Feeds

Trend virus update freezes some PCs

Chicken Little pox

Protecting against web application threats using SSL

Problems with antivirus updates from Trend Micro left some users with unusable computers late last week.

The signature update, pushed out on Friday morning, incorrectly identified key Windows system files as being infected with a Trojan. The security software quarantined these important files leaving users with unstable systems. Trend later fixed the problem by issuing updated signature definition files that avoided the false positive.

For affected users that was far from the end of their worries. They were still left with the hassle of repairing Windows and (perhaps) reinstalling their security software.

Consumers were hardest hit by the glitch, which affected users of Trend Micro Internet Security, Trend Micro Internet Security Pro and Trend Micro AntiVirus. In an advisory to customers forwarded to The Register, Trend Micro said that a small number of consumers were hit by the snag and explained that the faulty update "inaccurately identified certain files as malicious and quarantined them". It admitted that this might cause system instability.

In response to queries from El Reg, prompted by reader emails, Trend Micro issued a statement:

On 5th September 2008 at 02h00 GMT, a false alarm was triggered in Trend Micro Internet Security caused by a new pattern file that had been issued. Specifically the inclusion of pattern Troj_Generic.ADV issued within Official Pattern Release (OPR) version 5.525.50 quarantined several Microsoft Windows DLLs.

In mitigation we removed the detections in question and at 12h15 GMT on 5th September, OPR 5.527.50 was released that resolved this issue. Customers who downloaded OPR 5.525.50 needed only to update to the latest OPR. All other customers who updated thereafter received the latest OPR.

Oh Lordy it's happened again

Anti-virus updates misidentifying legitimate files as suspect are a well known Achilles' Heel of anti-virus scanner software. Issues crop up periodically at roughly the same frequency Premiership football managers and club chairmen fall out.

The results can be just as ugly.

It's hard to think of a security firm that hasn't had problems in this area, and Trend is no exception. The issue gets far more messy, as in the latest Trend Micro case, when system files are incorrectly flagged up as malware.

Reg reader Antonin, based in France, explained the problem in greater depth.

"Trend Micro release a new signature file which decided that explorer.exe and several other system files had a "Troj Gen Adv" and should be quarantine. After the cleanup, a reboot was advised and after the reboot, chaos started," Antonin explained.

"Logon was OK but there was no taskbar, Trend Micro and several other application would not load automatically, Excel and Word and any other application would start but after clicking [I received] several error messages, services menu was corrupted and windows was very unstable. Restore would not work and install/uninstall would not neither," he added.

Antonin was eventually advised by Trend Micro to repair Windows before uninstall and reinstalling Trend Micro.

The net security firm is continuing to investigate the issue. "To date Trend Micro UK have received thirty-five calls to our technical support teams in relation to this issue and TrendLabs is investigating the incident further to determine root cause and remediate," said Rik Ferguson, senior security advisor at Trend Micro. ®

Reducing the cost and complexity of web vulnerability management

More from The Register

next story
Infosec geniuses hack a Canon PRINTER and install DOOM
Internet of Stuff securo-cockups strike yet again
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
Greater dev access to iOS 8 will put us AT RISK from HACKERS
Knocking holes in Apple's walled garden could backfire, says securo-chap
Microsoft to patch ASP.NET mess even if you don't
We know what's good for you, because we made the mess says Redmond
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.