In an October knowledge base article, Microsoft gives certain recommendations to users running virus protection that could potentially lead to huge security risks. The suggestions come as a result of virus scan programs" tendency to slow down computer performance, especially when certain files are accessed. According to the article, certain files and folders do not need to be scanned by virus protection software. The article states, "Do not scan the following files and folders. These files are not at risk of infection. If you scan these files, serious performance problems may occur because of file locking." Included in the exclusion list are the SoftwareDistribution folder, used for Windows Update, file extensions, such as .log, and files with specific names, such as edb.chk.
Trend Micro notes that while its true that these suggestions dont pose any immediate threat to security, Microsoft telling users to implement them into practice poses a risk, allowing malicious software creators to easily implement undetectable viruses in the future. "We find it sensible for users to aim for better system performance. However, we also think that excluding certain file types or folders from antivirus scanning is not something novice users should tinker with. Doing so may expose the system to risks that can lead to an inconvenience far more severe than a slightly slower system."
Geek.coms Matthew Humphries notes that many users will probably never attempt such a thing (as theyll never come across Microsofts article, nor experience major performance issues), and suggest that users still scan them, but at a time when the computer isnt being used. That way, they can completely avoid the performance hit that Microsoft is aiming to remedy, yet still stay completely protected.
Its unclear if Microsofts own virus protection program, Security Essentials, is set to automatically skip these files. That would add a whole new dimension to this story. So far, Microsoft has yet to comment on Trend Micros call for concern.