Windows Patches Security Hole with Feb. Updates
I dread the second Tuesday of every month. I know that, when I open my laptop that day, I’ll be faced with a threat: Restart your computer...or else.
Yes, it’s Windows update time again, and while I was not happy to end my days-long session yesterday, I’m comforted by the fact that this month’s download gets rid of autorun, a feature that has long posed a significant security risk for personal and enterprise users alike.
This feature hearkens back to the mid-’90s, the heyday of CD-ROMs, when many programs and games relied upon it to start up. You’d just insert the CD, and poof! The computer would do the rest. It was perfect for the many non-technical users who were new to computers and such concepts as navigating a directory.
While most of us have discarded our Encarta Encyclopedia CDs, the autorun feature has made the jump to the next generation of removable storage: the flash drive. Malware creators target the media by writing autorun code into malicious programs likely to make it to flash drives. Then, when a user inserts the device into his or her computer, Windows automatically runs the malware, automatically infecting the machine.
Although disabling autorun does result in a loss of convenience, it will be a boon to enterprises already worried about the contents of their employees’ flash drives. Those employee devices lack the sophisticated security measures that enterprise networks have and thus are more likely to introduce malware into the network.
Disabling autorun will also help keep regular users’ computers safe, as many individual anti-virus programs do not scan flash drives before running the programs. And now that I’m done installing this update on my personal computer, I’ve got 26 days of freedom.
Posted by Laura Williams on Feb 09, 2011