Trend Micro says Microsoft encouraging viruses

In an October knowledge base article, Microsoft gives certain recommendations to users running virus protection that could potentially lead to huge security risks. The suggestions come as a result of virus scan programs' tendency to slow down computer performance, especially when certain files are accessed. According to the article, certain files and folders do not need to be scanned by virus protection software. The article states, "Do not scan the following files and folders. These files are not at risk of infection. If you scan these files, serious performance problems may occur because of file locking." Included in the exclusion list are the SoftwareDistribution folder, used for Windows Update, file extensions, such as .log, and files with specific names, such as edb.chk.

Trend Micro notes that while it's true that these suggestions don't pose any immediate threat to security, Microsoft telling users to implement them into practice poses a risk, allowing malicious software creators to easily implement undetectable viruses in the future. "We find it sensible for users to aim for better system performance. However, we also think that excluding certain file types or folders from antivirus scanning is not something novice users should tinker with. Doing so may expose the system to risks that can lead to an inconvenience far more severe than a slightly slower system."

Geek.com's Matthew Humphries notes that many users will probably never attempt such a thing (as they'll never come across Microsoft's article, nor experience major performance issues), and suggest that users still scan them, but at a time when the computer isn't being used. That way, they can completely avoid the performance hit that Microsoft is aiming to remedy, yet still stay completely protected.

It's unclear if Microsoft's own virus protection program, Security Essentials, is set to automatically skip these files. That would add a whole new dimension to this story. So far, Microsoft has yet to comment on Trend Micro's call for concern.

Report a problem with article
Previous Story

AT&T 3G really is the fastest, where available

Next Story

LG makes the world's thinnest HDTV

52 Comments

Commenting is disabled on this article.

Trend are garbage as there memory usage is triple of what norton used to be and have many false positives and they complain about ms offering a malware product.. wow give ms a break trend as your horrible with your app, instead of complaining you should be helping to make things better and if i could i would ask for a refund for the 2005 antivirus/security suite i bought over 100 freaking dollars for crap that i wasted and it's ur fault hehe.

Though this may be relatively safe, I think that this is something that Microsoft should work with AV companies about. Not something that they should be allowing users to set up... There are just too many things that could happen... lol

Aergan said,
Trend Micro -> Cry me a F%&*ing river.


Indeed. The only reason half these clowns are still in business, at least in the home market, is because most people are still ignorant of the wide variety of free alternatives available.

cybertech77 said,
I am using 64bit Windows--with a 64bit virus program. ESET Smart Security. Have not had much problems yet.

"much", or "any"? Big difference.

The issues with Trend and others are that they are not smart enough to not scan these files. I have had to hard code the exceptions in to SAV and others. Scanning of the AD files can and has caused all kinds of issues that I have seen. I have seen things in the past were SAV would can Exchange files, in the SMTP queues and crash exchange, or lock the log files and cause all kinds of issues.

MS published the list of recommended exceptions, and that is not making things less secure. Not even close.

Trend is a Joke, they have a major exploit that allows you to take over the AV software and do what you want. If you are using the enterprise software, then the can jump from machine to master console and do damage. They know about it and have not fixed it, and mentioned a fix in 2010 (3rd quarter). Glad to see that they are spending there time fixing issues.

I mainly use VIPRE, and love it. I have several copies of Trend Micro that i recieved at events that I can even give away.

Users run AV with def dates from 2006 (and you think i'm joking), and click on "Check out the new family video I uploaded" that was supposedly sent by grandma (grandma knows how to post videos?) or the link about a prince and money transfers or seeing (Insert name of star here) naked, and so on. As long as users at that level exist (and they always will), a couple of things will always be true
- No system is completely secure from stupidity
- There is be a need for antivirus and anti-malware software
- I will be paid well while I clean up those machines, until the next time they fall for something else, and then I will get paid well again.

And yes I currently recommend MSE / Malwarebytes / Superantispyware as the security approch (all 3 combined) for the users at that level I support.

i would have to agree as i recently seen it on a computer i had to fix with a 7yr old version of nortons and win98 the person had absolutly no idea what it was after doing a scan on it using a usb to ide cable if ifgured there were so many infected file the ony thing left todo was farmat c and start clean

Just so everyone is aware. I took a look at my Security Essentials settings and there are no file types set to be excluded by default. I never changed that setting previously so I know it is stock default right now.

Benjamin Rubenstein said,
I hope you're joking, LoL :)

http://www.codinghorror.com/blog/archives/000803.html

I agree with him. If one only downloads from trusted sources, and runs as a limited user, what does one have to worry about? I think the problem is when one has to manage computers for others. One may not trust them, but one always has to trust themselves. I will not deal with files from dubious sources.

Benjamin Rubenstein said,
I hope you're joking, LoL :)

Maybe he is, but I'm not.

Intelman got it semi correct. I don't run as a limited user. However, Always download from good trusted sources, I don't download text files, html files, random .exe files, and all that mumbo jumbo. I trust myself. I haven't had a virus or crash since 2001.

Benjamin Rubenstein said,
I hope you're joking, LoL :)

Me too... I'm honestly getting a bit tired of the "geniuses" that proudly tout that they don't use antivirus software because they're "so smart"...

MSE does go extremely slow when managing large files of sorts mostly installers I've found causes massive cpu usage and grinds computer to a halt at times besides that it's perfect

Alot of security programs do that as they try to scan the stream of data that is being written to the hard drive. They tend to start chewing up cpu usage after a while slowing down the task.

yup +1 me too but i also remove snortons aswell as mcstuffies they're both as usefull as one another unless you want a slow bogged down system then ofcourse by all means install them i use MSE and or Avast

Atlonite said,
yup +1 me too but i also remove snortons aswell as mcstuffies they're both as usefull as one another unless you want a slow bogged down system then ofcourse by all means install them i use MSE and or Avast

Recent releases of Norton are much faster and smaller applications... Perhaps you're talking about old releases?

If most people were smart about their computer security, they wouldn't need AV. I haven't run any AV in the past few years, and I have yet to get a single virus or spyware. I have Malware Bytes installed and run it every few months just to make sure.

Who cares if that's what Microsoft suggests? As the article states, it's not that big of a deal because most users don't have the sense to get on the site and worry about that...hell, most people don't even know if they have any AV software installed or not.

"I haven't run any AV in the past few years, and I have yet to get a single virus or spyware. I have Malware Bytes installed and run it every few months just to make sure."

so when you say u havnt run AV in a few years u meant u just run it every couple of months. you sort of contradicted yourself!!

sponex said,
"I haven't run any AV in the past few years, and I have yet to get a single virus or spyware. I have Malware Bytes installed and run it every few months just to make sure."

so when you say u havnt run AV in a few years u meant u just run it every couple of months. you sort of contradicted yourself!!

Malware Bytes is not an AV.

Glendi said,
Malware Bytes is not an AV.


Semantics. Anti-Malware and Anti-Virus software are virtually the same thing.

In fact, I challenge you to point out the exact difference between the two.

BigBoobLover said,
Semantics. Anti-Malware and Anti-Virus software are virtually the same thing.

In fact, I challenge you to point out the exact difference between the two.


Hmm, if it's solely Anti-Malware and no Anti-Virus, it invalidates the original point of:

I haven't run any AV in the past few years, and I have yet to get a single virus or spyware. I have Malware Bytes installed and run it every few months just to make sure.

If you're not testing for viruses, you cannot claim for certain you've had none.

Kirkburn said,

Hmm, if it's solely Anti-Malware and no Anti-Virus, it invalidates the original point of:

If you're not testing for viruses, you cannot claim for certain you've had none.

HAHAHA, indeed!

This is BS.... Microsoft is trying to make it OS faster. People blame microsoft if some software make the PC slow.
It doesnt mean Ms encourage Virus.

still1 said,
This is BS.... Microsoft is trying to make it OS faster. People blame microsoft if some software make the PC slow.
It doesnt mean Ms encourage Virus.

Exactly! I find it ludicrous to believe that Microsoft would "encourage" the single biggest bane to their reputation. If anything is stereotypically "bad" for Windows, it is a virus. And Microsoft does NOT want that to follow them into Vista, 7 and beyond. (in fact, their UAC addition in Vista shows they are taking security seriously)

Viruses are the LAST thing they want to start affecting their platform!

markjensen said,

Exactly! I find it ludicrous to believe that Microsoft would "encourage" the single biggest bane to their reputation. If anything is stereotypically "bad" for Windows, it is a virus. And Microsoft does NOT want that to follow them into Vista, 7 and beyond. (in fact, their UAC addition in Vista shows they are taking security seriously)

Exactly. Good post.
Viruses are the LAST thing they want to start affecting their platform!


markjensen said,

Exactly! I find it ludicrous to believe that Microsoft would "encourage" the single biggest bane to their reputation. If anything is stereotypically "bad" for Windows, it is a virus. And Microsoft does NOT want that to follow them into Vista, 7 and beyond. (in fact, their UAC addition in Vista shows they are taking security seriously)

Viruses are the LAST thing they want to start affecting their platform!

Exactly. Good post.

Oh yes, we must be ever vigilant against those pesky *.log files. Never know what they might say. Could seriously damage one's ego if they contained a particularly nasty jibe.

And isn't SoftwareDistribution just NTFS hardlinks to other files, or is that WinSxS?

Relativity_17 said,
And isn't SoftwareDistribution just NTFS hardlinks to other files, or is that WinSxS?

That would be WinSxS.

Trend is just butt-hurt that Microsoft has a free product that puts their multi-thousand dollar enterprise solution to shame. I have had Trend's enterprise solution on my customers, and now we are on Symantec's SEP. I am one more bad tech support call away from throwing it all in the trash and just suffering through the fact that Security Essentials is non-managed. why? because its works. SEP (Symantec Endpoint Protection) is a JOKE. i get weekly reports that it has found thousands of network security issues, and it just ends up being crap its already found and quarantined. i dont pay thousands of dollars for this kind of stupidity. neither Trend or Symantecs solutions detect the latest Anti Virus 2009 and Internet Security 2010 bogus AV malware. which seem to be rather prevalent in the last few weeks. Microsofts FREE product detects and removes it before its even installed.

Anti Virus 2009 and Internet Security 2010 are not viruses or trojans, but adware/spyware. By most definitions, an anti-virus product doesn't detect most spyware and adware. Thats what anti-spyware products are for.

TCLN Ryster said,
Anti Virus 2009 and Internet Security 2010 are not viruses or trojans, but adware/spyware. By most definitions, an anti-virus product doesn't detect most spyware and adware. Thats what anti-spyware products are for.


SEP is marketed as an Anti Virus, Anti Spyware, Desktop Firewall, Intrusion Prevention, and Generic Exploit Blocking solution.

Whenever i have used a tool like Malwarebytes to remove AV09/IS2010, its always labeled as a trojan of some kind.

Also, spyware and adware, pretty much by definition is a piece of unwanted software that tracks internet activity and injects advertisements. not making registry changes to reduce system functionality or completely block you from running any executable.

but thanks for trying to add constructive comments to the thread.