Microsoft doctors AutoRun in Windows 7 to stymie Conficker

More

Conficker Worm

• Researchers turn Conficker's own P2P protocol against itself
• Conficker botnet could flood Web with spam
• IT was ready for April 1 Conficker attack
• Conficker, the Internet's No. 1 threat, gets an update
• IT Blogwatch: Conficker botnet wakes up and smells the coffee
• Conficker's makers lose big, expert says
• Conficker activation passes quietly, but threat isn't over
• FAQ: Just the facts on Conficker

More: Malware Knowledge Center

The more advanced Security Research & Defense blog, however, noted an exception. "Some smart USB flash drives can pose as a CD/DVD drive instead of standard [drives]," the blog warned. "In this specific scenario, the operating system will treat the USB drive as if it is a CD/DVD because the type of the device is determined at the hardware level."

In other words, malware could still spread via such devices, which are identified as "U3 smart drives." For example, many of SanDisk Corp.'s drives are U3-capable.

Microsoft said it would backport the AutoRun/AutoPlay changes to Windows XP and Windows Vista, but the company did not give any indication when it would do so. "We will be bringing this change to Vista and XP in the future," was all Cohen said. When asked for something more specific, a company spokesman said, "We don't have any more details to share about the timing for this change to be implemented on Windows XP and Vista."

It shouldn't be a surprise that Microsoft is being coy about a timetable for XP and Vista, said John Pescatore, a Gartner Inc. analyst who covers security. "In the last three to four months before an OS shift, most of the development and security testing resources are in the new release," said Pescatore. "That sucks out the energy of what's going to be fixed in the older releases."

And Microsoft may want to gauge the change's effectiveness in Windows 7 -- and its reception by users -- before it backports the modification to XP or Vista. "They may want to make sure it's working," said Pescatore, "and do a true backport, rather than having to write totally separate code [for XP and Vista]."

He noted that Windows XP and Vista users can already disable AutoRun and AutoPlay manually by editing the registry, or in an enterprise, through group policies. To disable AutoRun, however, users must first apply a patch Microsoft issued earlier this year to fix a bug that kept the feature from really being switched off.

The AutoRun and AutoPlay changes will debut in the Windows 7 Release Candidate (RC), which will be available Thursday to MSDN and TechNet subscribers and on May 5 to the general public.

Read more about security in Computerworld's Security Knowledge Center.