Microsoft tightens Windows 7 security for USB drives

In the wake of the Conficker worm spreading via removable storage devices among other methods, Microsoft said on Tuesday it is making a change to the way Windows 7 handles USB drives.

As a result of the change, most USB drives will not be able to automatically launch a program using a Windows feature known as AutoRun, Microsoft said in a post on its Security Research & Defense Blog.

So, if an infected USB drive is inserted on a machine then the AutoRun task will not be displayed, Microsoft said.

Fixed removable media, such as CDs and DVDs will still be able to use AutoRun. Also, some specialized "smart" USB flash drives such as those containing U3 software will still be able to appear as DVD drives, effectively allowing them to also use AutoRun, Microsoft cautioned.

The change will show up in the release candidate version of Windows 7 that is being released to developers this week and publicly on May 5.

Microsoft said it is planning on making the change available on Windows Vista and Windows XP, as well.

In February, Microsoft released an update for Windows AutoRun that allows people to selectively disable the AutoRun functionality for drives on a system or network to provide more security. The update addressed an issue that prevented the NoDriveTypeAutoRun registry key from functioning as expected. Disabling AutoRun functionality can help prevent the execution of arbitrary code when a removable storage device is used.

The AutoRun functionality has been blamed for malware that has infected USB thumb drives, leading to a temporary ban on their use at the U.S. Defense Department, and digital photo frames, among other storage types.

Microsoft detailed additional security features in Windows 7 during the RSA security conference last week.

Before the change, the malware is leveraging AutoRun (box in red) to confuse the user.

(Credit: Microsoft)

After the change, AutoRun will no longer automatically launch when most USB drives are attached, so the AutoPlay options are safe.

(Credit: Microsoft)

[Lerianis3]

Considering that thing says in bold text "Install or Run Program" above that red box.... only an absolute idiot who was not watching what they were doing would be hit with this virus, to be blunt.

This is a case of the "PIBKAS": problem is between the keyboard and seat!

People need to stop blaming idiocy like this on Windows, and start putting some of the blame on the users for not looking at what in the world they are doing.

[The_Voice_of_Reason]

Considering what the options in that box *say*, I'm fairly certain even you could get bit by that one.
After all, do you pick 'Open folder to view files' or 'Open folder to view files' or 'Speed up my system'?

Here's the left-hand layout:
Group: Install or run program
- Option: Open folder to view files
Group: General options
- Option: Open folder to view files
- Option: Speed up my system

Here's the disturbing part of the caption under the right-hand image:
"...AutoRun will no longer automatically launch when *most* USB drives are attached..." (emphasis mine)

What do they mean by 'most'?

[SIGHUP]

Thats would be good news if they totally disabled autorun on all devices by default. The bad news is that micorosft will fix it by adding more annyoing popups asking what we want to do and then the popup "Are you sure?"

[jaximflash]

does windows 7 shut off the USB drive's light when it is ejected? In windows vista this feature (that was in XP) no longer worked. I hope in Windows 7 that they reinstate this feature.

[Hunnter2k3]

Well that will probably buckle a bunch of devices that carry all their program data on them.
Also, what's to stop a virus from installing the "special U3 software" too?

A simple permissions system is all that is needed. (with keys generated for trusted USB sticks)

If you can't disable this feature, i swear... It better be an option somewhere.

[ikramerica--2008]

AutoRun should never have been a feature to begin with on USB drives. It's caused all sorts of trouble. USB manufacturers forcing their crapware on users in the past, viruses showing up from the factory, etc.

[loose_screw]

Well, it's a step forward but the first thing I do on my Windows installs is to disable autoplay on all drives.

[slickuser]

After I install Windoze, for hours, I tweak settings like auto play etc.. Sometimes, one of my several usb sticks don't work because I've to install drivers and then it will prompt me for reboot etc. but its fine.

It is a user friendly OS...

[monkeyfun14]

Because Linux and OSX never need restarts after installing something?

And I've seldom had to restart my computer for anything but a video or sound card driver.

[kojacked]

It's sad that so many people are so stupid that we need this "security". This feels like the McDonnalds hot coffee lawsuit all over again (or avoidance thereof). No one want to be accountable for anything. That's gonna kill all of us.

I'm with you Lerianis3...

[TigaAyes]

Damned if they do, damned if they don't, thus goes the lot of any King Kong

It would seem that ikramerica--2008 would have MS assume that all people are bad, whilst kojacked would have MS assume that are people are clever

Put them together and what have you got -- MS should assume that all people are bankers -- bad enough to destroy a global financial architecture and clever enough to get the public to give them billions more to play with so they can do it again.

[TigaAyes]

@monkeyfun14 - many winda's installs that want to do restarts don't need to, you can often ignore the pleas to do so. The developers just chuck it in to pretend that they're doing something clever.

Of the ones that do require restarts, its often because the developers are using techniques that were originally developed for DOS and 16 bit Windows installs, most of which are not need in NT based winda's.

So its not winda's that necessitates all the restarts that we see during installs, its the developers big noting themselves and hanging on to arcane technologies - in other words it's job protection.

I downgraded a new Vista laptop to XP yesterday using Toshiba's XP recovery disks, I reckon it did a dozen or more restarts, fortunately it did not need any intervention, apart from one DVD change.

[oroset]

I think it's a positive step in the right direction.

Microsoft should do more to refine the user experience design, by looking at their OS from many different points of view.

It is easy, but flawed to adopt tunnel vision by designing a mass-consumer technology from the single perspective of a techie with the reflexes and vision of a 20 year old gamer/programmer -- who, btw, in their naive use-case, wouldn't dare to think about hacking their system.

My parents wouldn't know the sublte difference between the 2 "Open Folder to View Files" prompts, neither would many non-technically oriented people. It's not that non-techies are stupid; it's that other people have other priorities and areas of focus. Technology may be cool for people like me, but for other people, technology should just be a reliable tool, that either gets in the way or doesn't. This is the sort of the reality that consumer technology companies should deal with.

[uksamo]

It's a stupid idea to ban it, I use USB autorun all the time to load my TrueCrypt encrypted flash drive. I plug the stick in, wait for TrueCrypt to ask for my password, enter the password and my USB menu attaches to the system tray. It'll be frustrating to have to go to my computer, then the drive, then launch the app manually each time... err, perhaps if virus checkers and spyware checkers were kept up to date this scenario wouldn't have come about!!!

[abrahamnguyen]

Bravo Microsofts. C'est un bon idee

[alexanderpas]

now, if only microsoft would put the icon for the usb drive on the desktop.