Re: Exclude cygwin folder from malware scans?
Fred Ma wrote: After some surfing, I haven't found any evidence of malware targetting cygwin. I'm considering excluding the massive file tree from scans (AV, SpyBot, AdAware). I'd be interested in more experienced opinions about this. Thanks. Thanks for your response. In summary, the likelihood of malware targeting cygwin explicitly is low, but there are occassional precedents for continuing to scan the sizable cygwin directory tree. I guess I'll be disciplined and do a 3-day rotational schedule, launching each of the 3 malware scanners at the end of the day. Thanks, all. Fred -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: Exclude cygwin folder from malware scans?
While it's true that not many viruses will target Cygwin directly, there are some that target folders based on string matching. For instance, a few years ago my computer at work caught a virus which apparently tried to spread itself through peer-to-peer file-sharing. It looked for folders with the string share in them, and then put in a bunch of doubtless infected files with tempting names(BRITNEY SPEARS NAKED!, etc.)in them. So I found a bunch of these files sitting in the C:\Cygwin\usr\share tree. While they were doubtless relatively harmless where they were, and weren't going to be shared over the Internet and infect anyone that way, I still didn't want to keep them around. This may also have been the virus that stopped any program with the substring sh.exe in it from running, presumably because they were aware that such a program could be used to kill the executing virus process. Made it hard to run Cygwin.bat. In other words, while bad virus checkers do seem to be the bane of functional Cygwin installations (though I've never had problems with AVG), you can't trust the Cygwin tree to never be targeted. -- --Alfvaen (Web page: http://www.telusplanet.net/public/alfvaen/ ) Current Album--LFO:Life Is Good Current Book--Steven Brust:Dzur You're too kind for your own good; you're too good for your own kind. -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: Exclude cygwin folder from malware scans?
Fred Ma wrote: After some surfing, I haven't found any evidence of malware targetting cygwin. I'm considering excluding the massive file tree from scans (AV, SpyBot, AdAware). I'd be interested in more experienced opinions about this. Thanks. I'd still be wary of as-yet-unknown viruses that reach out and infect loaded DLLs. You probably should continue to scan c:\cygwin\bin, but exclude everything else (which is still a big help). -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: Exclude cygwin folder from malware scans?
Fred Ma wrote: After some surfing, I haven't found any evidence of malware targetting cygwin. I'm considering excluding the massive file tree from scans (AV, SpyBot, AdAware). I'd be interested in more experienced opinions about this. Thanks. Any such reports on this list in the past have later been shown to be problems with the software that claims to have found a fault in Cygwin. Such is the reasoning behind the following FAQ: http://cygwin.com/faq/faq-nochunks.html#faq.setup.virus There has actually been more evidence to support that virus scanners, firewalls, and spyware detection programs *cause* Cygwin problems by interfering with its proper operation. You can see such reports and the subsequent resolutions (un-install faulty security software) in the email archives. -- Larry Hall http://www.rfk.com RFK Partners, Inc. (508) 893-9779 - RFK Office 216 Dalton Rd. (508) 893-9889 - FAX Holliston, MA 01746 _ A: Yes. Q: Are you sure? A: Because it reverses the logical flow of conversation. Q: Why is top posting annoying in email? -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: Exclude cygwin folder from malware scans?
Fred Ma wrote: After some surfing, I haven't found any evidence of malware targetting cygwin. I'm considering excluding the massive file tree from scans (AV, SpyBot, AdAware). I'd be interested in more experienced opinions about this. Thanks. Larry Hall: Any such reports on this list in the past have later been shown to be problems with the software that claims to have found a fault in Cygwin. Such is the reasoning behind the following FAQ: http://cygwin.com/faq/faq-nochunks.html#faq.setup.virus There has actually been more evidence to support that virus scanners, firewalls, and spyware detection programs *cause* Cygwin problems by interfering with its proper operation. You can see such reports and the subsequent resolutions (un-install faulty security software) in the email archives. I haven't had any problems in that regard (malware scanners interfering with cygwin or having false positives), though I don't doubt that it has happened before. I was more wondering about the wisdom of taking the plunge and excluding the cygwin directory tree from future scans based on the past track record of not being targeted. -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: Exclude cygwin folder from malware scans?
Fred Ma wrote: Fred Ma wrote: After some surfing, I haven't found any evidence of malware targetting cygwin. I'm considering excluding the massive file tree from scans (AV, SpyBot, AdAware). I'd be interested in more experienced opinions about this. Thanks. Larry Hall: Any such reports on this list in the past have later been shown to be problems with the software that claims to have found a fault in Cygwin. Such is the reasoning behind the following FAQ: http://cygwin.com/faq/faq-nochunks.html#faq.setup.virus There has actually been more evidence to support that virus scanners, firewalls, and spyware detection programs *cause* Cygwin problems by interfering with its proper operation. You can see such reports and the subsequent resolutions (un-install faulty security software) in the email archives. I haven't had any problems in that regard (malware scanners interfering with cygwin or having false positives), though I don't doubt that it has happened before. I was more wondering about the wisdom of taking the plunge and excluding the cygwin directory tree from future scans based on the past track record of not being targeted. -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/ I would. In fact, with Norton Antivirus, AVG and some of the others, you can individually select the directory. I just got a new computer the week before last. Came with PC Cillian. Hate it cause it only lasts 2 monthes. I put Norton on. Norton systemworks. and internet security. Works like a charm. Its a AMD 64 Athlon Duo Core. Not bad. Beats the pants off of my old system. Cygwin works like a charm. ANd I have never encountered a problem with Cygwin and Norton because i close out Cygwin when I am done with it. Cygwin works on Windows XP Media center edition 2005 just fine. Waiting on Vista to try it there. -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: Exclude cygwin folder from malware scans?
Fred Ma wrote: Fred Ma wrote: After some surfing, I haven't found any evidence of malware targetting cygwin. I'm considering excluding the massive file tree from scans (AV, SpyBot, AdAware). I'd be interested in more experienced opinions about this. Thanks. Larry Hall: Any such reports on this list in the past have later been shown to be problems with the software that claims to have found a fault in Cygwin. Such is the reasoning behind the following FAQ: http://cygwin.com/faq/faq-nochunks.html#faq.setup.virus There has actually been more evidence to support that virus scanners, firewalls, and spyware detection programs *cause* Cygwin problems by interfering with its proper operation. You can see such reports and the subsequent resolutions (un-install faulty security software) in the email archives. I haven't had any problems in that regard (malware scanners interfering with cygwin or having false positives), though I don't doubt that it has happened before. I was more wondering about the wisdom of taking the plunge and excluding the cygwin directory tree from future scans based on the past track record of not being targeted. I doubt there are many out there that would think Cygwin is a good vector to compromise machines with. It's just not on enough machines to attract that kind of attention. The call is, of course, yours but I would say that a Cygwin-based attack isn't likely to be your biggest concern. -- Larry Hall http://www.rfk.com RFK Partners, Inc. (508) 893-9779 - RFK Office 216 Dalton Rd. (508) 893-9889 - FAX Holliston, MA 01746 _ A: Yes. Q: Are you sure? A: Because it reverses the logical flow of conversation. Q: Why is top posting annoying in email? -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
