The rules of ”basic hygiene”

Правила гигиены

Other issues in this category (29)
  • add to favourites
    Add to Bookmarks

A green channel for cybercriminals

Read: 306 Comments: 9 Rating: 24

What should you do if your anti-virus is slowing down your computer? One of the most common recommendations is to exclude your most frequently used system files and folders from scanning. Major software developers even publish entire lists of files and directories that they recommend should be excluded from anti-virus scanning (VMware, Microsoft, SAP, CA, Veritas, Sage...). Please note that they recommend that you not only exclude specific, frequently used files, but also directories. Strangely, criminals overlooked this fact for a long time.

An independent malware researcher who goes by the alias UnixFreakxjp notes that some of today’s malware makers use the exception lists.

http://www.theregister.co.uk/2016/12/07/clever_crims_using_av_exclusion_lists_as_malware_safe_harbour

We can't say that all malware writers use those lists. Perhaps, most of them are more interested in designing versatile malicious programs whose success won't depend on special software that may or may not be installed on machines. However, targeted attacks are a different matter. The latter half of the outgoing year was marked by a sharp increase in attacks on corporate machines in Russia as well as in other countries. Whoever is behind those attacks needs to factor in the specific software configuration of the machines they are targeting in order to increase their probability for success.

#anti-virus #anti-virus_scanning #security

Dr.Web recommends

  • If possible, select custom installation locations instead of default ones.
  • If you must utilize exceptions, you should exclude only specific files from scanning rather than entire directories.
  • If you add certain folders to an exceptions list (e.g., temporary file directories), do the following:

    • Scan them regularly with an anti-virus (more often, than the rest of the system).
    • Adjust access permissions for these directories to make sure they are only accessible to specific programs or under specific user accounts.

Rate this issue and receive Dr.Weblings! (1 vote = 1 Dr.Webling)

Sign in and get 10 Dr.Weblings for sharing the link to this issue via social media.

[Twitter]

Unfortunately, due to Facebook's technical limitations, Dr.Weblings cannot be awarded. However, you can share this link with your friends for free.

Tell us what you think

Leave your comment on the day of publication and get 10 Dr.Weblings, or get 1 Dr.Webling for a comment posted any other day. Comments are published automatically and are reviewed by a moderator. Rules for leaving comments about Doctor Web news items.

To leave a comment, you need to log in under your Doctor Web site account. If you don't have an account yet, you can create one.

Comments