Nothing beats a USB port for convenience, whether you want to quickly transport a couple gigabytes of files for work, refresh the lineup on your MP3 player, or view the pictures from your recent trip to Boise. Unfortunately, USB ports also provide an overly convenient bridge for malware to creep from a portable media device onto an unsuspecting user's system. In fact, it seems nearly every client I visit these days has numerous computers carrying USB-infecting malware -- even trusted clients with otherwise stellar security histories. It's getting so bad that I'm scared to share USB keys with my clients. The primary culprits here: Microsoft Windows' autorun and autoplay features for portable media devices (USB keys, USB hard drives, camera memory flash cards, and so on). To make users' lives easier, Microsoft coded Windows to seek and deploy autorun and autoplay files on removal media. A user connects his or her device, and the program it contains launches automatically, if so designed by the software developer. It's what allows a CD or DVD to start playing the moment it's inserted or a new software program's install routine to automatically commence.

Original Article