Why is Apple Meddling With My Windows AutoRun?

Guest editorial by Costin RaiuIn every system designed by man, there is always a balance between features, usability and security. While designing pretty, easy to use and secure systems is possible, quite often this is not what the users get, or, worse, this is not what the users want.

In every system designed by man, there is always a balance between features, usability and security. While designing pretty, easy to use and secure systems is possible, quite often this is not what the users get, or, worse, this is not what the users want.
The most popular example of this applies to Apple. Focusing on eye-catching designs and easy to use products, Apple is listed in almost every marketing book as a success story.

Interestingly, maybe their second most popular software product, Mac OS X (after iTunes) represents a curious blend between eye-catching, easy to use, flexible, usable and decently secure, modern operating system. Please notice how I avoided saying “secure” and instead, wrote “decently secure”. Not wanting to start a holy war, I’d like to state that no operating system is bulletproof. Or, if an operating system even remotely tries to achieve that, nobody really wants to use it. Take VMS for instance; it was maybe one of the most secure operating systems ever design, yet, it was a pain to use. Ten years ago, in my University, the people doing schoolwork on VMS dreamed of doing it on Linux. Yet, a computer running VMS with 4MB of RAM and a 40MB hard drive could host 50 concurrent users, while a similar Linux computer started having issues with more than 10 users. VMS was not only secure, but it was resource efficient as well. It was that good. Yet, it went into oblivion, just like it will happen to any other secure but a-pain-to-use OS.

With Windows 7, Microsoft made an interesting move. The developer of the most attacked operating system in the world decided to turn off an age-old option. This was one of the options that made the operating system easier to use but much, much more insecure. I’m talking of course about AutoRun.

You can imagine my surprise when I got the following message from iTunes, while plugging my iPod to transfer some newly purchased albums:

So, iTunes detected that my system was more secure but less usable, and decided that maybe it’s a good idea to change that back! My surprise was even bigger after seeing the following message from iTunes:

Therefore, even if AutoRun is off, iTunes will still recognize my CDs!

With that in mind, Apple’s decision with iTunes doesn’t make any sense. It took Microsoft more than 25 years to finally understand how important security is, and then it took them another 5 years to understand that AutoRun is inherently flawed and insecure, so it needs to be deactivated by default.

As I was saying, Apple is a success story when it comes to combining easy to use technology with eye catching design, while keeping it also decently secure. It is a real pity though when somebody finds slips like the one above. Will it also take them 5 or 10 or even 25 years or so to understand the dangers of AutoRun?

I certainly hope not.

* Costin Raiu is chief security expert, EEMEA, Global Research & Analysis Team, Kaspersky Lab.

Suggested articles


  • PaulR on

    It's because Apple wants you to "Think (you're) Different", not actually "Be Different".  If you don't fit into what their corporate model of a computer user is, you will be forced to conform...

  • Randy on

    VMS did not disappear.  The foundation of that team and technology is what became 2000/NT5.0/XP/Vista/Win7.  Check up on VMS and Dave Cutler as an example.


    tenga un buen dia en la luzes de Las GALAXIAS UNIVERSALES

  • Anonymous on

    VMS still exists - I ran into someone at a conference the other day who is using it. They were looking for source code analysis tools to run on it, so they must be doing development in that environment.

  • Costin on

    Hi Randy,

    First of all, thanks for your comment! May I ask what you're thinking about Apple and AutoRun?

    Regarding your comment, I've been using Windows NT since version 3.0 and did a fair amount of coding on VAX/VMS. Trust me when I say they are as different as heaven and earth. I do know about Dave Cutler and his coding though. The guy rocks.

    Yet, Windows is not VMS.

    Have a great weekend,


  • NotaApplefan on

    Apple to it's users: We are Borg, you will be assimilated!!
  • Alphaman on

    Heh...  OpenVMS is dead.  If I had a nickle for every time I heard that...  Let's see, OpenVMS outlasted Digital.  Compaq.  Tru-64.  OSF-1.  HP-UX.  SunOS.  Apollo.  Next.  OS/2.  SGI.  Tandem.  Cray.  and tons of others that tried to kill it.  Even HP.

    Check out this article posted just last week...

     Why OpenVMS?

    Now, about AutoRun.  Seems MS didn't really "disable" autorun, but rather just turned it off.  And based on the screenshot shown above, it looks like iTunes defaults to "NO", don't turn on AutoRun.  Yeah, the option needs to be removed, but since everyone gave Microsoft 25 years to fix their built-in security flaw, perhaps we should give Apple a little more than a couple months to adapt their software?

    I'm just sayin'...

  • Anonymous on

    OpenVMS is not dead.  (rumor has it that is till gererates about $4B for HP).  I have been running  clusters since 1988; now on my 4th generation of hardware (785's, 8530's, 4/275 2100's, DS15's).  With a Cluster and shadow sets, I never loose data or much downtime. My record is only 1226 days on one node (2100's) without reboot and currently 843 days on one DS15.  Still used on wall street (unconfirmed) and by DOD since is have been pretty much hack proof.

  • nnesurusuxav on

    The rear, we shouldnt have turned up its medicallynecessary. We talking ideology,

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.