Your browser is obsolete!

The page may not load correctly.

The rules of ”basic hygiene”

Правила гигиены

Other issues in this category (99)
  • add to favourites
    Add to Bookmarks

A green channel for cybercriminals

Read: 4710 Comments: 3 Rating: 43

Friday, December 23, 2016

What should you do if your anti-virus is slowing down your computer? One of the most common recommendations is to exclude your most frequently used system files and folders from scanning. Major software developers even publish entire lists of files and directories that they recommend should be excluded from anti-virus scanning (VMware, Microsoft, SAP, CA, Veritas, Sage...). Please note that they recommend that you not only exclude specific, frequently used files, but also directories. Strangely, criminals overlooked this fact for a long time.

An independent malware researcher who goes by the alias UnixFreakxjp notes that some of today’s malware makers use the exception lists.

http://www.theregister.co.uk/2016/12/07/clever_crims_using_av_exclusion_lists_as_malware_safe_harbour

We can't say that all malware writers use those lists. Perhaps, most of them are more interested in designing versatile malicious programs whose success won't depend on special software that may or may not be installed on machines. However, targeted attacks are a different matter. The latter half of the outgoing year was marked by a sharp increase in attacks on corporate machines in Russia as well as in other countries. Whoever is behind those attacks needs to factor in the specific software configuration of the machines they are targeting in order to increase their probability for success.

#anti-virus #anti-virus_scanning #security

The Anti-virus Times recommends

  • If possible, select custom installation locations instead of default ones.
  • If you must utilize exceptions, you should exclude only specific files from scanning rather than entire directories.

  • If you add certain folders to an exceptions list (e.g., temporary file directories), do the following:

    • Scan them regularly with an anti-virus (more often, than the rest of the system).
    • Adjust access permissions for these directories to make sure they are only accessible to specific programs or under specific user accounts.

[Twitter]

Tell us what you think

To leave a comment, you need to log in under your Doctor Web site account. If you don't have an account yet, you can create one.

Comments

Comments to other issues | My comments