X-Spam-Check-By: sourceware.org Message-ID: <45A1A5B1.20503@cygwin.com> Date: Sun, 07 Jan 2007 21:00:17 -0500 From: "Larry Hall (Cygwin)" Reply-To: cygwin AT cygwin DOT com User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.8) Gecko/20061108 Fedora/1.5.0.8-1.fc4.remi Thunderbird/1.5.0.8 Mnenhy/0.7.4.0 MIME-Version: 1.0 To: cygwin AT cygwin DOT com Subject: Re: Exclude cygwin folder from malware scans? References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Fred Ma wrote: > Fred Ma wrote: >> After some surfing, I haven't found any evidence of malware targetting >> cygwin. I'm considering excluding the massive file tree from scans >> (AV, SpyBot, AdAware). I'd be interested in more experienced opinions >> about this. Thanks. > > Larry Hall: >> Any such reports on this list in the past have later been shown to >> be problems with the software that claims to have found a fault in >> Cygwin. Such is the reasoning behind the following FAQ: >> >> >> >> There has actually been more evidence to support that virus >> scanners, firewalls, and spyware detection programs *cause* Cygwin >> problems by interfering with its proper operation. You can see such >> reports and the subsequent resolutions (un-install faulty security >> software) in the email archives. > > I haven't had any problems in that regard (malware scanners > interfering with cygwin or having false positives), though I don't > doubt that it has happened before. I was more wondering about the > wisdom of taking the plunge and excluding the cygwin directory tree > from future scans based on the past track record of not being > targeted. I doubt there are many out there that would think Cygwin is a good vector to compromise machines with. It's just not on enough machines to attract that kind of attention. The call is, of course, yours but I would say that a Cygwin-based attack isn't likely to be your biggest concern. -- Larry Hall http://www.rfk.com RFK Partners, Inc. (508) 893-9779 - RFK Office 216 Dalton Rd. (508) 893-9889 - FAX Holliston, MA 01746 _____________________________________________________________________ A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting annoying in email? -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/