Windows XP, Vista AutoRun update reduces malware infections by 82 percent

[Nytro]

Windows XP, Vista AutoRun update reduces malware infections by 82 percent

February's "backport" of the Windows 7 feature worked like a charm, says Microsoft

By Gregg Keizer | Computerworld

Microsoft today credited a February security update for lowering AutoRun-abusing malware infection rates on Windows XP and Vista by as much as 82 percent since the start of the year.

Four months ago, Microsoft offered XP and Vista users an optional update -- which was later changed to automatically download and install -- that disabled AutoRun.

[ Master your security with InfoWorld's interactive Security iGuide. | Stay up to date on the latest security developments with InfoWorld's Security Central newsletter. ]

Microsoft changed AutoRun's behavior in Windows 7 to block automatic execution of files on a USB drive. It first backported the modifications to Windows XP and Vista in 2009. Until February, however, users had to manually seek out the update.

With the update in place, flash drives inserted into a PC running XP or Vista no longer offer the option to run programs. AutoRun's extinction does not affect CDs or DVDs, however.

The move has paid off in spades, said Microsoft today.

"The infection rates for Windows XP and Vista went down ... pretty significantly, in fact," said Holly Stewart, a senior program manager with the MMPC (Microsoft Malware Protection Center), in a blog post Tuesday.

According to statistics compiled by the MMPC from data delivered by the Malicious Software Removal Tool (MSRT), a free utility that detects and deletes some attack code, infection rates of malware that spreads through AutoRun plummeted after the February update reached XP and Vista.

Since January 2011, the month before the AutoRun update shipped, infection rates of XP Service Pack 3 (SP3) -- the sole version still supported by Microsoft -- have dropped by 62 percent. Vista SP1's infection rate has fallen by 68% while Vista SP2's has plunged by 82 percent in the same period.

Microsoft will abandon support of Vista SP1 next month .

"That's a huge reduction," said Andrew Storms, director of security operations at nCircle Security. "Imagine if AutoRun was never invented."

Storms was talking about the fact that the Windows feature was abused by some of the highest-profile worms in the last two years, including Conficker and Stuxnet.

Microsoft credits a February update for XP and Vista for dramatically dropping infection rates of AutoRun-abusing malware.

The former relied on AutoRun -- among other propagation techniques -- to infect millions of PCs, while analysts believe the latter used AutoRun to infect Iranian computers associated with the country's uranium enrichment program.

Microsoft's Stewart also described an unanticipated side-effect of the update.

"What was unexpected, is that there appears to have been a residual effect ...a 'secondhand smoke' kind of effect on adjacent systems that were already protected with proactive defenses," said Stewart, citing Microsoft's own security products, including the free Security Essentials and the for-a-fee, enterprise-grade Forefront line. "The infection attempts on these computers also went down immediately after the update was released."

In an interview Tuesday, Jerry Bryant, a group manager with the MSRC (Microsoft Security Response Center), said that the decrease in infection attempts -- ones stymied by a Microsoft antivirus signature -- was due the AutoRun update preventing large numbers of primary infections.

"We attribute the overall decline in infections to fewer systems trying to propagate using AutoRun," said Bryant.

In February, Microsoft noted that the AutoRun update would break the functionality of some USB drives. "Users who install this update will no longer receive a setup message that prompts them to install programs that are delivered by USB flash drives. Users will have to manually install the software," Microsoft warned in a security advisory at the time.

The company has also published the "Enable Autorun" tool that customers can deploy to disable the update's changes and revert to Windows XP's and Vista's earlier behavior.

Sursa: Windows XP, Vista AutoRun update reduces malware infections by 82 percent | Security - InfoWorld

[wildchild]

Ce sa zic...update-ul asta este pentru incepatori.Userul experimentat ar intra direct in group policy editor (gpedit.msc) si ar dezactiva autorun-ul.

In plus, daca ai ales din folder optiunea sa poti vedea fisierele ascunse, iti sare in ochi cand intrii pe un suport extern fisierul autorun.ini sau foldere ascunse aditionale.

Destul de tarziu s-a trezit microsoft sa rezolve problema aceasta.Tipic!