X-Spam-Check-By: sourceware.org
Message-ID: <45A1A5B1.20503@cygwin.com>
Date: Sun, 07 Jan 2007 21:00:17 -0500
From: "Larry Hall (Cygwin)" <reply-to-list-only-lh AT cygwin DOT com>
Reply-To: cygwin AT cygwin DOT com
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.8) Gecko/20061108 Fedora/1.5.0.8-1.fc4.remi Thunderbird/1.5.0.8 Mnenhy/0.7.4.0
MIME-Version: 1.0
To: cygwin AT cygwin DOT com
Subject: Re: Exclude cygwin folder from malware scans?
References: <b4376ea40701071637w7c4db9d2y7541d40fe4279b9f AT mail DOT gmail DOT com>
In-Reply-To: <b4376ea40701071637w7c4db9d2y7541d40fe4279b9f@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com

Fred Ma wrote:
> Fred Ma wrote:
>> After some surfing, I haven't found any evidence of malware targetting
>> cygwin.  I'm considering excluding the massive file tree from scans
>> (AV, SpyBot, AdAware).  I'd be interested in more experienced opinions
>> about this.  Thanks.
> 
> Larry Hall:
>> Any such reports on this list in the past have later been shown to
>> be problems with the software that claims to have found a fault in
>> Cygwin.  Such is the reasoning behind the following FAQ:
>>
>> <http://cygwin.com/faq/faq-nochunks.html#faq.setup.virus>
>>
>> There has actually been more evidence to support that virus
>> scanners, firewalls, and spyware detection programs *cause* Cygwin
>> problems by interfering with its proper operation.  You can see such
>> reports and the subsequent resolutions (un-install faulty security
>> software) in the email archives.
> 
> I haven't had any problems in that regard (malware scanners
> interfering with cygwin or having false positives), though I don't
> doubt that it has happened before.  I was more wondering about the
> wisdom of taking the plunge and excluding the cygwin directory tree
> from future scans based on the past track record of not being
> targeted.


I doubt there are many out there that would think Cygwin is a good vector
to compromise machines with.  It's just not on enough machines to attract
that kind of attention.  The call is, of course, yours but I would say that
a Cygwin-based attack isn't likely to be your biggest concern.


-- 
Larry Hall                              http://www.rfk.com
RFK Partners, Inc.                      (508) 893-9779 - RFK Office
216 Dalton Rd.                          (508) 893-9889 - FAX
Holliston, MA 01746

_____________________________________________________________________

A: Yes.
 > Q: Are you sure?
 >> A: Because it reverses the logical flow of conversation.
 >>> Q: Why is top posting annoying in email?

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/