Microsoft Policies Help Virus Writers, Says Security Firm 166
Barence writes "Security firm Trend Micro has accused Microsoft of giving malware writers a helping hand by advising users not to scan certain files on their PC because 'they are not at risk of infection.' Trend Micro warns that by making such information available, Microsoft is effectively creating a hit list for malware writers. 'Following the recommendations does not pose a significant threat as of now, but it has a very big potential of being one,' the company's researcher, David Sancho, writes on theTrend Micro blog."
The whole point is... (Score:2, Interesting)
Re:Don't virus-check database files (Score:3, Interesting)
But by the same logic, I could write a virus that hides itself in files called edb.chk and mail.log and keep the code that a virus scanner would find in there. Then just load that into memory from some stub program.
That's what the article is warning about.
Question (Score:3, Interesting)
I've just configured a new laptop and told the anti-virus to ignore *.jpg, *.avi and *.mp3 on my understanding that it's not possible to hide malware in them and that it will make the scan significantly quicker.
Am I right? Or is it a good idea to remove those exclusions?
Re:Really? (Score:2, Interesting)
Excluding any files on the computer is a bad thing, and needs to be discouraged.
Re:Do "Users" have a choice? (Score:3, Interesting)
To all the people suggesting PE discs - what AV do you use? The vast majority simply do not work in a preboot environment. The ones that do tend to be old versions, which are about as helpful in removing real threats as a dull knife.
In my experience, the overwhelming majority of viruses are removed by MalwareBytes in safe mode. The ones that aren't leave signs that MalwareBytes can detect (infections it can't delete or that reappear, etc.) The paranoid can confirm with a packet sniffer.
If you really want to be paranoid, get a USB => IDE/SATA adapter from newegg. Pop out the hard drive and hook it up to a clean machine. Mount the registry hives using regedit, and do a scan with your favorite AV product. No relying on a potentially rooted machine, and no relying on an old/gimped AV product that works in a preboot environment.
Comment removed (Score:2, Interesting)
Re:Do "Users" have a choice? (Score:3, Interesting)
To all the people suggesting PE discs - what AV do you use? The vast majority simply do not work in a preboot environment. The ones that do tend to be old versions, which are about as helpful in removing real threats as a dull knife.
You can use the included driverpacks app to include most LAN/WAN drivers and then use an online scanner if you like or you can install PE to a USB disk and install any Antivirus program you like.
In my experience, the overwhelming majority of viruses are removed by MalwareBytes in safe mode.
In my experience those people come back 3 days later with the same virus. MalwareByte's runs in PE now, as does SuperAntiSpyware and HijackThis and a number of Antivirus programs.
get a USB => IDE/SATA adapter from newegg. Pop out the hard drive and hook it up to a clean machine. Mount the registry hives using regedit, and do a scan with your favorite AV product. No relying on a potentially rooted machine, and no relying on an old/gimped AV product that works in a preboot environment.
That works or you can just use an PE Disk [ubcd4win.com] which will auto load your hives for you.
Then you can run which ever programs you want like MalwareBytes, SuperAntiSpyware, HijackThis, etc and I normally delete the recycle bin, system restore folder, and all the temp folders while taking a look around for stray files. All this while the other scans are running.
There really isn't any right or wrong way so whatever works for you is great. In my experience however safe mode is problematic.
The best option is to nuke the MBR and format/reload the system but people hate that.