There are so many types of files on a computer or server and the anti-virus software is responsible for scanning all of them to find out possible malicious pieces of codes attached to any of them. That could seriously impact the performance of the system as you can see many people avoid installing anti-virus softwares only because of this reason.
For instance, I myself used to have so much trouble with Norton 2004 when I installed it on my machine in the past. But What can be done?
There are so many files in the Windows OS that do not need to be scanned really as they are either locked and impossible to be scanned or always clean and never infected and trying to scan them all would be just the waste of time and effort and would greatly reduce the performance of the system. So how about excluding them all from the scanning tasks of our anti-virus?
That seems like a good solution for improving the performance of the operating system when there is an anti-virus software on your machine which has a terrible effect on the operating speed of your machine. But the question is which files need to be excluded?
Here is a list of types of files that need to be excluded for scanning in Windows Server 2008 R2, Windows Server 2008, Windows Server 2003, Windows 2000, Windows XP, Windows Vista, or Windows 7. There is something very important about this exclusion as you can also read on the page whose link I gave you; that excluding these file types should only be temporary to see if the problem with your computer being slow is the anti-virus and if that’s the case, you can contact the producer of your anti-virus company to ask for possible solutions.
Thanks for reading…
This is the question that often times comes to mind? Where do we need to apply encryption and why? Do we need to apply it at layer-2 which is much more low-level or do we need to apply it at layer-3 where Internet Protocol finds its definition?
Well, in the world today it is the speed of communication which every one thinks of first and talking about that, encryption at later-2 is the best option if you are sending data over a very fast network and if you do not want the flow of the traffic to be slow by any means. Layer-2 encryption reduces the overhead required by layer-3 encryption protocols or protocol suits like IPSec and reduces CPU utilization in devices applying it. Considering the great usage of VoIP nowadays and knowing that security and speed play very important roles in voice communications, layer-2 encryption for sure will be the best choice.
Having mentioned above, layer-3 encryption is still well-suited for environments where you have low-bandwidth connections and really do not have devices to support encryption at layer-2. There are also situations where companies have offices around the world and it is not anymore the matter of only a few devices but hundreds, so you need to consider the fact that encryption at layer-2 is on a hop-by-hop basis and not end-to-end just like layer-3.
Nowadays there are so many devices supporting Layer-2 encryption and it is not like the past anymore as there is a standard for it therefore there could be layer-2 encrypted communication between devices of different vendors. For instance Cisco Catalyst Switches (3560-X series and 3750-X series) now pretty well support data-link layer encryption by IEEE 802.1AE (MACsec), 802.1x REV.
So if you think that you need to apply encryption over your high-speed links and security really matters to you as well as low-latency and simplicity in management, you can for sure go for layer-2 encryption.
In the previous posts of my blog we talked a little bit about security exploits and how they function and how to prevent from attacks using security exploits. In this post I am so excited to introduce a great toolkit offered by Microsoft to defense against the exploitation of the system.
The tool is called Enhanced Mitigation Experience Toolkit (EMET) which uses exploitation mitigation techniques making it very difficult for exploits to defeat the system. However the protection applied by EMET does not guarantee that the system will not be exploited but it just makes it as difficult as possible to exploit the system even using a 0-Day vulnerability exploits.
Working with EMET is pretty simple and you just need to download it from here and then install it on your machine and simply choose the software that you want it to protect and you believe is more probable to have a security vulnerability and then you are all done. It is possible through the GUI interface of the tool.
EMET is compatible with any software and it does not really matter whether the software you want to protect is a Microsoft software or not. Below is a screenshot of the GUI interface of the toolkit:
You should for sure try this tool as it’s a must for every security engineer worrying about the security of their environment with all those softwares installed on their servers which each could have possible security vulnerabilities putting the whole network and system at risk.
You want to learn more? Check out my new book below and have access to great and practical tutorials and step-by-step guides all in one book:
To get more information about the book click on the book below:
The experience shows that consumers whether they are ordinary people using their computers for everyday tasks or even experienced network administrators never tend to be very open to security updates. Talking to so many network admins about security updates especially Service Packs (They do not necessarily include only security updates) of operating systems especially Windows Server, they mostly didn’t show much interest for installing some specific updates and service packs for some reasons:
- They thought of some of the security updates as unnecessary
- Some of them believed it is too risky to install some of the updates due to a fear of possible service crackdown. Some also believe some hotfixes and security patches are not compatible with some other services and could possibly create problems
- They mostly considered service packs as unnecessary update packages with this reasoning that they have already installed those needed hotfixes and the rest included in the service packs are unnecessary
In my own experience I’ve always seen people hit by a pretty famous worm on the Internet like Sasser and even after that they were always looking for some virus removal tool to get them out of the trouble and not a security patch unaware of the fact that an anti-virus software can not stop a worm from functioning.
So you can see that security people at Microsoft are on a very difficult road to educate all those users and admins and kind of convince them that patching a system is the best thing to do for every user to stay safe on the Internet. But here it comes another concept called Security from the Inception which says instead of going through all these difficulties of educating the users which seem pretty impossible at times, a much better approach is to try to secure the code of the products by applying SDL (Security Development Lifecycle) from the beginning of the development of a product. That is how we can reduce the impact of security vulnerabilities missed during the software development process.
Right now Microsoft is on the right track in developing more secure code by only applying SDL as we can see less security vulnerabilities in its products.