Feeds

Trend virus update freezes some PCs

Chicken Little pox

Beginner's guide to SSL certificates

Problems with antivirus updates from Trend Micro left some users with unusable computers late last week.

The signature update, pushed out on Friday morning, incorrectly identified key Windows system files as being infected with a Trojan. The security software quarantined these important files leaving users with unstable systems. Trend later fixed the problem by issuing updated signature definition files that avoided the false positive.

For affected users that was far from the end of their worries. They were still left with the hassle of repairing Windows and (perhaps) reinstalling their security software.

Consumers were hardest hit by the glitch, which affected users of Trend Micro Internet Security, Trend Micro Internet Security Pro and Trend Micro AntiVirus. In an advisory to customers forwarded to The Register, Trend Micro said that a small number of consumers were hit by the snag and explained that the faulty update "inaccurately identified certain files as malicious and quarantined them". It admitted that this might cause system instability.

In response to queries from El Reg, prompted by reader emails, Trend Micro issued a statement:

On 5th September 2008 at 02h00 GMT, a false alarm was triggered in Trend Micro Internet Security caused by a new pattern file that had been issued. Specifically the inclusion of pattern Troj_Generic.ADV issued within Official Pattern Release (OPR) version 5.525.50 quarantined several Microsoft Windows DLLs.

In mitigation we removed the detections in question and at 12h15 GMT on 5th September, OPR 5.527.50 was released that resolved this issue. Customers who downloaded OPR 5.525.50 needed only to update to the latest OPR. All other customers who updated thereafter received the latest OPR.

Oh Lordy it's happened again

Anti-virus updates misidentifying legitimate files as suspect are a well known Achilles' Heel of anti-virus scanner software. Issues crop up periodically at roughly the same frequency Premiership football managers and club chairmen fall out.

The results can be just as ugly.

It's hard to think of a security firm that hasn't had problems in this area, and Trend is no exception. The issue gets far more messy, as in the latest Trend Micro case, when system files are incorrectly flagged up as malware.

Reg reader Antonin, based in France, explained the problem in greater depth.

"Trend Micro release a new signature file which decided that explorer.exe and several other system files had a "Troj Gen Adv" and should be quarantine. After the cleanup, a reboot was advised and after the reboot, chaos started," Antonin explained.

"Logon was OK but there was no taskbar, Trend Micro and several other application would not load automatically, Excel and Word and any other application would start but after clicking [I received] several error messages, services menu was corrupted and windows was very unstable. Restore would not work and install/uninstall would not neither," he added.

Antonin was eventually advised by Trend Micro to repair Windows before uninstall and reinstalling Trend Micro.

The net security firm is continuing to investigate the issue. "To date Trend Micro UK have received thirty-five calls to our technical support teams in relation to this issue and TrendLabs is investigating the incident further to determine root cause and remediate," said Rik Ferguson, senior security advisor at Trend Micro. ®

Protecting users from Firesheep and other Sidejacking attacks with SSL

More from The Register

next story
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
Jihadi terrorists DIDN'T encrypt their comms 'cos of Snowden leaks
Intel bods' analysis concludes 'no significant change' after whistle was blown
TOR users become FBI's No.1 hacking target after legal power grab
Be afeared, me hearties, these scoundrels be spying our signals
Home Depot: 56 million bank cards pwned by malware in our tills
That's about 50 per cent bigger than the Target tills mega-hack
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
China hacked US Army transport orgs TWENTY TIMES in ONE YEAR
FBI et al knew of nine hacks - but didn't tell TRANSCOM
Microsoft to patch ASP.NET mess even if you don't
We know what's good for you, because we made the mess says Redmond
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Protecting users from Firesheep and other Sidejacking attacks with SSL
Discussing the vulnerabilities inherent in Wi-Fi networks, and how using TLS/SSL for your entire site will assure security.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.