In an October knowledge base article, Microsoft gives certain recommendations to users running virus protection that could potentially lead to huge security risks. The suggestions come as a result of virus scan programs' tendency to slow down computer performance, especially when certain files are accessed. According to the article, certain files and folders do not need to be scanned by virus protection software. The article states, "Do not scan the following files and folders. These files are not at risk of infection. If you scan these files, serious performance problems may occur because of file locking." Included in the exclusion list are the SoftwareDistribution folder, used for Windows Update, file extensions, such as .log, and files with specific names, such as edb.chk.
Trend Micro notes that while it's true that these suggestions don't pose any immediate threat to security, Microsoft telling users to implement them into practice poses a risk, allowing malicious software creators to easily implement undetectable viruses in the future. "We find it sensible for users to aim for better system performance. However, we also think that excluding certain file types or folders from antivirus scanning is not something novice users should tinker with. Doing so may expose the system to risks that can lead to an inconvenience far more severe than a slightly slower system."
Geek.com's Matthew Humphries notes that many users will probably never attempt such a thing (as they'll never come across Microsoft's article, nor experience major performance issues), and suggest that users still scan them, but at a time when the computer isn't being used. That way, they can completely avoid the performance hit that Microsoft is aiming to remedy, yet still stay completely protected.
It's unclear if Microsoft's own virus protection program, Security Essentials, is set to automatically skip these files. That would add a whole new dimension to this story. So far, Microsoft has yet to comment on Trend Micro's call for concern.
52 Comments - Add comment