As you may have noticed, we get a lot of talk from users here on PortableApps.com wondering why they get this box popping up when they plug their USB drives into the computer. The users simply expect the menu to come up without having to do anything else. As they say, if U3 can do it, why can't we?
The reason behind autorun being disabled is an extremely valid one: security. Some users argue that simply autorunning a piece of software can't do anything bad to their system. Well, let's take a look at a type of virus that has been around for quite a while: the boot sector virus.
The boot sector virus is a particularly nasty virus, in that simply having an infected floppy disk in the computer at startup will cause your computer to be infected. The virus infects the computer by relying on the fact that at startup, a floppy disk drive is usually higher in the boot order and therefore will be run. This virus can damage your computer extensively as it affects the boot sectors and can cause the system to fail to recognise hard drives or delete data from partitions.
The boot sector virus especially relates to autorun from portable devices, as the protections against autorunning were put in place to stop this happening. If the protection against this was not in place, viruses could begin infecting computers as soon as a device is connected to a system. However, CDs still had autorun enabled on most systems, as these were impossible for viruses to infect with a CD-R. And thus, all was well...
...until U3 came along. U3 knew that there was no way for a USB device to have autorun capacity for security reasons, so they deliberately exploited the fact that CDs still had autorun enabled. Using this knowledge, they created hardware to fake a CD partition on their drives. This supposedly unwritable partition was safe enough to be run, as it contained software directly from the manufacturer on an unwritable partition of the drive. As we later found out, this CD partition is actually writable and can be written to easily. (Note: PortableApps.com and myself take no responsibility for the content of links)
In these hacks, the fact that U3 fakes a CD drive is exploited to allow code to run without explicit user permission. It is for this reason and others that CD autorun should not be allowed. The way U3 handles autorun is also bad form, as it tricks the system.
Our software here at PortableApps.com is just that: software. We don't exploit system weaknesses such as this, as 1) it's impossible without hardward modifications; and 2) it would be bad form to do so. I hope this cleared up exactly why U3 autorun works without a dialog and why it's not a good idea.