Microsoft is building a small but important change into Windows 7 to help slow the spread of malware.
According to Microsoft, the company is changing the way the AutoPlay feature operates to prevent it from enabling the AutoRun task for USB devices. The move, Microsoft officials said, was done in response to malware-most notably Conficker-taking advantage of the functionality to spread.
“The reason we’re making this change is that we’ve seen an increase, since the start of 2009, in malicious software abusing the current default AutoRun settings to propagate through removable media like USB devices,” blogged Christopher Budd, security response communications lead for Microsoft. “The best-known malicious software abusing AutoRun is Conficker, but it’s not alone in that regard: There is other malicious software that abuses this feature.”
The growth of malware spreading via USB devices was well-publicized in 2008. In fact, a report by Symantec (PDF) found that self-copying to removable media was among the most common means of malware propagation in the second half of 2007.
“Because we’ve seen such a marked increase in malicious software abusing AutoRun to propagate, we’ve decided that it makes sense to adjust the balance between security and usability around removable media,” Budd continued. “We’ve tried to be very measured in this adjustment to maximize both customer convenience and protection.”
With this change, Windows will no longer display the AutoRun task in the AutoPlay dialog except for removable optical media such as CDs and DVDs. The modification is slated for the Release Candidate build of Windows 7, but officials at Microsoft said they plan to also release an update in the future to fix the issue in Windows Vista and Windows XP as well.
The change is one of a number of security enhancements to Windows 7 Microsoft has already announced, including the Windows Biometric Framework and improvements to the BitLocker full-encryption solution first introduced in Vista. There are also improvements slated for UAC (User Account Control) to reduce user prompts.