I’ve mentioned in past posts about the dangers of the AutoRun feature in Windows. I think Microsoft has finally recognized this too, as in Windows 7, it is finally disabled by default. If you missed my earlier post, you can check it out HERE. But now it seems other software, namely iTunes, is looking to turn this feature back on. Hang on, I may be getting a little a head of myself.
For those of you who do not know what AutoRun is. It was implemented by Microsoft all the way back in the Windows 95 operating system. Originally, it was not that bad of an idea. It was a way in which software manufacturers could ensure the proper installation of their software on systems which had a user who was not very tech savvy. When a properly formatted CD was inserted into a computer, the system would simply just start loading the information off of the disk, no questions asked. In the day, this greatly reduced assistance calls to software manufacturers’ help lines. So initially, it was not a bad idea.
However, like most things in this day and age, hackers found ways to exploit it. By infecting any removable media device, such as a CD/DVD, flash (thumb) device, or external hard drive, and plugging it into a computer that is AutoRun enabled, it would simply load the malware onto the clean computer without the user’s knowledge or action. This was the primary venue in which the Conficker Worm was started.
So now getting back to iTunes. When an audio CD is inserted into a computer running Windows 7, iTunes will prompt you with a message that looks like this.
Do NOT turn the AutoRun functionality on. It was disabled, by default, for a very good reason. Just click No.
After, iTunes will then present you with another pop up that looks like this….
Press F5 so that you can see the contents of the disk. This is not 100% secure, but it is much safer than turning on AutoRun. From here you could even scan the disk with your anti-malware software if there are any questions about it’s security.
I don’t think that Apple is doing anything malicious by doing this. It may be that it simply was not prepared for this functionality being turned off in Windows 7, even though Windows 7 has been available for almost a year, in beta versions. But that is not the issue. The issue I have, is why are the pop-ups being displayed in this order? It seems to me that they are backwards. The first message is deceiving, at best. It gives the impression that iTunes will not be able to play the user’s CD unless the AutoRun is enabled……period. The pop-up should tell you to view the contents of the CD by pressing “F5”, and then prompt you to enable the AutoRun, if you should desire. Although I have no idea, from a security standpoint, why anyone would do that.
That is the way I see it, let me know what your views are……
My Edible Earth 