Trend Micro bug due to quick testing

Trend Micro has confirmed the reason a 'bad' update was released late last week that caused some computers to crash was because of the rush to combat a vulnerability for the Rbot worm.

The update, named by Trend Micro as Official Pattern Release (OPR) 2.594.00 was released at 11.30pm GMT on April 22 and was removed from the Active Update list 90 minutes later at 1.02am, April 23.

Customers using OfficeScan, PC-cillin, Server Protect for NT, Client/Server Suite 2.0 for SMB and Client/Server/Messaging Suite for SMB were directly affected by a bug in the file update, which created a loop which used up nearly 100 percent of CPU processing power.

As a result affected computers using the auto update feature either stalled or crashed.

An hour and a half later a second patch (2.596.00) to combat this issue was released by Trend Micro.

The vast majority of those computers affected were in Japan, although Trend Micro has received several reports of users of their product experiencing problems in the US, Middle East and Australia.

According to Australian Trend Micro managing director Chris Poulos, the reason for the bug being included in an update was due to Trends Micro's own internal testing procedure.

"The testing procedure is a game of speed and fulfilling procedures, and I think one test went to fast and not quite correctly," Poulos said.

"How it [the patch] was tested is more the case than it was released untested - the procedure for that file (OPR 2.594.00) did not take the full extent of the testing procedure - it is about getting the pattern file out there to protect the customer.

"We have a management procedure to understand what happened because learning from mistakes is critical for any organization."

Poulos added that the fact the issue occurred on a long weekend lessened the potential damage for Australian customers, adding "If life was up to chances we [Trend] have been dealt a good hand", and this was the first of such issues to be suffered by Trend Micro.

The compression tool used by Trend Micro, named UltraProtect, compresses and encrypts Windows applications. Trend have confirmed they added support for UltraProtect in the offending pattern file (2.594.00), and found the decompression of certain file scanning caused high CPU utilization under Windows XP SP2.

In December last year Trend Micro landed the deal for antivirus scanning for Microsoft's MSN Hotmail service from McAfee, scanning more than 187 million e-mail accounts.

A spokesperson from Hotmail stated that they have suffered no significant outage for Hotmail mail servers.

However it seems Trend Micro's reputation may be the hardest hit by the issue. Frost & Sullivan security analyst James Turner said 2005 is not the year for an anti-virus to be dropping the ball as the market is getting extremely aggressive.

"In the AV space you either have market share or perish - the market is becoming heavily commoditised," Turner said.

"The idea security vendors live and die by is trust from the market and to ship out something that cripples a machine is a major breach of trust."

Japanese railway operator East Japan Railway and the Asahi and Yomiuri daily newspapers reportedly suffered network problems as a result.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about Frost & Sullivan (Aust)McAfee AustraliaMicrosoftMSNSpeedTrend Micro Australia

Show Comments