I’m normally logged on as a member of the Windows “Users” group and in order to improve system performance, would like to disable resident scanning of frequently used folders I don’t have write access to (note that I’m using WinXP Pro). In particular, I’d like to disable “C:\WINNT” and “C:\Program Files” (and all subfolders) but will turn scanning back on whenever I’m logged on as an administrator. Is this a safe move? Thanks.
You don’t have write access but others (like the malware…) could have and write.
It’s not safe, on contrary, add Windows and Program files folders to the exclusion lists.
I would suggest using the Normal level of Standard Shield sensitivity instead of High. If it is not enough, post back and we can help you tweak your system deeply.
I think it would leave a hole in your protection disabling folders, the program files folder is a frequent target for malware. I wouldn’t exclude any system folder either for the same reasons.
If you are using different user accounts then I guess it would be theoretically possible as the settings are in the Standard Shield for on-access scans. I’m not sure if these settings would be global, but I would think not for a limited user account as it shouldn’t be able to apply settings for administrator group.
What sensitivity setting have you got the Standard Shield on, Normal is the default ?
Thanks for the responses. Could you just briefly elaborate however. If I’m running without admin rights on XP Pro then I’m protected by NTFS unless there’s a security hole. A rogue piece of software therefore can’t (normally) update any files in these folders since it’s running as a non-admin user. Note BTW that if it gains access as an admin user then all bets are off anyway (since it can circumvent any security system I have in place). Therefore, while running as a non-admin user, is scanning required simply to protect me in case a security hole is found (i.e., in theory I’d be safe otherwise). Thanks again.
You’re right, but it won’t increase performance as good as you just set the Sensitivity to Normal.
If you want, you can disable the open/create/modify files scanning. You will decrease protection a level, but won’t compromise the system. Performance in indeed increased.
Thanks for the confirmation. I’ll play around with the settings you suggested to see what kind of performance gain I can achieve. I have to balance my security needs with the need to run quickly and efficiently of course (I do a great deal of disk-intensive work). I keep my machine tightly locked down at all times anyway (most folders have admin rights even for reading) and along with other security techniques I apply (in addition to running Avast), I haven’t had any security breach in more than 3 years now (after many previous headaches). Anyway, thanks again (appreciated).
Sorry, I was wrong. Look, the Exclusion list does not work per user basis. I mean, if you exclude that folders, admin scanning will be affected too, as far I remember. I’m an avast user like you.
Ok, but I intend to re-enable it when I log on as an administrator but again, any virus (worm or whatever) can easily breach my security at that point. Because of this, I always drop my browser’s token rights before using the Internet and my email package as well. Given this precaution alone (in addition to the presence of Avast, my firewall, and antii-spyware), it’s effectively impossible for any virus to hijack my system files, program files, etc. (note that many system files are also protected by WFP anyway - see http://support.microsoft.com/kb/222193). A virus would have to breach Windows security to do it and that’s a very difficult task in spite of all the negative publicity you hear about it (certainly not impossible though). I think the real threat normally occurs when you install software as an administrator. You better be sure it’s from a trusted source and arrives with a valid certificate.
The point is that relying on your memory (as opposed to your computer’s memory) may not pay off.
That is, it is more than easy to actually forget to remove the exceptions from the list.
Note BTW that if it gains access as an admin user then all bets are off anyway (since it can circumvent any security system I have in place).
Theoretically, yes. But in practice, not always. For example, the new avast v4.8 comes with a robust self-protection mechanism that should resist attacks executed from both normal and admin accounts. It has some weaknesses, but its raising the bar much higher than just giving up and saying ‘all bets are off anyway’…
We dont’ live in an ideal world, so no thing is perfect. But we can at least try to do well…
I agree you can let your guard down by forgetting but being vigilant is the first step to being secure. It becomes second nature after a while but at the very least my browser and email package always run with reduced privileges as noted (I’ve set them up that way).
In any case, I’d be interested in knowing more about the admin protection you referred to. While I don’t specialize in security per se, I’m not aware of any means it could use to protect itself against an adequate attack from another adminstrator (“adequate” being the operative word). Of course any protection that can be provided is certainly welcome even if it’s ultimately doomed against an experienced developer. It can still save a lot of grief from an amateur’s attack (or one not explicitly designed to thwart your virus checker). It’s still worthwhile IOW.