Skip to main content

Changes in Windows to Meet Changes in Threat Landscape

Customers have heard us say over the years that the threat environment is an ever-evolving one. That means that one of our jobs in working to keep customers safe is to continually monitor the threat environment and make changes to adapt to it.

Today, we’re announcing modifications in Windows that adapts to recent changes in the threat environment. Specifically, we’re announcing changes to the behavior in AutoPlay so that it will no longer enable an AutoRun task for devices that are not removable optical media (CD/DVD.). However, the AutoRun task will still be enabled for media like CD-ROM. There are more details on the change over at the Windows 7 blog as well as at the Security Research and Defense (SRD) blog.
The reason we’re making this change is that we’ve seen an increase, since the start of 2009, in malicious software abusing the current default AutoRun settings to propagate through removable media like USB devices. The best known malicious software abusing AutoRun is Conficker, but it’s not alone in that regard: there is other malicious software that abuses this feature. You can get more details on this change and others in the threat environment from the Microsoft Malware Protection Center’s blog.

Because we’ve seen such a marked increase in malicious software abusing AutoRun to propagate, we’ve decided that it makes sense to adjust the balance between security and usability around removable media. We’ve tried to be very measured in this adjustment to maximize both customer convenience and protection. Since non-writable media such as CD-ROMs generally aren’t avenues for malicious software propagation (because they’re not writable) we felt it made sense to keep the current behavior around AutoPlay for these devices and make this change only for generic mass storage class devices.

This change will be present in the Release Candidate build of Windows 7. In addition, we are planning to release an update in the future for Windows Vista and Windows XP that will implement this new behavior.
Labels:

Comments

Post a Comment

Do not insert clickable links or your comment will be deleted. Checkbox Send me notifications to be notified of new comments via email.

Popular posts from this blog

How to change the size of the touch and on-screen keyboard in Windows 10

Windows 10 PCs come with two keyboard apps, one is the OnScreen Keyboard , and the other is the Touch Keyboard . Basically, you don't need a touch screen to use the on-screen keyboard. It displays a virtual keyboard on the screen and you can use the mouse to select and press the keys. Although the on-screen keyboard app is very useful when we don't have a physical keyboard, its size is always a problem for users. You can move or enlarge the virtual keyboard from the icons in the upper right corner. If you want, you can also easily resize it. Changing the size of the on-screen keyboard is very easy. Type On-Screen Keyboard in your Windows search and run the desktop app, or you can also go via Settings > Ease of Access > Keyboard> Turn on the On-screen keyboard.   To change the size of the on-screen keyboard, move the cursor to the corner and drag it to the desired size. Resizing the touch keyboard is as simple as doing it! Just drag it and resize it us...
Post a Comment
Read more

Designing the Windows 8 touch keyboard.

When we began planning how touch and new types of PCs might work on Windows 8, we recognized the need to provide an effective method for text entry on tablets and other touch screen PCs. Since Windows XP SP1, which had Tablet PC features built in, Windows has included a touchable on-screen keyboard. But those features were designed as extensions to the desktop experience.  For Windows 8, we set out to improve on that model and introduce text input support that meets people’s needs, matches our design principles, and works well with the form factors we see today and expect to see in the future. I’m writing this blog post on our Windows 8 touch keyboard using the standard QWERTY layout in English. As I look at it, the keyboard seems very simple and sort of obvious. This comes partly from having worked on it for a while, but also because keyboards are familiar to us. But there is more here than meets the eye (or, fingertips). We started planning this feature area with no preco...
Post a Comment
Read more

Windows 10 compatibility reaches most of the hardware currently in use.

Windows 10 will be compatible with most existing PC hardware; most devices running Windows 7, Windows 8, or Windows 8.1 will meet the requirements for Windows 10. For full system requirements, see Windows 10 specifications. Some driver updates may be required for Windows 10. Existing desktop (Win32) application compatibility is also expected to be strong, with most existing applications working without any changes. Some applications that interface with Windows at a low level, those that use undocumented APIs, or those that do not follow recommended coding practices could experience issues. Windows 10 compatibility reaches most of the hardware currently in use. - The World of Windows. Contents: [ hide ] Windows 10 compatibility reaches most of the hardware currently in use. Existing Windows Store (WinRT) apps created for Windows 8 and Windows 8.1 should also continue to work, because compatibility can be validated against all the apps that have been submitted to the Windows ...
2 comments
Read more