When Does Windows Security Go Too Far?



windows-7-logoAs a Vista user, I’ve had to learn to deal with the extra security in place to keep me from installing things that shouldn’t be installed.  (Yes, I know I can turn that off and have, but for the sake of argument, bear with me here.  Thanks.)  Anything that needs to install or update requires a second “yes” confirmation from the user, and some things won’t install without an administrator confirmation, as well.

This is all well and good when you can’t trust the users, and I understand why this failsafe exists in the Vista operating system.

Now comes word from the Windows7 developers that Microsoft’s latest operating system will no longer allow AutoRun to operate from anything but a CD/DVD drive.  This means that if you’re carrying around a flash drive with portable OpenOffice, inserting it in a machine running Windows7 will not trigger the AutoRun window in the same way as before; i.e. you won’t have a choice to run or install the program found on the flash drive, you will only have the option to open a folder to view the files.

This is may be only partially problematic for some users, as opening the folder to view would then allow you to run or install what is on the flash drive.  It just takes a few extra clicks.  Where it becomes problematic is when users need to have access to a particular program in order to use the computer in the first place, for example, a blind user with a screen reading program on a flash drive that s/he takes wherever they go so they can access public computer resources.  In most cases, that user cannot navigate the computer without the screen reading software, and with the AutoRun feature disabled, that person is completely locked out.

There is a way to “fool” the computer into thinking otherwise, at least for the moment.  Flash drives running the U3 operating system  actually fool the Windows7 operating system into thinking that it is a CD/DVD, instead of a flash drive.  But I expect a WIndows7 to sew up this hole pretty quickly.  I am wondering how Windows7 will deal with flash drives that contain security information that allow a user access to extremely secure systems, such as those used in bio and nuclear labs.  With the AutoRun so clamped down, these user-access security systems may become completely dysfunctional.

Information on Windows7 blogs indicate that this “security enhancement” will be put into an update to Windows Vista shortly.  Microsoft’s reasoning is to short-circuit the Conficker and other similar worms/trojans.  But I’m not so sure the cure is not worse than the cause, at this point.

More information can be found at Technet, and at Microsoft.com.


One thought on “When Does Windows Security Go Too Far?

  1. Hasn’t disabling auto-run has long been considered good security in Windows? I disable it on all my computers early in the setup.
    While your example of it being a hindrance to visually impaired users is a good point, I think they are a relatively small sub-set of users.
    Hopefully Microsoft will make an easy way to restore it in the Accessibility controls for those who need it

Comments are closed.