As I’ve transitioned over the course of my life as a software developer/systems engineer, from an exclusively Windows oriented work life to a mix of MacOS, Linux and Windows, I’ve come to appreciate how incredibly brain dead the Really Smart Kids at Redmond are when it comes to computer security.  Windows, simply put, is unsafe at any speed.  I say this fully realizing that Unix/Linux and MacOS (which is Unix down in its kernel), isn’t bullet proof either.  But as there is a difference between driving a Mercedes-Benz or a Volvo and driving a 1960 Corvair, there is a difference between running a Unix like OS and Windows.  I could point to a number of different Windows inanities that continue to bother me, but here’s the one that’s got my attention now: autoplay.  And here’s why:

Malware hitches a ride on digital devices

It’s time to add digital picture frames to the group of consumer products that could carry computer viruses and Trojan horse programs.

In the past month, at least three consumers have reported that photo frames – small flat-panel displays for displaying digital images – received over the holidays attempted to install malicious code on their computer systems, according to the Internet Storm Center, a network-threat monitoring group. Each case involved the same product and the same chain of stores, suggesting that the electronic systems were infected at the factory or somewhere during shipping, said Marcus Sachs, who volunteers as the director of the Internet Storm Center.

"When (the first incident) pops up, we thought it might be someone that was infected and blamed it on the digital picture frame," Sachs said. "But this is malware – and malware that does not seem to be very well detected. You could plug in a device and infect yourself with something that you would never know you had."

And that’s possible in large measure, because of autoplay…something build into Windows that isn’t in other operating systems because most software engineers think allowing executable code to be automatically run from any media you happen to insert into a drive or port is just plain nuts.  And because Microsoft thinks doing that is such a really really neat idea, there is no easy way to turn the goddamned thing off.  You have to attack it in the system registry.  Here’s a sample registry script for turning off autoplay that I run on all my Windows 2000 and Windows XP boxes:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CDROM]
"AutoRun"=dword:0000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=dword:000000FF

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=dword:000000ff

If you’re still running 95/98/Me the value of "NoDriveTypeAutoRun" should be BD 00 00 00.

For those of you who don’t want to deal with directly editing the Windows system registry (and you should absolutely leave it alone unless you know what you’re doing!), there is an article Here on how to use the Windows Policy Editor.  However that only works on Windows XP Professional, and I assume the pro grades of Vista.  If you don’t have either of those, there is a little application from Microsoft called TweekUI you can download Here.

Vista, apparently has a new dialog you can access from the control panel that lets you configure each device and also individual media types.  I haven’t worked with it myself so I can’t comment on how simple or intuitive it is, but apparently you can just uncheck a box at the top of the dialog and that turns it off for all media and devices.

The motivation here of course, is to make installing new software and new hardware devices more convenient.  But convenience can end up being more hassle then its worth.  It would be more convenient if you didn’t need a key to start your car too.  Then you’d never need to worry about loosing your car keys.  Just your car.