Members
  • Total Members: 14197
  • Latest: Levine
Stats
  • Total Posts: 43434
  • Total Topics: 16528
  • Online today: 3053
  • Online ever: 51419
  • (01. January 2010., 10:27:49)
Users Online
Users: 2
Guests: 3013
Total: 3015









Author Topic: Microsoft AV advice may aid attackers, researcher warns  (Read 3495 times)

0 Members and 1 Guest are viewing this topic.

Samker

  • SCF Administrator
  • *****
  • Posts: 7529
  • KARMA: 322
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum
Microsoft AV advice may aid attackers, researcher warns
« on: 22. December 2009., 09:37:47 »


A security researcher is taking Microsoft to task for advising customers to exclude certain files and folders from anti-virus scanning, arguing the practice could be exploited by pushers of malware.

Microsoft issued the recommendations in October, as a way of improving system performance: http://support.microsoft.com/kb/822158
They suggested administrators exclude certain files used by Windows Update, Automatic Update, and security features in six different versions of the Windows operating system.

In a blog item posted Monday, David Sancho, a malware researcher at Trend Micro, warned the recommendations put users at risk: http://blog.trendmicro.com/microsoft-virus-scanning-recommendations-bring-risks/

"Following the recommendations does not pose a significant threat as of now, but it has a very big potential of being one," he wrote. "Cybercriminals may strategically drop or download a malicious file into one of the folders that are recommended to be excluded from scanning, or use a file extension that is also in the excluded list."

Microsoft's recommendations stem from the belief the scanning of certain files is unnecessary and detrimental to performance.

"These files are not at risk of infection," the October Microsoft article said. "If you scan these files, serious performance problems may occur because of file locking." The recommendations pertain to machines running Windows Server 2008, Windows Server 2003, Windows 2000, Windows XP, Windows Vista, or Windows 7.

(Register)

Samker's Computer Forum - SCforum.info

Microsoft AV advice may aid attackers, researcher warns
« on: 22. December 2009., 09:37:47 »

Generic Viagra

  • Guest
Agreeable Locale
« Reply #1 on: 08. January 2010., 12:09:07 »
I will not agree on it. I assume warm-hearted post. Expressly the appellation attracted me to read the whole story.

hazedaze

  • SCF VIP Member
  • *****
  • Posts: 85
  • KARMA: 19
  • Gender: Male
Re: Microsoft AV advice may aid attackers, researcher warns
« Reply #2 on: 08. January 2010., 13:35:48 »

Bad MS very bad!! :police:, you should not be advising anyone especially not corporate customer's to put things like MS update in the AV's white list....

Just a thought and I could be completly wrong here, Please correct if I am...

But why dont MS security sign each of the updates they post to their update site and the updater itself have a certificate checking engine which is live linked back to MS so it can also be verified with there secure servers???. It's just as simple as a hash check....

Samker's Computer Forum - SCforum.info

Re: Microsoft AV advice may aid attackers, researcher warns
« Reply #2 on: 08. January 2010., 13:35:48 »

 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.codekids.ba:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Kursevi programiranja za ucenike u Sarajevu

Terms of Use | Privacy Policy | Advertising
TinyPortal 2.3.1 © 2005-2023