Hi! I'm Adam Shostack, a program manager working in TWC Security, and I'd like to talk a bit about today's AutoRun update. Normally, I post over on the SDL blog, but of late I've been doing a lot of work in classifying and quantifying how Windows computers get compromised. One thing that popped from that analysis was the proportion of infected machines with malware that uses Autorun to propagate.
You might note that that's a convoluted sentence, and I apologize. Why can't I just say "infected because of AutoRun?" Well, because we don't actually know that. Due to the nature of the problem, it's probably not possible to acquire great data on the number of attacks that succeed by misusing Autorun. What we know, and talked about in volume 9 of our Security Intelligence Report last fall, is that a lot of malware uses Autorun as one of several propagation mechanisms. Because of the very real positive uses of Autorun, we didn't want to simply shut it off without a conversation. On the other hand, we believed action should be taken to shut down the misuse.
