Ignore Microsoft, check everything

Microsoft says you don't have to check some files for viruses: Bad idea, which, of course, means that any self-respecting virus writer will now use them to hide viruses in.

By  

OK. I get it. Everyone wants to have the fastest possible computer. But, when Microsoft published a list of what files you shouldn't bother to check for viruses, since looking in on them can really slow a PC down, they also gave a blueprint to virus-writers on where they should focus their attacks.

Trend Micro malware researcher David Sancho is the one who spotted this gaffe by Microsoft. In a Trend Micro blog, Sancho wrote: "Cyber-criminals may strategically drop or download a malicious file into one of the folders that are recommended to be excluded from scanning, or use a file extension that is also in the excluded list." You think!?

Essentially, what Microsoft has done is told virus-writers they can safely hide their programs. What self-respecting virus writer will be able to resist?

As Computerworld reported, Sancho and I aren't the only ones who see it that way. Andrew Storms, nCircle Network Security's director of security operations said, "I would agree with Trend that making any sort of white-listing with your security software is not for the average user or the faint at heart."

Storms doesn't think it's that big of a deal though. I disagree.

Anti-virus software isn't any kind of sovereign remedy for malware, but it's the best protection that 99% of all users have and any policy that might weaken it is a bad policy. Sure, if you use Microsoft's white-list and don't check some directories and file types you'll get a faster computer, but is the modest speed gain you'll get worth opening up your computer to potential new attackers? I don't think so.

Besides, Windows PC or server, you can always set the anti-virus checks to run when the computer is likely to be idle. If you do this, which I think most of us do anyway, you'll be as safe as your anti-virus software can make you and you'll never notice that at 2 in the morning your computer isn't running as fast as it could run.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Spotlight on ...
Online Training

    Upgrade your skills and earn higher pay

    Readers to share their best tips for maximizing training dollars and getting the most out self-directed learning. Here’s what they said.

     

    Learn more

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question