Recommended NZ | Guide to Money | Gimme: Competitions - Giveaways

Microsoft's Whitelist Helps Hackers

David Silversmith
David Silversmith

Microsoft was trying to help consumers save time while fighting off spam, viruses and hackers.  However, it looks like their tips are also helping hackers - far from what Microsoft hoped to be doing.

A Microsoft support article, Virus scanning recommendations for computers that are running Windows, recommends that users exclude certain files and folders from antivirus software to avoid situations where "serious performance problem" could occur as a result of file locking.

Many security experts and software manufacturers, like Trend Micro, have taken exception to this advice noting that "we are concerned by the fact that this was released publicly." David Sancho, a malware researcher with Trend Micro argued that the list will be a boon to hackers, as they can know strategically drop or download a malicious file into one of the folders mentioned in the exclusion list. Sancho admitted that the risk is not immediate, but it is on the way - "Following the recommendations does not pose a significant threat as of now, but it has a very big potential of being one."

It is important to note that Trend Micro has a history of butting heads with Microsoft. Like many other third-party security vendors, Trend has mocked Microsoft's moves in the antivirus market,  However, other security experts that don't directly compete with Microsoft have also reaised concerns. Andrew Storms, director of security operations at nCircle Network Security, backed Sancho on that. "I would agree with Trend that making any sort of whitelisting with your security software is not for the average user or the faint at heart," Storms said in an interview conducted via instant message.

This scenario only highlights the challenges of security. Microsoft wanted to help consumers avoid issues - but any attempt to increase convenience can unfortunately also decrease security.

All articles and comments on have been submitted by our community of users. Please notify us if you believe an item on this site breaches our community guidelines.