back to article Microsoft finally says adios to Autorun

After a decade of abuse, Autorun is finally being retired in older versions of Windows. On Tuesday, Microsoft began pushing an update that changes the way Windows Server 2008 and earlier versions of the OS respond when USB thumb drives and other portable media are plugged in. Until now, those versions dutifully executed code …

COMMENTS

This topic is closed for new posts.
  1. Paul Slater

    Autorun attacks from CD

    "..Microsoft has yet to see in-the-wild attacks that exploit Autorun on “shiny media.”..."

    Err, Sony DRM?

    1. Anonymous Coward
      Go

      Those are exactly the partners

      mentioned by Microsoft who did not want autorun to be removed. Geddit ?

    2. Anonymous Coward
      Anonymous Coward

      Alright, I'll grant you that

      But apart from the Sony DRM, other rootkits, annoying pop ups, trojans, viruses, spyware and generally running stuff we don't want, what have the autoruns ever done to us?

  2. Robot
    Unhappy

    Microsoft does not go far enough

    It is not enough to have Autorun turned off by default. There must be no possibility of it being re-activated, not even by tweaking the registry. In other words, total excision of Autorun.

    1. Anonymous Coward
      Anonymous Coward

      No...

      People who know what they are doing may have good reasons to use autorun, better that it is hidden away as a registry setting that only those who need it can use.

      1. Anonymous Coward
        Anonymous Coward

        re: People who know what they are doing

        Why would such people have any need for Autorun in the first place?

        1. Anonymous Coward
          WTF?

          re: re: People who know what they are doing

          Puzzled by thumbsdowns.

    2. Anteaus
      Thumb Up

      Too true...

      Even after setting NoDriveTypeAutoRun to 0xFF I've had it mysteriously come back on.

      This page: http://windowssecrets.com/comp/071108#story1

      documents a useful additional piece of protection, which if autorun does manage to launch, redirects it to perform a useless action instead of executing the commands in autorun.inf. I tested this idea with autorun ON and some simulated malware on removeable media, and it does seem to protect the computer.

  3. Steen Hive

    Autorun

    Does anyone know what the hell use it ever was?

    1. Boris the Cockroach Silver badge
      Gates Horns

      yes

      It was so users did'nt have to click on the CD drive icon on their desktops to start a program on the disc

    2. Steve Coffman
      Thumb Down

      Yeah...

      I've seen quite a few CDs that launch via autorun Adobe Reader or Macromedia products (now Adobe) that are included on the disc to pull up an index or menu of documents contained on the CD... it's done for those people not smart enough (or perhaps too lazy) to be to open the CD manually and then the appropriate application or document file themselves...of course it seemed like a good idea at the time it was developed to have this functionality but we all know the problems that it has led to years later...

      1. Glyn 2
        Gates Horns

        sounds familiar

        "it's done for those people not smart enough (or perhaps too lazy) to be to open the CD manually and then the appropriate application or document file themselves"

        Sounds like the entire of Windows 7

        "of course it seemed like a good idea at the time it was developed to have this functionality but we all know the problems that it has led to years later.."

        We'll see (or rather in W7 we won't see as it keeps everything as hidden as possible)

    3. Darryl

      Yeah

      It was for software and driver developers so that they could pop up a useless resource hogging animated thing with sound and crap as soon as you plugged in a CD. Doesn't matter that all anybody ever did was click on the "Install the damn software" button, which could've been much easier if they'd just included on the box:

      1) Insert CD

      2) Browse to CD in Explorer

      3) Double-click on setup.exe

      Instead, a lot of them seemed to put more effort and energy into their flashy autorun screens than they did in their software.

      1. Marty
        Coat

        problem....

        "2) Browse to CD in Explorer"

        some people today still have problems with this step....

        I have lost count how many times i have hat to tell people, "hold down the key with the windows logo on it and press E... blah blah blah"

        1. Wize

          @Marty

          Changing the name of the file browser from File Manager to Explorer didn't help much.

          Me: Start Explorer

          User starts Internet Explorer

      2. Anonymous Coward
        Flame

        Even though I am replying: The title is required, and must contain letters and/or digits.

        > Instead, a lot of them seemed to put more effort and energy into

        > their flashy autorun screens than they did in their software.

        There's a reason they (proprietary software makers) do that, making the sure the user does not gain empowerment.

        If the user had to follow the same simple steps to do something then they might gain understanding of the computer. If the users have to deal with different things to achieve the same ends, or face interfaces that look different with similar products, then the users are much less likely to gain an understanding of the system. And when someone does not have understanding but has to use a system, they become dependent on third parties to progress on that system. And that is where industry steps in, to "monetize" the people's needs.

        The software industry is also mature enough that it recognises this, and so very few (if any) proprietary products dare try to empower the user. They dazzle with shiny-shiny, and let the user think they have witnessed some magic.

        Actually providing what the user might really need, empowerment, is not going to be forthcoming from proprietary software vendors (and to a lesser degree some Free software, the stuff that copies proprietary paradigms, like dumbing shit down to chase the mass-market (eg Firefox)).

        A parallel to this is the times tables. I'm sure you can imagine how a person could learn their times tables by rote, yet still not understand the principles behind multiplication. That person would be fine with multiplication right up until the point where they need to work out more than 12x12. To do more, they need third party help, a calculator.

        But a person who understands multiplication does not need the services of a calculator company, they can work it out in their head, or on paper. Proprietary software gets in the way of people's understanding of computers, and that lack of understanding is used to sell software. And software that varies little between versions, and is basically the same stuff re-heated with a few extras slung in.

        That is why so much effort is spent on the autorun BS.

    4. Peter Gathercole Silver badge
      WTF?

      It was used very often

      to kick off a software installer. Even people like PCW used to use it for their cover-mounted CD and DVD's.

      I've installed a recent HP printer, and it used autorun (the installation instructions did document how to run it without auto run, but it was phrased like "If the installer program doesn't automatically start, open the CD, and .....").

      My significant other (worded to attempt to not to upset the Moderatorix) has some craft software that needs the CD inserted explicitly in the D: drive (and heaven forbid if your CD is not the D: drive), and the instructions for this expect autorun to work, and do not contain an alternative. I keep explaining this, and she keeps telling me that her computer is broken because the software does not start. Grrrrrrrr.

      I think too many of the people commenting here are in the Windows support business, where they are in control of any software installation, and do not talk to home and SOHO businesses where simplicity and hand-holding is essential for people who just use computers as tools.

      I can't be so old that this has passed out of memory, can I?

  4. Tom 35 Silver badge

    Microsoft has yet to see in-the-wild attacks that exploit Autorun on “shiny media.”

    Like the Sony root kit?

    I guess that falls under "resistance from some partners who rely on the feature to install programs".

  5. Filippo

    good riddance

    And a healthy "fuck you" to everyone who ever manufactured a piece of hardware that installs its drivers via Autorun.

  6. Jean-Luc Silver badge
    Gates Horns

    Stop having the marketing department run security, please.

    "Microsoft didn't retire Autorun sooner was the resistance from some partners who rely on the feature to install programs that accompany their hardware"

    So, basically, some dumb bozos who can't be bothered to do things in a safe manner got us years of malware crud? And the rest of M$'s customers got ignored?

    What this reminds me of is how long it took M$ to turn off auto-running code in Outlook. IIRC they said something like "our users benefit from this integration". Finally turned it off after years of aggravation and after it was obvious to world and dog that this approach was an oft-repeated accident that had happened again and again. Prior to that, users also had to tinker with the settings to turn it off.

    Come on guys. I know you won't get everyone to love you. But the least you can do is pay some attention when obvious security risks come to light and lock things down rather than pretend all is well.

    BTW, U3 blows too, regardless of it being a security risk or not.

    1. Anonymous Coward
      Linux

      I love you

      That finally made Microsoft do something.

      I'll never forgive them for Outlook Express.

      Penguin. Because they hate HTML email too.

    2. Robert E A Harvey

      BTW, U3 blows too,

      I took great pleasure, whenever I removed U3 from a stick, in filling in the box which asked why.

  7. Jan Hargreaves
    Thumb Up

    autorun not on win7?

    is autorun renamed to something different in windows 7 cos it is still happily working for me (64 bit home premium).

    Steen Hive - it opens up the explorer window when the device is ready, saves me having to go start, my computer. i also use autorun for having custom icons for my partitions (i have 5). it was nice to do this for usb sticks too. always seemed to impress people at internet cafes etc (yeah i know being cute for no reason haha).

    security essentials has picked up any bad versions of autorun so far for me (e.g. copying files to friend's usb sticks or wiping mine having used it outside)

    1. This post has been deleted by its author

      1. A J Stiles

        Muddy Mildred

        And they said /etc/asterisk/extensions.conf was hard to understand.

        1. Steven Davison

          Chuckle

          "And they said /etc/asterisk/extensions.conf was hard to understand."

          depends who wrote it and how old it was... :P

    2. Anonymous Coward
      Anonymous Coward

      win 7 & vista

      don't autorun anything, they do still pop up a dialog asking you what you want to do though, with autorun.inf entries at the top. It's how it should have worked from the start, a kind of halfway house catering for the people who are too lazy/stupid to browse to the files on their own, but without the security issues of autorunning anything.

    3. Silver

      Re: autorun not on win7?

      That's AutoPlay. The difference between AutoRun and AutoPlay is that AutoRun just blindly went off and ran whatever EXE the autorun.inf file told it to run.

      Whereas AutoPlay looks at the content of the CD/DVD and then pops up a menu presenting you with some options (eg. view the pictures on this CD) and asking you what you want to do next.

      AutoPlay solves the problem of people who don't know how to go browse the contents of a CD and find the setup.exe file vs those who don't want some virus riddled exe to startup as soon as they pop the disk in the drive.

  8. Anonymous Coward
    Pirate

    I'm sure others have said it, cause I read it, but still

    I don't think saying SONY in big bold letters is large enough yet, so yet another who's going to say it.

    Anything legal ever happen in regards to that? cause seriously ....

    1. Anonymous Coward
      FAIL

      IIRC...

      Sony got beaten with a disintegratingly wet noodle. If you or I had done it we'd be in jail but it was a company doing it so ....

  9. Buzzword
    Go

    Obvious solution

    The obvious solution is to have Windows show a dialog box: "You have inserted a CD / DVD / USB stick. Do you want to run the setup program? (This may make changes to your computer)"

    For bona fide application or game install discs, the user would pick yes; otherwise no.

    As it stands, when I plug in my digital camera I get the default Windows prompt asking me if I want to run a particular application with it. Seems simple enough.

    1. John Bailey
      Boffin

      In theory, yes.. In reality.. Bwhaaaaaaa...

      You made a logical assessment of what should happen. That was your first mistake.

      In reality.. Popup window comes up and user clicks OK. Clicking OK is how one closes a popup. The most dire warnings get put through a mental filter and come out as "Click OK to close this nasty scary popup".

      Reading popups is dangerous. It must be avoided at all costs. Because if you have read the popup, you might be responsible for what happens next. Then you can't tell your computer repair serf that you don't know what happened. And picking that MP3 player or USB stick up off the street couldn't possibly have wrecked the work network... could it?

    2. Stacy
      Stop

      You've never worked with users have you? :)

      There are two camps of non techie users that I know of.

      Ignorant: I don't know, and I don't care

      These people just click yes to everything and cause a friend / relation many hours of grief trying to clean up their system

      Ignorant, but scared: OMG! What has popped up on the screen, the world is going to end

      These people generally have clean computers, if only because they never get turned on. These people cause friends / relations hours of grief as everything they need to do online is done over the phone, with said person giving information and the friend / relation filling in the form

      (Yes I am bitter at wasting my time)

      But I think that it means anything that a techie thinks is a good solution is likely to fail at the first hurdle for a real user. I am including my own solutions to regular problems here (how hard can it be to teach someone to press two buttons? Very aparently.)

      So if you use your pop up window I think it would just be people not clicking on it ever, or clicking on it regardless. The biggest security threat to a computer is the person sitting behind it...

      1. Anonymous Coward
        Happy

        You have strange user...

        ..most of mine sit in front of the computers, not behind them :-)

        1. Stacy
          Happy

          Title, what title...

          I think that are interchangable, but I do hear lots of people complain that their partners spend all night behind the computer...

          I can just go for PEBAK if you want?

          And really, you had to be annonymous for that comment! Coward :)

  10. Pypes
    Headmaster

    Usefulness.

    IIRC there was a USB based file transfer gadget (2 USB cables with some sort of box-of-hostmode-tricks in the middle, or a fancy pants null modem cable if you prefer) that had it's drivers embedded in the device so that plugging it in to a computer would fire up the transfer software with no need to install anything. This thing was marketed through infomercials to the computer illiterate as an easy means of shifting data from their desktop to their laptop etc.

    I know this all sounds pretty idiotic to us reg readers, but to the computer illiterate (and their tech savvy children / grandchildren) the "plug it in and it works" functionality was a pretty useful feature. That said, having the OS execute any old code if happens to find on a USB device just because you plugged it in is and always will be a fucking stupid idea.

  11. Only wankers enable all the spam option by default on new user sign ups
    Alert

    I saw a screensaver password bypasser for 9x using autorun

    > Adam Shostack, a program manager for Microsoft's

    > Trustworthy Computing group, said here that Microsoft

    > has yet to see in-the-wild attacks that exploit Autorun

    > on “shiny media.”

    Apart from the obvious Sony rootkit, I remember seeing a download years ago that used autorun to bypass the screensaver on windows 95. If the screensaver was password protected, you could pop in a CD, it would autorun, switching off the screensaver's password and allowing the attacker to get to a desktop that was meant to be inaccessible

    Yes, I know, 9x, no real security. But it is still an attack that used autorun on shiny media. Your sweeping PR statements are no match for my memory, Shostack!

    1. Anonymous Coward
      Anonymous Coward

      Windows 9x Screesaver Passwords

      In Windows 9x you could just click cancel on the password screen to get past.

      1. Gordon Barret
        Alien

        (untitled)

        Not so - you could click Cancel on the Windows Login screen to get logged in as the previous user, but not so on the Screensaver password prompt - clicking Cancel there just went back into the screensaver.

  12. bofh80
    Jobs Horns

    Lies, Lies, Lies

    Viewpoint Media Player is a very viral dvd player that comes packed onto loads of DVD movies, and it installs itself without asking.

    I have seen XP come to a crawl just because of this stupid thing, not on my XP build tho, i disabled those Security flaws for my customers over 2 years ago. I get the occasional person I have to explain to double click on my computer. Apart from that and ofc the stupid 3g sticks and their stupid modeswitch.

    I wouldn't mind, it's just another of the 500 to 1000+ registry entries that are wrong by default. How else are the MCP's going to make any money? ::)

  13. Lord Zedd
    Gates Horns

    Who still uses windows?

    Who still runs Windows Update on 95, 98, Me, 2000 or NT? Or for that matter, who still uses them?

    1. Paul Crawford Silver badge
      Thumb Down

      @Who still uses windows?

      A depressingly large number, I'm afraid.

      However, while I still use XP and 2000, it is a VM on Linux now, and I generally disable networking and USB access wherever I can, in addition to having turned off autorun on ALL drives by the registry tricks.

      Really, as already said in these posts, autorun was a dumb idea in the first place and only sustained by those who cared not two hoots about security and freedom from crud ware.

    2. Jay 2
      FAIL

      Patches, we don' need no steenkin' patches etc...

      I'm pretty sure whoever is using them, isn't going to do any updates!

    3. jonathan keith
      Paris Hilton

      Win98

      I've got a Win 98 box still running, for my old games. It's going nowhere until X-Wing or Tie Fighter get remade properly.

      Paris, because she's good for old games too, allegedly.

  14. blackworx

    Registry?

    As I recall I don't think it took registry fiddling or running fixes to turn AR off. You just had to know where to look.

  15. James Boag
    Coffee/keyboard

    Sir you own me a new keyboard

    Microsoft's Trustworthy Computing group !

  16. Wibble
    Stop

    Hope Apple follow soon

    Apple still enable auto run on the Mac. They don't even have a temp disable key - hold down the shift key - like windows did.

    1. Kar98
      Flame

      What?

      What are you smoking? There's no auto-run on OS X. The disk gets mounted, but that is all.

  17. Willington

    Automatic for the people?

    "Adding the change to the official Windows Update mechanism means millions of users will turn it off automatically."

    Not so. There were 10 updates for Vista yesterday and only 9 of them were automatic. Guess which one wasn't!

  18. Tron

    Late software giant is late.

    Closing the stable door after the horse has bolted, got out into the sheep field and scared them all, been captured, returned to the stables, had a long and productive working life in a variety of capacities, spent a short retirement giving children rides before being carted off to the glue factory, shot in the head with a bolt, boiled down, made into glue and sold in newsagents up and down the land.

  19. Anonymous Coward
    Anonymous Coward

    Thanks God

    And might you rot in hell and suffer unspeakable suffering. Yes, I know, it's only an electronic concept, but I needed to vent my anger. I'm done now. DIE! Ok, this time I'm done, really. YARGH *crunches an autoruned CD with a crowbar*

  20. Anonymous Coward
    Anonymous Coward

    Now they need to fix all the other bugs.

    Windows 7 bug number 412: I am always being asked to login twice in a row. Think I am lying? Google 'windows 7 login twice' and marvel at yet another school boy error from the world's largest software company. Yet again, no fix, no solution, that's Microsoft quality.

    And it's typical of them to release a patch to disable Autorun then decide that "meh it only needs to apply to certain types of media". Yeah leave some more loopholes wide open then it's not like that's ever gotten you into trouble before.

    1. Silver
      WTF?

      Re: Now they need to fix all the other bugs.

      My favourite is in Windows Backup. You tell it to automatically manage the disk space and yet as soon as it fills up the contents of the external drive, it stops working up and screams at you to delete older backups.

      What on earth does "automatically manage the disk space" mean then? I can't be the only one expecting it to delete older backups to ensure that it could continue working?

    2. Anonymous Coward
      Anonymous Coward

      Power save/sleep mode

      Apparently it is because the default is to prompt for a password when coming out of sleep mode. You can change this in control panel (somewhere) - but it is a bug.

      See this

      http://social.technet.microsoft.com/Forums/en/w7itprogeneral/thread/bcceca04-1ea1-4831-98de-1e067dd24c73

  21. Anonymous Coward
    Happy

    How to disable autorun the simple way

    I lost the will to live reading the MS page on how to disable this abhorrence, and being a MS solution, I'm guessing it probably doesn't do the whole job anyway. I have used this single command line for years and it works every time; kills autorun stone dead on all devices. It should work for (at least) Windows XP, Vista and Server 2008. As this is Windows, you'll need to reboot afterwards.

    reg add HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer /V NoDriveTypeAutoRun /t REG_DWORD /d 255 /f

    Another alternative is to bin Windows and use something else :-)

    Why this dreadful nonsense ever existed in the first place is beyond me.

    1. Anteaus

      Better than nothing, but not a reliable solution

      Key thing here us the registry branch - HKCU. Change user (or have a problem with your userprofile, so it defaults itself) and autorun sneakily turns back on. You can also set the same value in HKLM (and should do) but this can still be over-ridden by a user setting.

      See my earlier post (or http://windowssecrets.com/comp/071108#story1 ) for a more reliable method of nobbling it for all users.

  22. doperative

    resistance from some partners?

    > Bryant said the main reason Microsoft didn't retire Autorun sooner was the resistance from some partners who rely on the feature to install programs that accompany their hardware

    This doesn't make technological sense ..

    > Over the past few years technologies such as in the U3 functionality found on many thumb drives has provided alternatives .. As we've pointed out before, the changes to Autorun still don't go far enough. CDs and DVDs by default still automatically execute code when inserted ..

    I have noticed that U3 USB devices execute a menu regardless of the settings. It's to do with a hidden partition on the U3 device identifying itself as a CD.

  23. Paul 172
    IT Angle

    U3 ?

    "Over the past few years technologies such as in the U3 functionality found on many thumb drives has provided alternatives."

    Errr, U3 uses autorun, to launch it's fancy menu. It won't work with Autorun disabled.

    1. paulej72

      U3 should still work

      Paul 172

      U3 autorun will still work as U3 sets part of the drive to look like a CD to the OS. The autorun is from this protected cd image if I remember correctly.

      I would think that this could be used by a virus as well.

      Eric

  24. Ian 5
    Paris Hilton

    Still get shiny icons and decent label text length?

    Not going to miss auto-execution, hopefully this might cause some users to work out how to navigate their filesystems. I kid you not, I have been on the other end of a support call where the 'user' was unaware of right-click, that windows could be other than full-screen and that they could have more than one window open at a time. This was why autorun was adopted - to help reduce support calls... of course, it was a bloody stupid system that was just ripe for misuse.

    However I'd be a bit saddened if this loses the augmentation of icon and volume label that autorun provided.

    Paris, because I feel sure she's wide open for improper insertion of dodgy hardware.

  25. yoinkster

    One use of autorun...

    I found that autorun was useful for when manufacturers were too stupid to have a simple setup.exe file on the root of the disc.

    Some software packages come with a depressingly deep folder structure and no obvious installation executable. So it was nice for autorun to just launch d:\bin\files\acid\HiBob.exe as I was never going to know that that was actually what I needed to install my software.

    If everyone could go back to something as complicated as d:\setup.exe then definitely, autorun can go (:

    1. Charles 9 Silver badge

      And what about all those...

      ...for whom trying to FIND the CD drive is an adventure (remember, this is Windows, not MacOS or most Linuxes--the CD drive does not magically appear on the desktop when you insert it). Plus I have to wonder why AutoRun is so truly, despicably evil in the disc world (now, I can see it for USB devices and so on--those are too easy to tamper). If a miscreant has access to the files that end up on the "gold" copy that eventually gets pressed, that's indicative of a bigger problem. Plus, such a miscreant can booby-trap more than just the AutoRun. What about the Setup.exe itself? And other program files within the disc? Since you need the Setup to install the program anyway, you'd be damned either way.

      1. Your Retarded
        FAIL

        "gold copy that eventually gets pressed"

        Some optical media can be burned by users with the drives provided in their computers, you know.

      2. Gerhard Mack
        FAIL

        forgot a few things?

        1 CDs are not always professionally produced thanks to CD/DVD/Blu Ray writeables so this leaves a whole non virus related attack vector.

        2 Not every CD is a software installer. If I put a CD or DVD in the drive to listen to music or watch a movie I probably don't want the thing installing whatever cute viewer/anti piracy software mucking about my system.

      3. Galidron

        The old leave a CD in the parking lot trick

        You've never seen the leave a CD containing autorun malware labeled PORN in the parking lot and wait for someone to take it into work with them and stick it in their computer. It's a fairly successful ploy. The malware is installed long before the person realizes there is no porn on the disk.

        1. Charles 9 Silver badge

          Never seen it.

          I've actually seen GENUINE porn left in the parking lot. Whether it had malware or not, I don't know because I usually don't throw video DVDs into my computer anyway (especially not these kinds). They get sent to dedicated players (usually my portable one).

    2. Cameron Colley

      @yoinkster

      That's what autorun.inf was for -- the path to the executable is in there.

    3. Anonymous Coward
      Anonymous Coward

      Agreed!

      Anonymous Coward because this is probably a luser question...

      Once autorun is disabled, what is the recognised method of achieving the same result for those CDs where the target is deeply buried? I had one the other day with some drivers on and I still haven't worked out how to make it go...

      1. Anonymous Coward
        Anonymous Coward

        "what is the recognised method"

        Click around until you find it...

        I'm not quite sure why driver disks come with executables anyway. You can usually extract the executable with a program e.g. 7zip to reveal the standard driver files that Windows will find and accept. Why do they need to be locked away in an "installer"? All the installer does is copy the files to the Windows folder and then let Windows discover them and do the actual driver installation itself.

        The answer? So they can install a whole bunch of crap that is in no way necessary for the correct functioning of your device but is 100% necessary to get adware and other shite onto your PC for marketing purposes.

      2. mspritch

        Recognised method?

        Double-click the AUTORUN.INF file (just called AUTORUN if Windows is hiding the extension). It should open in Notepad, where you can see what it tries to run when it's inserted (look at the open= line).

  26. John I'm only dancing
    Flame

    Huh?

    What is this thing called autorun, I thought it was autoinfect? Then again, I'll get flamed from the MS retards, calling me a fanboi and the like because the Mac is my computer of choice

  27. The Fuzzy Wotnot
    WTF?

    Now is the right time to remove it?!

    No. The right time would have been just after you slapped the dipstick who first thought this stupid idea was remotely sensible, let alone added into a commercial software project!

  28. Bilgepipe
    FAIL

    Too Late

    “We feel like now is the right time across the industry to be able to push this change out and have a pretty substantial impact on how malware spreads,” Jerry Bryant, group manager in Microsoft's Response Communications, told The Reg. “This is really something that will help to further protect the ecosystem.”

    S'funny. I thought the "right time" was about ten years ago.

    Stable doors, horses bolting, etc.

  29. Anonymous Coward
    FAIL

    Up next...

    ... DISABLING ANY AND ALL PROGRAMS REQUIRING FOCUS WHEN YOU ARE EXECUTING ANYTHING ELSE IN FULL SCREEN.

    </rant>

    Sorry.

    Ok now, I'm serious. Some *ahem* softwares are not too fond of being 'alt-tabbed' away by anything else that requires focus on the system, like, say, Antivirus, or even Messenger itself. Well, messenger learned to stay put when something is running fullscreen. Some DirectX modes crap themselves out when you alt-tab out of them and won't take alt-enter either to return to them. Some *3D softwares* simply won't run again when you try to go back to them, after being alt-tabbed out of them.

    Autorun was, and has always been, an UTTER AND MAJOR FAIL. Not just that, it is a liability. It is a gas-leaking pipe in front of a arc-welding repair shop FAIL of a liability and a misinformed kludge that MS thought practical when someone inserted an Audio CD back in Windows (95?) just to look cute, edgy and advanced.

    Pretty much like autoexec.bat. Yes, this one was also silently killed because it was even worse and older than autorun.inf. I bet you can still stuff a W7 today if you insert one of those on the root of the boot drive.

  30. Spanners Silver badge
    Pint

    Another item to remove

    Why not remove the default "Hide file extensions". That is still causing problems.

  31. Jon 52
    Gates Horns

    Nuclear Vessles

    They have known about this for years, yet it is only once conficker has done its dirty work on Iranian Nuclear Facilities do they finally close the loophole. The tinfoiler in me thinks it was left open on purpose...

  32. Doug Glass
    Go

    Never Fails

    I've always disabled autorun on every installation I've ever done. It never fails to amuse me when people call to say I broke their computer or Windows is broken or some such nonsense. Once I explain why autorun is a security risk I always get positive comments back. When I tell then what to do (for the second time) to run a program or installer on the CD/DVD I get, "I have to do all that just to make it work? How do I make it work the way it used to?", almost every time. I guide them through finding and running the .reg file that will undo the fix (always provide an undo) and they're happy. That is until, once again, their brother-in-law gave then the coolest game that just messed up their computer. I then refer them to several shops that will gladly take their money to fix it for them. "You won't fix it for me?" I just tell them no, I can't help. They never learn and they never fail to ask for help again. I just got too many dumb friends.

  33. J.G.Harston Silver badge
    Thumb Down

    Stoopid Monkies

    > 1) Insert CD

    > 2) Browse to CD in Explorer

    > 3) Double-click on setup.exe

    Sorry, that's four steps too many for most of the users I am forced to try to support to understand.

  34. Robot

    The real and most damaging problem with Windows

    Yes, it's true that Autorun has done a lot of damage. Yes, it's true that hand-holding features such as the default "Hide file extensions" are a nuisance. But ultimately the most damaging weakness of Windows, the one that causes the most problem for most users, is the lack of a standard and reliable way of creating an image of your installation of Windows, which you can take to another computer to restore your Windows system onto a different hard disk. Because of this weakness in Windows, many of my friends get into a catastrophe in any of the following scenarios:

    (i) the hard disk dies and there is no restore/driver CD

    (ii) Windows slows down after one year, and the user can't fix it

    (iii) the factory restore CD doesn't work (e.g. my old Gateway and new Acer)

    (iv) you create an image using third-party software but the image restoration is not bootable (it happened to me before with Ghost 2002 and True Image Home 9)

    Compounding the problem is that your personal data is deeply interwoven with the Windows system, so restoring an image will wipe out your personal data unless you know how to back up your buried data (no problem if you are a techie).

    1. Your Retarded
      Alert

      "lack of a standard and reliable way of creating an image"

      I think you should look at decent versions of Windows 7. You will be pleasantly surprised that your prayers have been answered.

      1. Your Retarded
        Go

        If the Windows facility is not flexible enough...

        I use a really good product called Paragon Backup and Recovery. We have used this to clone machines for deployment as well as straight file backup and image backups.

        If you look hard enough, you will find a free version.

        No, I don't work for them.

  35. Joe User
    Thumb Up

    For the Windows XP users

    No registry hacks necessary:

    Install Microsoft's Tweak UI PowerToy.

    Run the program.

    Go to "My Computer > AutoPlay".

    Under "Drives", you can enable/disable AutoPlay for any drive letter.

    Under "Types", you can enable/disable AutoPlay for optical drives, USB drives, etc.

  36. ZackC456
    Thumb Up

    Yes!

    Finally. Man, I always hated Autorun.

  37. david 12 Bronze badge

    U3 functionality ... has provided alternatives

    U3 seems to be dead. The websites are missing or closed, the downloads are gone, the licencing unavailable. And StartKey -- which was to be the U3 replacement -- is also dead and cremated.

    So what are suppliers using? Is it all in-house solutions now? Or have they given up on USB installation media?

    A futher article would be welcome

  38. The Brave Sir Robin
    Thumb Up

    Users should bloody well learn to use a computer

    If someone buys a computer without knowing how to use/run Explorer and about the file system then they should buy a book to learn from or go on a computing for beginners course. If they can't be bothered to learn then "though shit".

    After years of receiving support calls from friends and family I've finally got to the point where if I say "Open Explorer and navigate to your CD drive or D:\ or whatever" and they ask how then I've just started telling them to buy "book x" from Amazon, read it and get back to me.

    Perhaps disabling autorun will force people to expend some effort to learn how to use their machines properly.

  39. Michael345
    IT Angle

    Not pushing this via Windows Update

    Microsoft is NOT pushing this update via Windows Update. To XP users at least, it is an *optional* update so it still needs to be manually requested.

    This article has more

    http://blogs.computerworld.com/17808/windows_autorun_microsoft_is_wrong_computerworld_is_right

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2019