This Looks Bad
What's the one thing anti-virus software should never, ever do?
Ship with a security flaw that makes it easier for your computer to get nailed by a virus.
The notice at Trend Micro's site says it all:
Trend Micro has become aware of a vulnerability in its Scan Engine, wherein a corrupted UPX file can cause a buffer overflow and lead to either of the following:
Blue screen of death (BSOD)
Execution of arbitrary code that allows an attacker to take control of the system It affects all Trend Micro products and versions using the Scan Engine and Pattern File technology.
That's just great...
By
Rob Pegoraro
|
February 8, 2007; 3:51 PM ET
Categories:
Windows
Save & Share:
Previous: What's Up With Palm?
Next: Vista's "Reduced Functionality"
Posted by: DT | February 9, 2007 11:20 AM | Report abuse
Yeah, a full disclosure is great. But didn't they test it BEFORE they mass produced it. That means the company should cease operations until it gets it act together. While I've heard of them, I have not bought their products. With this announcement, I think I acted appropriately, but what about Trend Micro?
If a computer is wiped out due to their software, will they get the customer a new computer? Probably not, so testing is key. Once a product hits the big box shelves, a customer should be able to draw the conclusion that the product was 100 percent tested. But hey, that's just me and I still don't wear Reeboks!
Posted by: umm.huh | February 9, 2007 12:58 PM | Report abuse
You can test every line of a program, and even every one of the infinite paths through a program, and *still* not reliably trigger all possible buffer overrun vulnerabilities. Testing alone isn't remotely sufficient for security purposes.
Posted by: mcm | February 9, 2007 6:03 PM | Report abuse
As far as I can tell, anti-virus software does more harm than good. It doesn't prevent the most serious problems and sometimes causes its own problems. Most of these problems can be prevented only with correct behavior.
Posted by: slar | February 9, 2007 6:06 PM | Report abuse
Hello Rob:
I must say that Microsoft has put out a new upgrade that has given me a ray of Hope. I bought a office 2007 (student teacher) version. This is the first program that loaded without one problem. I really like the prefomance. MSN Direct is still a thorn in my side. Keep up the good work.
James
Posted by: James (old fossil) | February 11, 2007 12:41 PM | Report abuse
Since I have Trend Micro on my home computer (not the one I am using now) and recently updated it, should I uninstall it or is it already too late.?
Posted by: DB | February 12, 2007 12:42 PM | Report abuse
No need to uninstall. Just check for updates, as this has been fixed. They addressed it pretty quickly when they heard and told EVERYONE. Wish I could say the same fro MS, who refuses to fix things for WEEKS, if at all at times...
As said, you can't prevent everything, but how you handle it is KEY. TM did a fine job.
Posted by: TM | February 17, 2007 8:51 AM | Report abuse
No need to uninstall. Just check for updates, as this has been fixed. They addressed it pretty quickly when they heard and told EVERYONE. Wish I could say the same for MS, who refuses to fix things for WEEKS, if at all at times...
As said, you can't prevent everything, but how you handle it is KEY. TM did a fine job.
Posted by: TM | February 17, 2007 8:53 AM | Report abuse
The comments to this entry are closed.
Nothing developed by Man can ever be perfect. I applaud Trend Micro for being upfront about this error on their part. I hope they get it taken care of fast.