Today, we’re announcing modifications in Windows that adapts to recent changes in the threat environment. Specifically, we’re announcing changes to the behavior in AutoPlay so that it will no longer enable an AutoRun task for devices that are not removable optical media (CD/DVD.). However, the AutoRun task will still be enabled for media like CD-ROM. There are more details on the change over at the Windows 7 blog as well as at the Security Research and Defense (SRD) blog.
Good! In an admittedly controversial move, we recommended this exact same thing months ago to combat the spread of Conficker, and made the change to several clients’ networks. At first, there was some grumblings because USB sticks and digital cameras did not automatically mount, but we were able to convince them of the added security benefits. I am pleased to see Microsoft doing the same thing by default.
What does this mean to end-users? Simply that if you want a certain program to run when you insert a USB stick, camera, or other storage device, you will need to tell your computer to do this. It sounds like a hassle, and it is indeed a small extra step you need to take. However, even Microsoft has finally admitted that it is a great benefit to your system’s security, and therefore should be applauded.