Microsoft has released an update to block Autorun threat(Worm:Win32/Autorun) for Windows Vista and Windows XP. The update restricts AutoRun entries in the AutoPlay dialog to only CD and DVD drives.
AutoRun is the ability for a device, through the use of autorun.inf, to expose a set of tasks for the user to choose upon insertion of new media into the computer. This could be a USB drive, a CD or DVD, a network drive, or any other additions of new media. The user is shown the AutoRun tasks along with other functions via the AutoPlay dialog
However due to a rise in malware usage of the AutoRun system, the Windows 7 team has undertaken a dramatic step to block this specific threat.
Windows AutoRun Feature
The Autorun Feature is a functionality that has been provided in the Windows OS which would react in a predefined way when certain devices like CD/DVD ROMs are inserted in the specified drive. In Windows OS, AutoRun is handled by the Explorer.exe process. It was introduced in the Windows OS keeping in mind the increase in the number of Multi Media Presentations that is used by Corporate Users/Students/Media Industry people etc. Business Cards, Product Presentations, Business and Project Presentations, Presentations for Seminars, Media and Graphics demos for designers etc represent just a fraction of the areas where CDs/DVDs were extensively used. Identifying these requirements Microsoft had made the Windows OS smart enough to recognize and auto executes the content of these CDs/DVDs whenever a CD/DVD was inserted. The whole point of providing this feature was to make it as easy as possible for the users to enjoy the content of the CD/DVD even if he/she is oblivious of the actual file or program that is launching the content. This AutoRun feature is enabled by default, but we also have the option to manually enable/disable it as well.
The new changes will no longer expose the AutoRun entries in the dialog unless it is removable optical media (CD/DVDs). So, if a USB drive is inserted into a machine, the AutoRun choice will no longer be shown. In addition, changes have been implemented to help clarify actions about to be undertaken by the AutoPlay dialog.
To read more about the details of this new implementation, please see Engineering Windows 7: Improvements to AutoPlay.