The latest blog post over at the Engineering Windows 7 blog talks about autoplay improvements in Windows 7. The main reason for the changes was an increasing number of malware that was using the autorun function as a method of propagation. Microsoft discovered that “malware that can propagate via AutoRun accounted for 17.7% of infections in the second half of 2008″ which, according to them, was the largest single category of malware infections.
One of the main reasons for this are the confusing options offered by previous Windows operating systems. Choosing the first option in the example below could install malware on a computer system while the second option (with the same name) would not.
Microsoft has therefor decided to change the autoplay function in Windows 7:
In particular, Windows will no longer display the AutoRun task in the AutoPlay dialog for devices that are not removable optical media (CD/DVD.) because there is no way to identify the origin of these entries. Was it put there by the IHV, a person, or a piece of malware? Removing this AutoRun task will block the current propagation method abused by malware and help customers stay protected. People will still be able to access all of the other AutoPlay tasks that are installed on their computer.
Autoplay will therefor only be available for removable optical media and not for other types of removable media like external usb hard drives, usb sticks or memory cards. The example with the two confusing choices shown above would therefor look the following way in Windows 7.
