6 responses to “Microsoft finally makes it possible to disable Autorun”

1. 

   Tim Sharp March 6th, 2009 at 08:13

   Woody-

   I’m running Vista Home Premium 64-bit and my daughter is a grad student. She often plugs a memory stick into my PC which has been on her laptop and has also been on the PC’s at her school and her instructor’s PC’s.

   Is this what you’re talking about here, and should I be worried and download this patch?

2. 

   woody March 6th, 2009 at 11:04

   Yep, that’s exactly what I’m talking about.

   Right now, Conficker is the high profile piece of malware that propagates this way, but I’ve even heard of people who get their camera SD cards returned from photo processing services with an infected Autorun.

   The easiest way to bypass all of it is to simply remember to hold down the Shift key when you stick anything into your computer. But if you can’t remember to do that all the time, follow Susan’s steps and get patched up.

3. 

   Tim Sharp March 7th, 2009 at 06:50

   Woody-

   Wow, I want to protect my PC because my daughter does plug in her memory stick which has been on a other PC’s at school.

   But, Susan’s procedures are way too deep for me as a novice user. I guess I’ll have to wait until someone writes a patch that does the work for me.

   Thanks anyway, and I’ll keep checking in to see if there are any new developments.

   Is there perhaps a virus scanning program I can buy that would check the memory stick for this worm before it’s allowed to get into my PC?

4. 

   woody March 7th, 2009 at 06:57

   Tim -

   Just remember to hold down the Shift key every time you put the USB stick in your PC. Easy.

5. 

   EP March 7th, 2009 at 10:33

   Better late than never for the release of the AutoRun patches for for Win2000/XP/2003 systems, I suppose.

6. 

   Sethness March 8th, 2009 at 00:13

   I agree that Autorun is a real problem. Any time you give the PC carte blanche to open up and run new software before it’s been scanned for viruses and malware, you’re just begging for trouble.

   However, MS’s response comes YEARS after a solution has already been available. If you’re comfortable with free add-on software like “XP-Antispy”, download and install it. ( http://www.xp-antispy.org ) It’s long been the easiest way to gain control of AutoRun and several other nasty / unwise / privacy-destroying “features” (koff-koff) of Windows XP. It gives you immediate on-off control over 20 or so of WinXP’s worst features:
   disable automatic downloads, allow uninstallation of Windows Media Player, disable error reporting (phoning home to MS), don’t autostart CDs, disable ActiveX, enable IE pop-up blocking, disable automatic installation of IE7, and so on.

   —
   On a similar note, in WinXP, it’s indefensible that in “My Computer” one can right-click on a USB or CD/DVD to carry out a virus scan of the new media (yay!), but the same option to scan for viruses does NOT appear (boo!) in the pop-up menu that appears when Windows senses the presence of a new USB stick, CD, DVD, or external hard disk. That pop-up menu asks “What shall we do with this device? Play, import photos, …?” but doesn’t ask if we should scan the new device for viruses. Worse, that pop-up menu can be hijacked and completely rewritten by applications such as ACDsee.