In the wake of the Conficker worm spreading via removable storage
devices among other methods, Microsoft said on Tuesday it is making a
change to the way Windows 7 handles USB drives.
As a result of the change, most USB drives will not be able to
automatically launch a program using a Windows feature known as
AutoRun, Microsoft said in a post on its Security Research & Defense Blog.
So, if an infected USB drive is inserted on a machine then the AutoRun task will not be displayed, Microsoft said.
Fixed removable media, such as CDs and DVDs will still be able to use
AutoRun. Also, some specialized "smart" USB flash drives such as those
containing U3 software will still be able to appear as DVD drives,
effectively allowing them to also use AutoRun, Microsoft cautioned.
The change will show up in the release candidate version of Windows 7 that is being released to developers this week and publicly on May 5.
Microsoft said it is planning on making the change available on
Windows Vista and Windows XP, as well.
Microsoft released an update for Windows AutoRun that allows people to
selectively disable the AutoRun functionality for drives on a system or
network to provide more security. The update addressed an issue that
prevented the NoDriveTypeAutoRun registry key from functioning as
expected. Disabling AutoRun functionality can help prevent the
execution of arbitrary code when a removable storage device is used.
The AutoRun functionality has been blamed for malware that has infected USB thumb drives, leading to a temporary ban on their use at the U.S. Defense Department, and digital photo frames, among other storage types.