Microsoft Accused of Supporting Virus Authors

According to the online security firm Trend Micro, Microsoft's suggestion to computer users that they keep out certain folders and files from the scanning process of antivirus programs could actually prove dangerous.

Microsoft issued a Knowledge Base notice listing the types of Windows files that need not be scanned with anti-malware solutions. The Company elaborated that those files would not be infected and scanning them could result in performance problems since they were often locked.

The folders and files that Microsoft suggests should be kept out include those related to Group Policy and Windows Update. The files which have .sdb, .chk and .edb extensions found inside the folder, "%windir%\security" should be kept out of anti-malware scanning.

David Sancho, malware Researcher at Trend Micro, said that although it was logical to stop scrutinizing Group Policy-based files and Windows Update so that the system worked at a fast pace, the concern was that Microsoft's suggestion was largely publicized, as reported by ComputerWorld on December 21, 2009.

Sancho explained that cyber criminals might tactically download or drop a malevolent file on a folder, which was suggested to keep out from scanning or manipulate with a file type, which was also kept out.

Trend Micro states that although these recommendations do not immediately risk computer users of potential attacks, the suggestion that users adopt them as a long time strategy poses a danger. There could be malware writers with undetectable viruses that could be easily executed during the coming days.

Agreeing with Trend Micro's opinion, Andrew Storms, Director of Security Operations, nCircle Network Security, said that Microsoft's suggestions might not prove helpful, as eported by FierceCIO:TechWatch on December 22, 2009. According to Storms, the Microsoft-released whitelist could eventually make an impact on hackers' repositories of malicious programs.

Sancho substantiated what Andrew Storms said. However, he said in addition that the issue shouldn't be exaggerated because - while cyber criminals would continue to habitually make malicious codes, a normal Windows user would not care to consider a complicated arrangement of exclusions and execute a scan, as reported by IT Chuiko on December 23, 2009.

Related article: Microsoft Patches Live OneCare to Tackle Quarantined E-Mails

» SPAMfighter News - 1/2/2010