Autoinfect

The invention of autorun (and, similarly, autoplay) feature, in the form it exists today, is one of the biggest platform developers' mistake. A feature with doubtful impact, it has become an easy mechanism for malicious software to reproduce itself. Desktops in Internet cafes and copy centers proved to be excellent friendly hubs where viruses and trojans use to spawn.

What is quite beyond my understanding is that at the same time the very most of the flash drives released today do not promote a write protection switch! This forces me to use my good old 128Mb Chinese noname in public places (such as e-cafes or hotels), as neither of my newer ones provides write resisting capabilities.

As raw criticism is not that constructive, I will explain my own point of view on how autorun should have been implemented correctly (if it should have been):
- Never, NEVER runs without prior OS notification (stating the name of the file, the vendor etc.). If invoked under administrator account, OS displays another dialog proposing to run it under guest account.
- No binaries (neither unmanaged nor managed), no scripts. DHTML (runs in default browser), maybe Silverlight or Flash. "Web" security policy.
- Turned off by default.

It is necessary to understand that autorun is the easiest way to run unknown code on the machine. By simply inserting the untrusted (not yours or write-unprotected) flash card or CD into the drive you can stuff your PC with a swarm of parasites. No further actions are needed. Just keep in mind that someone might silently plug his malicious tiny flash into your notebook's USB when you are drinking your martini at the airport. So the best choice in today environment would consist of three basic rules:

I. Turn autorun off and forget about it.

II. Use a USB flash card with write protection switch and disable writing wherever possible. It would be ideal to only enable writing when inserting the card into your computer.

III. Wherever possible, use "passive" approach to file distribution. Ask your friend to copy down the files you need from his computer to his flash disk; disallow writing on that disk before inserting it to your computer. The same rule applies to the reverse process: copy down the files your friend needs to your flash disk and disallow writing before inserting it to your friend's computer. Such approach will help protect your computer from infecting with the viruses living in your friend's computer, and your friend's one with the viruses living in yours.

Following these three simple rules above will decrease the speed of epidemic spread and make your computer (and the computers of your mates) healthier.