Network News

X My Profile
View More Activity

This Looks Bad

What's the one thing anti-virus software should never, ever do?

Ship with a security flaw that makes it easier for your computer to get nailed by a virus.

The notice at Trend Micro's site says it all:

Trend Micro has become aware of a vulnerability in its Scan Engine, wherein a corrupted UPX file can cause a buffer overflow and lead to either of the following:

  • Blue screen of death (BSOD)

  • Execution of arbitrary code that allows an attacker to take control of the system

    It affects all Trend Micro products and versions using the Scan Engine and Pattern File technology.

  • That's just great...

    By Rob Pegoraro  |  February 8, 2007; 3:51 PM ET
    Categories:  Windows  
    Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: What's Up With Palm?
    Next: Vista's "Reduced Functionality"

    Comments

    Nothing developed by Man can ever be perfect. I applaud Trend Micro for being upfront about this error on their part. I hope they get it taken care of fast.

    Posted by: DT | February 9, 2007 11:20 AM | Report abuse

    Yeah, a full disclosure is great. But didn't they test it BEFORE they mass produced it. That means the company should cease operations until it gets it act together. While I've heard of them, I have not bought their products. With this announcement, I think I acted appropriately, but what about Trend Micro?

    If a computer is wiped out due to their software, will they get the customer a new computer? Probably not, so testing is key. Once a product hits the big box shelves, a customer should be able to draw the conclusion that the product was 100 percent tested. But hey, that's just me and I still don't wear Reeboks!

    Posted by: umm.huh | February 9, 2007 12:58 PM | Report abuse

    You can test every line of a program, and even every one of the infinite paths through a program, and *still* not reliably trigger all possible buffer overrun vulnerabilities. Testing alone isn't remotely sufficient for security purposes.

    Posted by: mcm | February 9, 2007 6:03 PM | Report abuse

    As far as I can tell, anti-virus software does more harm than good. It doesn't prevent the most serious problems and sometimes causes its own problems. Most of these problems can be prevented only with correct behavior.

    Posted by: slar | February 9, 2007 6:06 PM | Report abuse

    Hello Rob:
    I must say that Microsoft has put out a new upgrade that has given me a ray of Hope. I bought a office 2007 (student teacher) version. This is the first program that loaded without one problem. I really like the prefomance. MSN Direct is still a thorn in my side. Keep up the good work.
    James

    Posted by: James (old fossil) | February 11, 2007 12:41 PM | Report abuse

    Since I have Trend Micro on my home computer (not the one I am using now) and recently updated it, should I uninstall it or is it already too late.?

    Posted by: DB | February 12, 2007 12:42 PM | Report abuse

    No need to uninstall. Just check for updates, as this has been fixed. They addressed it pretty quickly when they heard and told EVERYONE. Wish I could say the same fro MS, who refuses to fix things for WEEKS, if at all at times...
    As said, you can't prevent everything, but how you handle it is KEY. TM did a fine job.

    Posted by: TM | February 17, 2007 8:51 AM | Report abuse

    No need to uninstall. Just check for updates, as this has been fixed. They addressed it pretty quickly when they heard and told EVERYONE. Wish I could say the same for MS, who refuses to fix things for WEEKS, if at all at times...
    As said, you can't prevent everything, but how you handle it is KEY. TM did a fine job.

    Posted by: TM | February 17, 2007 8:53 AM | Report abuse

    The comments to this entry are closed.

     
     
    RSS Feed
    Subscribe to The Post

    © 2010 The Washington Post Company