Interesting news from Redmond:
On Friday, Microsoft announced the availability of updates to the XP, Server 2003, Vista and Server 2008 versions of Windows that removes the AutoRun popup window when some types of removable media is connected. The change doesn't affect optical media such as CDs and DVDs, a shortcoming we'll get to in a moment.
As we pointed out then, the move is a step in the right direction, but it doesn't go far enough. That's because certain types of removable drives – those made by U3, for instance – run firmware that advertises the device to Windows as a CD. Such drives will continue to automatically execute the AutoRun routine as soon as they're plugged in.
The new updates are available here. But as we've said before, given the large number of devices that are unaffected by this change, we'll continue to disable AutoRun altogether.
While we applaud the move as it shows a little more conscious security decisions in product design, it's still too little, too late.
If you want to be truly protected against AutoRun malware and make sure your USB drive is not used as an infection vector, download and use the free Panda USB Vaccine.