Microsoft tightens Windows 7 security for USB drives

Windows 7 won't automatically launch programs using AutoRun when USB drives are inserted, the company says.

In the wake of the Conficker worm spreading via removable storage devices among other methods, Microsoft said on Tuesday it is making a change to the way Windows 7 handles USB drives.

As a result of the change, most USB drives will not be able to automatically launch a program using a Windows feature known as AutoRun, Microsoft said in a post on its Security Research & Defense Blog.

So, if an infected USB drive is inserted on a machine then the AutoRun task will not be displayed, Microsoft said.

Fixed removable media, such as CDs and DVDs will still be able to use AutoRun. Also, some specialized "smart" USB flash drives such as those containing U3 software will still be able to appear as DVD drives, effectively allowing them to also use AutoRun, Microsoft cautioned.

The change will show up in the release candidate version of Windows 7 that is being released to developers this week and publicly on May 5 .

Microsoft said it is planning on making the change available on Windows Vista and Windows XP, as well.

In February , Microsoft released an update for Windows AutoRun that allows people to selectively disable the AutoRun functionality for drives on a system or network to provide more security. The update addressed an issue that prevented the NoDriveTypeAutoRun registry key from functioning as expected. Disabling AutoRun functionality can help prevent the execution of arbitrary code when a removable storage device is used.

The AutoRun functionality has been blamed for malware that has infected USB thumb drives, leading to a temporary ban on their use at the U.S. Defense Department , and digital photo frames , among other storage types.

Microsoft detailed additional security features in Windows 7 during the RSA security conference last week .

Before the change, the malware is leveraging AutoRun (box in red) to confuse the user. Microsoft
After the change, AutoRun will no longer automatically launch when most USB drives are attached, so the AutoPlay options are safe. Microsoft

About the author

    During her years at CNET News, Ina Fried has changed beats several times, changed genders once, and covered both of the Pirates of Silicon Valley. These days, most of her attention is focused on Microsoft. E-mail Ina.

    Elinor Mills

    Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service, and the Associated Press. E-mail Elinor. See full bio

     

    Join the discussion

    Conversation powered by Livefyre

    Show Comments Hide Comments
    Latest Galleries from CNET
    Best iPhone 6 and iPhone 6 Plus cases
    Make your own 'Star Wars' snowflakes (pictures)
    Bento boxes and gear for hungry geeks (pictures)
    The best tech products of 2014
    Does this Wi-Fi-enabled doorbell Ring true? (pictures)
    Seven tips for securing your Facebook account