In a delightful feature, Engadget’s Phillip Torrone walks us through something we geeks have known for a long time: Windows defaults to allowing any inserted CD to run whatever it wants when inserted. This is an enormous security hole, and in fact will be disabled in the next version/patch of XP. This article will allow you to get ahead of the game and disable the behavior — called “autorun” — for yourself. Everyone using a Windows computer should do this.
That disabling autorun also disables most kinds of CD copy protection is not a coincidence; for those DRM tools to work, they have to install software on your computer that explicitly prevents you from, say, copying the CD to your hard drive to listen to at work. Such software is always installed on the sly, of course, because few of us would allow the installation if they were honest with us. Because such DRM programs are unwelcome payloads installing and executing without our permission, they fall into exactly the same category as all sorts of other spy programs and malware, and consequently are blocked by precisely the same security measure. Remember, it’s your computer, and your CD.
(“But wait!” you must be thinking. “Aren’t the DRM folks and record labels smarter than this? Surely, Mr Heathen, they’re not this stupid.” I’m afraid they are, gentle reader; in fact, the author of one DRM system — the one used on the aforementioned Velvet Revolver disc — were going to sue a Princeton student for $10 million when he wrote a paper noting that pressing the shift key at the right time (which temporarily disables autorun) bypassed their system.