Honor Thy Settings

Some of us have been working with the Sality virus lately, which reportedly propagates by writing an autorun.inf file and an executable file to the root of all volumes or drives found on the infected system. If the user workstation maps to a file share, for example, the virus process writes the files to the volume, and anyone else that then connects to that share also gets infected. The same has been shown to be true for removable storage, such as USB thumb or flash drives.

So when working with analysts and customers, most of us tend to recommend disabling autorun capability all together, or perhaps for specific drives. Usually this is good advice, but only if it works. MS recently published this KB article which basically states that previous advice didn't work, and you need to install an update AND set another Registry value (ie, HonorAutorunSetting) for the functionality that you set to actually work.

Is this really such an important issue? Well, given stuff like this, and this...perhaps. Update your systems, and recommend that your friends and customers do the same. Even Symantec has picked this up.