Microsoft accused of helping virus writers

Security

Security firm claims Microsoft's advice to ignore certain files during virus scans could backfire

Security firm Trend Micro has accused Microsoft of giving malware writers a helping hand by advising users not to scan certain files on their PC.

In an article published on Microsoft's Support site the company claims it's safe to exclude certain file types from virus scans because "they are not at risk of infection". Microsoft claims ignoring these files will help improve scanning performance and avoid unnecessary conflicts.

Cybercriminals may strategically drop or download a malicious file into one of the folders that are recommended to be excluded from scanning

However, Trend Micro warns that by making such information available, Microsoft is effectively creating a hit list for malware writers. "Following the recommendations does not pose a significant threat as of now, but it has a very big potential of being one," the company's researcher, David Sancho, writes on the Trend Micro blog.

"Cybercriminals may strategically drop or download a malicious file into one of the folders that are recommended to be excluded from scanning or use a file name extension that is also in the excluded list."

"We find it sensible for users to aim for better system performance. However, we also think that excluding certain file types or folders from antivirus scanning is not something novice users should tinker with.

"Doing so may expose the system to risks that can lead to an inconvenience far more severe than a slightly slower system."

In a statement, Microsoft appears to concede the information may be outdated. "Microsoft has been made aware of a blog post by a security vendor regarding our recommendations that may help users protect a computer that is running Windows Server 2008 R2, Windows Server 2008, Windows Server 2003, Microsoft Windows 2000, Windows XP, Windows Vista, or Windows 7 from viruses.

"To clarify, our recommendations contain information to help users minimise the effect of antivirus software on system and network performance. Although updated for recent product launches, the article in question was created in 2003 and is in the process of being reviewed. Further updates will take place if needed based on that review to reflect protection best practices in addition to performance.”

Read more

News