You are here

Microsoft to remove autorun from flashdrives in XP and Vista too

22 posts / 0 new
Last post
th3wildwolf
th3wildwolf's picture
Offline
Last seen: 13 years 4 months ago
Joined: 2007-11-02 14:40
Microsoft to remove autorun from flashdrives in XP and Vista too

Microsoft wants to remove autorun from flashdrives in vista and XP like they did in Windows 7 through an update.
Read more here:
http://keznews.com/6138_Vista_SP2_and_XP_SP3_Get_Windows_7s_AutoPlay-Aut...

Bruce Pascoe
Offline
Last seen: 12 years 2 months ago
Joined: 2006-01-15 16:14
...and?

I have to say, as much I hated this change when they first implemented it in the Windows 7 RC, I find it's not that huge a hassle just to hit "Open folder" and then double-click StartPortableApps.exe to get going (the AutoPlay window still pops up you know, it just doesn't include the option to run the menu directly anymore). Really, what's one extra click (two if you count closing the explorer window afterwards)? Usually once the menu is open you're going to leave it up until you're done anyway.

Also: I love the sensationalism in that article: "extreme measures"; "amputate the AutoPlay/AutoRun feature". Everyone complains about how Windows is so prone to viruses, yet the minute MS tries to lock something down those same people all cry foul. Hypocrites.

jamcomm
Offline
Last seen: 14 years 6 months ago
Joined: 2009-07-24 14:51
What? Security not important?

Seriously - you'd take rather the security risk of your OS running some arbitary software stored on the USB drive whenever any old USB drive is plugged in?!!

Having Windows prompt what it should do is the only sensible option without compromising system security.

Removing this may be a step backwards, but it's still better than just ''running'' whatever happens to be on the drive plugged in.

m-p-3
m-p-3's picture
Offline
Last seen: 3 months 3 weeks ago
Joined: 2006-06-17 21:25
Personally I think it would

Personally I think it would be better to introduce a whitelist system for the autorun.

If there could be a way to make sure that only user-defined files would autorun by selecting some specific files and their checksums (MD5, SHA-1) to avoid a modified file or a potential virus to be launched automatically, that could be a good alternative to disabling it completely.

RMB Fixed
Offline
Last seen: 14 years 2 months ago
Joined: 2006-10-24 10:30
USBDLM

You can use Volume Label, Device sr#, "keyfile" etc etc to whitelist
devices allowed to autorun . It also gives consistent drive-letter assignment
http://www.uwe-sieber.de/usbdlm_e.html#download

NathanJ79
NathanJ79's picture
Offline
Last seen: 4 years 1 month ago
Joined: 2007-07-31 15:07
Amateur vs. Pro

BruceEveryone complains about how Windows is so prone to viruses, yet the minute MS tries to lock something down those same people all cry foul. Hypocrites.

Not hypocritical.

Most techies worth their salt know that a big part of the reason that Windows is "not secure" is because it's the most widely used OS. It's got a big target on its proverbial chest. It doesn't help that most newbies use Windows (as opposed to Mac OS X, and especially Linux) so they're prone to make mistakes that compromise their system. Viruses aren't Microsoft's fault, they're hackers'.

On the other hand, advanced users do cry foul when a good option is removed entirely. Remove it by default and allow it to be re-enabled for those of us who know what we're doing. But no, Microsoft assumes are are all newbies.

jamcommSeriously - you'd take rather the security risk of your OS running some arbitary software stored on the USB drive whenever any old USB drive is plugged in?!!

No. I'd rather take what you call a security risk by running the PortableApps.com platform. What is the problem here? Are you accusing PortableApps.com of putting malware in the platform? Because that's mostly what we're talking about here. The impending inability to run the PortableApps.com Platform automatically. Not "some arbitrary software".

jamcommHaving Windows prompt what it should do is the only sensible option without compromising system security.

That's what it does now. That's what we want.

jamcommRemoving this may be a step backwards, but it's still better than just ''running'' whatever happens to be on the drive plugged in.

That only happens if you have it always do the selected action, and I'm not even sure you can anymore. Pretty sure they already cut that feature out, so stuff couldn't just automatically run.

Let me spell it out for you. Used to be, you plug in a flash drive, it comes up with a list of choices, and you can have it do the same thing every time. Now it just comes up with the list of choices. Soon, with this update, they'll remove the choice to run the PortableApps.com Platform. You'll still be able to browse the folder and start the program manually, but it's a couple extra clicks and an inconvenience which detracts from the convenient nature of flash drives.

m-p-3Personally I think it would be better to introduce a whitelist system for the autorun.

Yeah... but this is Microsoft we're talking about. They can't even do a game console right. (Not even talking about the RROD, actually I'm referring to the 2-3 weeks last year people got locked out of LIVE for getting the Dashboard update early.) Microsoft used to be really sharp. Now, not so much anymore.

Bruce Pascoe
Offline
Last seen: 12 years 2 months ago
Joined: 2006-01-15 16:14
Vista AutoPlay

Vista's AutoPlay does indeed prompt by default, however there is an option to set the selected action as default. I believe the same is true in Windows 7. So I can see how that can become a security risk--user has PortableApps device, selects Run as default action, then sometime down the road an infected device gets plugged in (perhaps even your own device--remember the fiasco with the viruses on brand-new iPods a couple years ago?) and the Run action gets executed by default, resulting in a virus infection.

I think JTH had the right idea: AutoPlay should be disabled for unsigned executables and allowed for signed executables. Most malware isn't digitally signed, and even if it is, the offending signature can easily be blacklisted by a Windows update.

listless
Offline
Last seen: 14 years 6 months ago
Joined: 2009-04-28 23:29
The problem is non PAP apps.

...not PA (OSI) certified applications, let's get this straight.

It's good MS are thinking decisively, this is what the platform needs more of

eg. things switched "off" by default so developers can make tools to help when switching back on.

RMB Fixed
Offline
Last seen: 14 years 2 months ago
Joined: 2006-10-24 10:30
...

Quote :
"Most techies worth their salt know that a big part of the reason that Windows is "not secure" is because it's the most widely used OS."

No, it's because microsoft have a crappy security-model. The argument that it's because windows is the most used OS is false : If the thing had a sane security-model to start with it wouldn't matter how many used it as viruses wouldn't be allowed to propagate on their own. For years m$ has had the users boot directly into the admin-account and that's why viruses and crap-ware have had a feast on windows-OS .

BuddhaChu
BuddhaChu's picture
Offline
Last seen: 7 years 5 months ago
Joined: 2006-11-18 10:26
The patches for XP and Vista have been released

http://www.computerworld.com/s/article/9138015/Microsoft_issues_XP_Vista...

http://support.microsoft.com/kb/971029

R.I.P. autorun/autoplay functionality for the PortableApps menu (i.e.: the autorun.inf file won't autoload anymore if you install the patch...which I assume most businesses IT departments will).

Cancer Survivors -- Remember the fight, celebrate the victory!
Help control the rugrat population -- have yourself spayed or neutered!

Pyromaniac
Pyromaniac's picture
Offline
Last seen: 8 years 11 months ago
Developer
Joined: 2008-09-30 19:18
Personally,

I think that every step that Microsoft takes to be more safe and secure turns out to be a pain. I mean EVERYTHING. I like Vista a lot (great step forward) but the constant popups are so nagging "to protect my PC" and it makes everything I do on XP take twice as long when I use Vista. Maybe Microsoft can make a special edition of Windows 7 called "Tech Edition" (for the lack of a better name) for those people that aren't paranoid that every second, they're going to get a virus (though, I don't think that many people are out there). It won't have any annoying warnings or anything like that.

___

And on a side note:

I hate those apple commercials with "Hi I'm a Mac. And I'm a PC". Apple always attacks Microsoft with stupid remarks.

For example, that new commercial, showing the customer and the top-of-the-line PC as that one guy from Gary Unmarried saying (something like) "Oh we got speed and everthing but every PC is gonna have a virus" And then that one girl DOESN'T EVEN BOTHER to ask a mac everything that she asked the PC. If that girl was really like how she was on the commercial, I'd tell her "THERE IS ANTIVIRUS SOFTWARE FOR YOUR PC!"

And that's my 2 cents (but in this economy, its probably worth a penny)

OliverK
OliverK's picture
Offline
Last seen: 2 years 9 months ago
Developer
Joined: 2007-03-27 15:21
I'm a retailer. Congrats,

I'm a retailer. Congrats, you're advice now costs a nickle Blum

Not to start a flame war, but a computer is a a computer is a computer. Neither Mac Nor Windows Nor Linux is invulnerable to viruses. Its just that Windows is more used, hence the proliferation of viruses.

Nothing Microsoft can do will stop the viruses. What does stop viruses is not being a idiot.

If you digged a whole roughly 8,000 miles deep (the diameter of the earth) and about 20 feet wide, and then developed a really good space suit that could withstand the pressure and heat and you jumped in the hole wearing it, what would happen?

I think anti grave would happen Biggrin

Too many lonely hearts in the real world
Too many bridges you can burn
Too many tables you can't turn
Don't wanna live my life in the real world

Pyromaniac
Pyromaniac's picture
Offline
Last seen: 8 years 11 months ago
Developer
Joined: 2008-09-30 19:18
But wouldn't you agree that

But wouldn't you agree that over half of the world would follow under the category of idiots?

___

I was also looking at your website...

TI 84 Programs... how did you get that "Page loaded in 0.000072 seconds!" i want to put that on my website.

and also, is that for the TI 84 emulator? or the actual thing? I just program my own, and I currently have 21 programs (not apps) that I made for formulas and such.

OliverK
OliverK's picture
Offline
Last seen: 2 years 9 months ago
Developer
Joined: 2007-03-27 15:21
Yeah, pretty much ---- Umm,

Yeah, pretty much Sad
----
Umm, not sure how I managed that. Its just a directory listing script I downloaded for Simplexity. The relevant files are here. Had to make a quick email search, but that's why I don't delete hardly anything/

The program is for the TI84. Though I imagine it would work in the emu as well.

Too many lonely hearts in the real world
Too many bridges you can burn
Too many tables you can't turn
Don't wanna live my life in the real world

RMB Fixed
Offline
Last seen: 14 years 2 months ago
Joined: 2006-10-24 10:30
..

"Its just that Windows is more used, hence the proliferation of viruses."
That is just plain wrong, the nix security-model is about 1003% better than
anything pre-vista with DEP, UAC and everything enabled and that is the main reason
for all the "viruses" on winblows and NONE that have managed to propagate themselves on *nix . The only virus known to be able to propagate itself on Linux requires the user to recompile the kernel, including the dirty code before it can even DO anything. There is a good reason why there is no such thing as "real-time AV protection" for Linux .

Anyway, for people who still want autorun on their home-machine, just install
Uwe Siebers USBDLM, it does what m$ apparently can't figure out how to do :
Only allows autorun of whitelisted drives, based on sr#, volume-ID or a bunch of other identifiers .
It also fixes the driveletter-mess for those who use multiple USB-devices .

RIP auto-infect, about bl#"dy time Smile

OliverK
OliverK's picture
Offline
Last seen: 2 years 9 months ago
Developer
Joined: 2007-03-27 15:21
"Its just that Windows is
"Its just that Windows is more used, hence the proliferation of viruses."

That is just plain wrong, the nix security-model is about 1003% better than
anything pre-vista with DEP, UAC and everything enabled and that is the main reason
for all the "viruses" on winblows and NONE that have managed to propagate themselves on *nix . The only virus known to be able to propagate itself on Linux requires the user to recompile the kernel, including the dirty code before it can even DO anything. There is a good reason why there is no such thing as "real-time AV protection" for Linux .

Both Mac and Linux have been used as zombie bots. Generally people on *nix platforms are more intelligent.
http://linux.slashdot.org/story/09/09/12/1413246/First-Botnet-of-Linux-W...
http://it.slashdot.org/story/09/02/17/1526244/Malware-Threat-To-GNOME-an...
http://it.slashdot.org/story/09/04/16/2327246/Zombie-Macs-Launch-DoS-Attack
Most of these are fairly recent. I suppose the GNOME\KDE is mitigated if you only use the command line, but still, I'm to poor even on windows to go CLI only.

The main reason they can't propagate on Linux is because they are the wrong binary type. Its like trying run a gasoline car on water, or spaghetti sauce. It ain't gonna happen.

What defends windows best is intelligent users. Same with Linux and same with Mac.

RIP auto-infect, about bl#"dy time Smiling

Amen.

Too many lonely hearts in the real world
Too many bridges you can burn
Too many tables you can't turn
Don't wanna live my life in the real world

ristof
Offline
Last seen: 14 years 5 months ago
Joined: 2009-09-13 22:39
quote: Its just that Windows

quote: Its just that Windows is more used, hence the proliferation of viruses.

I use Vista and love it but if it weren't for things like Clamwin, I'd be in serious trouble.

P.S. How do you quote in this forum?

Pyromaniac
Pyromaniac's picture
Offline
Last seen: 8 years 11 months ago
Developer
Joined: 2008-09-30 19:18
for some reason, this was

for some reason, this was posted twice. Can a mod please remove this commment?

Pyromaniac
Pyromaniac's picture
Offline
Last seen: 8 years 11 months ago
Developer
Joined: 2008-09-30 19:18
click the "more information

click the "more information about formatting options" link at the bottom of the post editor.

BuddhaChu
BuddhaChu's picture
Offline
Last seen: 7 years 5 months ago
Joined: 2006-11-18 10:26
oops

I'm sorry I bumped this thread with pertinent information and is now about viruses on Windows.

Ya win some, and ya lose some.

Cancer Survivors -- Remember the fight, celebrate the victory!
Help control the rugrat population -- have yourself spayed or neutered!

ceciliaFX
ceciliaFX's picture
Offline
Last seen: 3 weeks 2 days ago
Joined: 2007-04-24 14:18
I thought the info about Uwe

I thought the info about Uwe Siebers USBDLM - http://www.uwe-sieber.de/usbdlm_help_e.html - was useful

"No one man can terrorize a whole nation unless we are all his accomplices." - Edward R. Murrow

horusofoz
horusofoz's picture
Offline
Last seen: 6 months 3 weeks ago
Joined: 2008-04-03 22:45
PA.com AutoPlay?

Would the PA.com AutoPlay idea John was toyed with a while circumvent the disabled autorun? Naturally only for home and work pcs.

PortableApps.com Advocate

Log in or register to post comments