In addition to releasing a large number of security updates on Tuesday,Microsoft released an important change to the behavior of Windows XP and Windows Vista. Windows will not run or offer to run programs automatically off of USB media, both flash keys and hard disks.
This feature goes all the way back to Windows 95, which automatically played music CDs and ran programs on CD-ROMs. This was called AutoPlay and has evolved into a broader set of features AutoRun. The feature has turned into a big security problem on USB media.
Malware programs these days typically search for USB-based storage and write themselves to it. When the key or hard disk is inserted into a new computer, the AutoRun menu offers to run the malware which is disguised as something to entice the user.
This malicious use has become so common that Microsoft is disabling it by default. Users who apply the update will still see an AutoRun menu when they plug in a key, but it will not have any options for running programs off of the device. This is the behavior that Windows 7 has had from its release. Certain high-end, security-hardened USB keys will still have the old behavior, as will CDs and DVDs.
The update is not labeled as a security update but it is rated "Important," so users with the recommended settings for Windows Update will have it installed automatically. If you want to re-enable the feature, Microsoft has also created a Fix It to turn it back on.
0Awesome Comments!