After a decade of abuse, Autorun is finally being retired in older versions of Windows.
On Tuesday, Microsoft began pushing an update that changes the way Windows Server 2008 and earlier versions of the OS respond when USB thumb drives and other portable media are plugged in. Until now, those versions dutifully executed code embedded in autorun.inf files without first prompting the user. The default behavior provided a convenient way to propagate malware such as Conficker, which hijacked the feature to spread itself each time an infected drive was inserted.
Microsoft finally nixed Autorun in Windows 7, but until now, users of earlier versions had to muck about in the Windows registry or install a special fix it to turn it off. Adding the change to the official Windows Update mechanism means millions of users will turn it off automatically.