Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: Improvements to AutoPlay

27 Apr 2009   #1

Improvements to AutoPlay

As mentioned before on this blog (regarding our UAC changes) and on the IE blog (regarding the SmartScreen® filter for malware), we have an increased focus to enable customers to be in control and feel confident about the software that they choose to run on their computers. Folks on this blog have also commented about the concerns they have specifically in the AutoPlay area. This blog entry addresses some of the changes that we have made to increase customer confidence when using their media and devices with Windows.  It is authored by Arik Cohen, a program manager on the Core User Experience team. –Steven  [Note: There was a technical problem so this post was reposted in its entirety.]

Certain malware, including the Conficker worm, have started making use of the capabilities of AutoRun to provide a seemingly benign task to people – which masquerades as a Trojan Horse to get malware onto the computer. The malware then infects future devices plugged into that computer with the same Trojan Horse. For further information about Conficker please visit

In the following example for a USB flash drive that has photos, malware registers as the benign task of “Open folders to view files.” If you select the first “Open folders to view files” (circled in red), you would be running malware. However, if you select the second task (circled in green), you would be safe running the Windows task.

Infected USB AutoPlay

People are confused why they have two tasks that appear to do the same thing – and even a knowledgeable person who is careful not to run software from an untrusted source can easily make the mistake of selecting the first task. As a result, people lose confidence and don’t feel in control.

A growing attack

While presenting an AutoRun task in AutoPlay has been available since Windows XP, we have seen a marked increase in the amount of malware that is using AutoRun as a potential method of propagation. According to the Security Intelligence Report, an enterprise study by Forefront Client Security found that the category of malware that can propagate via AutoRun accounted for 17.7% of infections in the second half of 2008 – the largest single category of malware infections.

The chart below shows the increasing amount of detection reports by Microsoft anti-virus software of the class of infections that spread via AutoRun. (Note: The actual method of infection cannot be determined.)

Infection Detections of Malware that Spread via AutoRun

Currently, disabling AutoPlay completely is the only solution for consumers and enterprises to gain confidence with the use of USB flash devices on their computer. Guidance on disabling AutoPlay is available here.

Increasing customer confidence

Windows 7 introduces key changes to AutoPlay that keep you from being exposed inadvertently to malware like Conficker when doing your common scenarios with devices (e.g., get to the files on your USB flash drive, download pictures from an SD card, etc.).

In particular, Windows will no longer display the AutoRun task in the AutoPlay dialog for devices that are not removable optical media (CD/DVD.) because there is no way to identify the origin of these entries. Was it put there by the IHV, a person, or a piece of malware? Removing this AutoRun task will block the current propagation method abused by malware and help customers stay protected. People will still be able to access all of the other AutoPlay tasks that are installed on their computer.

With these changes, if you insert a USB flash drive that has photos and has been infected by malware, you can be confident that the tasks displayed are all from software already on your computer:

Infected USB AutoPlay after AutoPlay changes

On the other hand, if you insert a CD that offers software to install, Windows will still display the AutoRun task provided by the ISV during their media creation process. For example:

AutoPlay for a CD that offers an AutoRun Task

You will first see this updated AutoRun experience in the Windows 7 RC build, and we will be bringing this change to Vista and XP in the future.

Ecosystem Impact

We are working with our ecosystem partners to help mitigate situations where this AutoRun change will have an impact on them.

CDs and DVDs (including CD emulation), where the IHV specified AutoRun task authored during manufacturing, will continue to provide the AutoRun choice allowing customers to run the specified software. IHVs of generic mass storage devices should expect that people will browse the contents of the device to launch any software. The new behavior will allow customers to continue to use AutoPlay (including all Windows and ISV installed tasks) to access their media and devices while not being presented with tasks from malware. Additionally, device classes, such as portable media players and cell phones, now support Device Stage™ on Windows 7. DeviceStage offers the IHV a multifunction alternative to AutoPlay where they can present links to software and common tasks, and provides additional features as you use the device.

As you try out the Windows 7 RC, we hope these changes will make you feel more confident and in control when using your media and devices.

-Arik Cohen


My System SpecsSystem Spec
28 Apr 2009   #2

Vista Ult 64 bit Seven Ult RTM x64

Interesting. Thanks, dmex.

My System SpecsSystem Spec
28 Apr 2009   #3

XP/win7 x86 build 7127

hmmmm.... is what i say.... MS could be the helpful one in the confusion of starting up the malware it seems in some cases.

I'd like to know why this happens every single time on logon/startup.

Something tells me that Bill and the Gang could go back to the dry eraser board and come up with some better ideas to safeguard against the new threats and their behaviors. TEST TEST TEST PLEASE. Dont care if there is RC10. Put in the time and effort on this OS and i will put in my hard earned cash to support, I say.
My System SpecsSystem Spec

28 Apr 2009   #4

Windows 10 Pro x64 x2 Windows 10 Enterprise x64, Ubuntu

Thanks Steven,

Of course the major impact of this for me is when I insert my Toolkit pen drive - I no longer get the option to run my tools menu ( - Portable software for USB drives), It's not a major issue and I suppose something we have to put up with in this age of malware
My System SpecsSystem Spec
28 Apr 2009   #5

Windows XP

Great, MS is bringing it to Windows XP.
My System SpecsSystem Spec

 Improvements to AutoPlay

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar help and support threads
Thread Forum
Portable devices not listed in Autoplay option . Won't pop autoplay.
Hi I have protable device that won't autoplay when plugged , but it is shown in my computer and it's fully functional , it is not visible in the Autoplay option in the control panel , I tried reinstalling the device , but same thing , I followed Shawn's topic , how to set autoplay for...
Hardware & Devices
Wish, hope, petition for improvements...!
Hi, Sometimes I'm wondering about why manufacturers don't make things easy to work with? For example: - why windows doesn't starts up/shuts down as quickly as a TV? - why we have to restart windows after installation/uninstallation of some applications? - why printer's manufacturer don't...
General Discussion
To-Do Bar Improvements in Outlook 2010.
Source - Microsoft Outlook 2010 : To-Do Bar Improvements in Outlook 2010
Microsoft Office
A Look at Improvements to Windows Easy Transfer for Win
any improvements since 7100?
is there any improvement and how soon the RTM?
General Discussion
Which Windows made the most improvements to the previous. Just wanted to know...:D
Chillout Room

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 00:52.

Twitter Facebook Google+

Windows 7 Forums

Seven Forums Android App Seven Forums IOS App