner

  • SCF VIP Member
  • *****
  • Posts: 171
  • KARMA: 16
  • Gender: Male
Re: Windows AutoRun gets a makeover to combat malware
« Reply #1 on: 29. April 2009., 17:40:25 »
Quote
will be back-ported to Windows Vista and Windows XP in the near future.

We hope we can get the update sooner!  :thumbsup:

This will be an additional support breakthrough from MS, eliminating (atleast) virus infection via Window's autorun feature from external devices like the USB.

It is never too late! Thanks MS!  :thumbsup:
Creativity is a mental and social process involving the generation of new ideas or concepts, or new associations of the creative mind between existing ideas or concepts.

Samker

  • SCF Administrator
  • *****
  • Posts: 7206
  • KARMA: 291
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum
Re: Windows AutoRun gets a makeover to combat malware
« Reply #2 on: 29. April 2009., 18:35:18 »
I agree, this will improve PC Security.

Karma Up for MS...  :up:

haz

  • SCF Advanced Member
  • ***
  • Posts: 117
  • KARMA: 26
  • Gender: Male
Re: Windows AutoRun gets a makeover to combat malware
« Reply #3 on: 30. April 2009., 08:55:54 »
OR you can totally turn-off the Auto-play feature in XP until a patch arrives, in the "run" type :
c:\windows\system32\gpedit.msc
In the left pane in the new window go to :
Computer Configuration - Administrative Templates - System   
Now in the right pane you will get a list of items, find the one called "Turn off Autoplay" , double click and set it to "Enable"
the difference here is that you will be able to shutdown the CD\DVD autoplay alone if you want :) but you have to select "All drives" for it to work on USBs too.
Thanks for the news :)

Samker

  • SCF Administrator
  • *****
  • Posts: 7206
  • KARMA: 291
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum
Re: Windows AutoRun gets a makeover to combat malware
« Reply #4 on: 30. April 2009., 13:44:22 »

Haz, thanks for detailed explanation...

Karma Up for you also  :up:

jake2pointzero

  • SCF Member
  • **
  • Posts: 53
  • KARMA: 6
Re: Windows AutoRun gets a makeover to combat malware
« Reply #5 on: 14. May 2009., 05:48:46 »
haz,

using the gpedit.msc is not enough, you need to run first the two security patch of Microsoft to take effect. These are the following:

1) kb950582    2)  kb967715

and also create a .reg file to add some registry entry. below is the sample:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]
@="@SYS:DoesNotExist"

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"HonorAutorunSetting"=dword:00000001
"NoDriveAutoRun"=dword:03ffffff
"NoDriveTypeAutoRun"=dword:000000ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"HonorAutorunSetting"=dword:00000001
"NoDriveAutoRun"=dword:03ffffff
"NoDriveTypeAutoRun"=dword:000000ff

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun"=dword:00000001

I hope this will help.

jake

sparksss

  • SCF Member
  • **
  • Posts: 11
  • KARMA: 1
Re: Windows AutoRun gets a makeover to combat malware
« Reply #6 on: 20. May 2009., 08:03:48 »
good news.
thanksss

 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.scforum.info:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising