As every week, between Tuesday and Wednesday, all those who use Windows as the operating system on the computer receive automatic updates with security patches to cover the holes found. On this occasion, a rather important update was released that slightly changes the behavior of the computer.
On Windows XP, Vista, Windows Server 2003 and 2008 and all pre-Windows 7 systems, after updating, the Autorun will be eliminated forever .
Autorun is, indeed it was, a Windows feature that allowed the automatic execution of files on USB sticks, CDs, shared folders on the network and on any other device where the Autorun.inf file is present.
By automatically running software, autorun was exploited by viruses to replicate itself and infect as many computers as possible.
In the past, I also wrote an article that explained how to disable autorun on your computer to protect it from viruses on a USB stick.
The typical case of transmission of this virus is, for example: If my friend or colleague has to pass me a file via his USB stick that was previously connected to his virus infected computer, it is possible that, by inserting this USB stick in my computer, thanks to the automatic execution of the autorun, my PC will also become infected.
The update to correct this problem with Autorun on XP and Windows Vista was, in fact, available for some time (Microsoft Security Advisory 967940 of February 2009) but it could only be downloaded manually from the Microsoft site.
With today's automatic update, done through the Windows Update, the autorun is permanently disabled on all computers .
Windows 7 isn't affected by this change because it already has restrictions in place since its release.
The purpose of the update is to protect computers from attacks that involve the execution of malicious code that is automatically written by viruses in the autorun.inf file present on USB drives, external hard drives, network shares, or other CDs and DVDs if used as file archives.
Basically AutoPlay is blocked on all external devices, with the exception of CDs and DVDs which can hardly be burned with a virus inside.
As a consequence of this update, it will no longer happen that, after buying a USB stick, you see open the window that shows the automatic execution of the program it contains.
If there is any software inside the USB stick, it will have to be started manually and if you put your friend's USB stick in your computer there is no more risk of catching a virus .
Some USB drives may have internal firmware which leads them to be recognized by the computer as if they were DVDs; Autoplay with external hard drives or USB sticks of this type is not changed.
The update is only available if you have not already installed it manually.
More information can be read on the technet blog even if in English.
