December 22, 2009, 4:11 PM — OK. I get it. Everyone wants to have the fastest possible computer. But, when Microsoft published a list of what files you shouldn't bother to check for viruses, since looking in on them can really slow a PC down, they also gave a blueprint to virus-writers on where they should focus their attacks.
Trend Micro malware researcher David Sancho is the one who spotted this gaffe by Microsoft. In a Trend Micro blog, Sancho wrote: "Cyber-criminals may strategically drop or download a malicious file into one of the folders that are recommended to be excluded from scanning, or use a file extension that is also in the excluded list." You think!?
Essentially, what Microsoft has done is told virus-writers they can safely hide their programs. What self-respecting virus writer will be able to resist?
As Computerworld reported, Sancho and I aren't the only ones who see it that way. Andrew Storms, nCircle Network Security's director of security operations said, "I would agree with Trend that making any sort of white-listing with your security software is not for the average user or the faint at heart."
Storms doesn't think it's that big of a deal though. I disagree.
Anti-virus software isn't any kind of sovereign remedy for malware, but it's the best protection that 99% of all users have and any policy that might weaken it is a bad policy. Sure, if you use Microsoft's white-list and don't check some directories and file types you'll get a faster computer, but is the modest speed gain you'll get worth opening up your computer to potential new attackers? I don't think so.
Besides, Windows PC or server, you can always set the anti-virus checks to run when the computer is likely to be idle. If you do this, which I think most of us do anyway, you'll be as safe as your anti-virus software can make you and you'll never notice that at 2 in the morning your computer isn't running as fast as it could run.
