Although Windows 9x had AutoRun, it was a kind of primitive system that could not be compared to XP. In addition, at that time USB storage devices were not too popular, while floppy disks were still used. Therefore, it can be said that the real problem began at the end of 2001, with XP and its Autorun and Autoplay. Let's distinguish between these two concepts.
Autorun and Autoplay
Autorun: It is the ability of the operating system (not only Windows) to run removable devices when they are inserted into the system. In Windows, the parameters of "autorun" are defined in a text file called autorun.inf, which appears in the root of the drive being inserted.
Autoplay: It is the own functionality introduced in XP. It complements and is based on Autorun. It analyzes the device that is inserted and depending on the type of file it finds, launches a dialogue in which the best applications to play them are suggested. If a default action is chosen, the user will no longer need this dialog and the chosen program will be launched automatically next time thanks to Autorun and the Autoplay "memory".
Important milestones
Already in February 2000, we published in Hispasec a bulletin entitled "Attacks through the autorun". The functionality was presented as the perfect substitute for automatic execution on floppy disks but applied to CDs and USB sticks.
By 2005, USB sticks became popular and more and more malware samples began to appear that spread by this means. To the point that, in mid-2010, it was already estimated that 25% of malware was spread through these devices.
But Microsoft didn't see the problem until 2008. This capability could be disabled through policies or changes in manuals in the registry and, therefore, did not consider it necessary to change its posture: Windows offered it as active functionality by default (like so many other facilities) and who wanted to protect themselves, to deactivate it. But this was not entirely true: even deactivated, it was never truly protected. From there begins a journey for its deactivation and improvement that, to locks and ravines, is already automatically applied to all its operating systems
More Information:
How to disable autorun functionality in Windows
http://support.microsoft.com/kb/967715
02/08/2010 Microsoft releases out-of-cycle update for
vulnerability in .lnk
03/05/2009 Microsoft improves the "self-execution" of Windows 7. Thank you
Conficker?
http://www.hispasec.com/unaaldia/3844
19/02/2000 Attacks through the autorun
http://www.hispasec.com/unaaldia/480
27/05/2008 Virus and promiscuity. From floppy disk to USB
http://www.hispasec.com/unaaldia/3503
25% of malware spread via USB drives
http://www.informationweek.com/news/security/vulnerabilities/showArticle.jhtml?articleID=227100125
Author: Sergio de los Santos
Source: Hispasec
Leave your comment