I have run into two instances of malware that use autorun.inf to launch within the space of two weeks. On the face of it, autorun is turning out to be a really dumb (insecure) idea. The way it's implemented, Windows does not even differentiate between removable and non removable drives. I have been searching for a simple, easy way to just turn autorun off without succes. How long will it be before Microsoft release a patch to fix this? Score 1 for open source/linux. I'm running Linux (Ubuntu 7.10) on my laptop so I don't have malware issues. The malware I have encountered is on other systems that friends have asked me to clean up.