Trend Micro Bug Hits Several Important Computers

dmarx writes "The Japan Times reports that a bug in Trend Micro's antivirus software has caused the CPUs of several important computers, including those at East Japan Railway, to grind to a halt. A bug free version was released on noon Saturday." From the article: "Kyodo News experienced LAN access failure from around 8:20 a.m. to shortly before noon. The Asahi Shimbun and Yomiuri Shimbun also had trouble with their LANs at their Tokyo and Osaka bureaus, but the problems did not affect editing or printing of their evening editions."

Who's to blame

[janek78]

I suppose the manufacturer of the faulty software is not liable in any way. Would we buy say TV sets if their Terms of use said that they are in no way guaranteed to work for the purpose they were bought for, nor are they safe to use (like exploding randomly - It's time for the penguin on the top of the TV to explode).

I understand software is a tad more complex than your average TV, but cars are not exactly simple either and they seem to work quite well (most of the time). Will we ever get software that just works or will we always have to buy something in the good faith that it will work, but if it does not, it is our tough luck?

BTW, I hope slashdotting another japanese server won't cause much additional damage...

A lesson here.

[Anonymous Coward]

This is why sysadmins should never roll out updates without testing them first. And what's even worse than non-testing is letting individual stations update directly from a vendor's site on the internet. Just asking for trouble.

The problem with AV

[Fished]

Antivirus checking is, by nature, an invasive procedure. Is it really surprising that these products have such a lousy reputation for impacting system stability?

Oddly, my Solaris and/or Linux and/or OSX servers are able to get by without any sort of AV protection (other than promptly installing patches). And, oddly enough, they are more stable.

Go figure. :)

Antivirus software on mission critical computers?

[mferrier]

Yet another example of why critical computer systems should be stripped down to the barebones tried-and-true software and isolated from any potential source of interference. This goes doubly for a system like this on which the local infrastructure depends!

Auto Update of Antivirus IS a secuirty risk

[csk_1975]

There was a discussion about auto update of both definitions and scan engines being a security risk some time ago on Full Disclosure (I think it started as a Windows Update thread). This event just goes to show that software which auto updates should be used with caution and controls are required if its going to be used on critical systems, ie any updates need to be tested prior to roll out. Whether or not this can be viewed as a security incident is debatable, but software which downloads updates that cause a DOS are usually viewed as malicious. I wonder about the cruft like Plaxo (and all that other supposedly safe stuff) which download updates all the time, I can't stop it (not for technical reasons ;) but I'm just waiting for the day an auto downloaded update craps out some VP's laptop.

Re:Who's to blame

[Analogy Man]

Cars aren't what they used to be...

And that is a good thing...despite these software glitches cars are SIGNIFACTLY safer today due to computers:

• ABS Braking
• Structural Analysis software
• Vehicle dynamics / handling simulation
• CFD analysis for tires (they are quite efficient pumps really)

If cars are going to go fly by wire they need to be tested and maintained like airplanes instead of like disposable consumer electronics...but in balance computers have made cars safer.

We had the same problem

[Xerxes1729]

The same thing happened at my school this weekend. At the beginning of the year, ITS required that anyone with a Windows machine install this Trend Micro program and give them the password to an administrator account*. By "securing" all the Windows machines, network outages would be prevented. Ironic, eh? Those of us who use other OSs, of course, were unaffected. And best of all, when they sent out a notice about fixing the problem, they didn't explain what had happened - we had to wait for one of the students who works there to tell us.

*They wanted me to give them my root password before they would turn on my network connection. I told the nice woman that if ITS expected me to trust them with my password, surely they would trust me with the password to one of the servers. She rolled her eyes and activated my connection.

Re:We had the same problem

[Ruprecht the Monkeyb]

The problem is with your IT department, then, not with Trend Micro. The TM client software can be deployed in a number of ways that don't require client interaction, much less giving them the admin password.

I use TM's enterprise stuff at a number of clients, and I've found it to be far more reliable than anything else. Most of my clients were using other products before I moved them over to TM, and nearly all of them were having problems with client interaction, updates not working, etc. And despite updating regularly, I've never been hit by any of the bugs reported.

that's the problem

[zogger]

They are starting to make the cars so complex that it drives the cost up significantly for initial purchase, and the repair costs get astronomical because it requires a specialist in most cases to *really* fix them, but they still only last a few years before they start to break down and become uneconomical for most people. Catch 22 now. Airplanes on the other hand have high initial cost, high repairs and maintenance costs, but are designed for decades of service, not just a few years. Where are the high tech safer cards with 20 year warranties? the cost has gone up tremendously compared to when I was a kid, yet they still seem to break as much and are much harder to work on for joe average.

No easy choices for joe consumer and land transportation. It's not like you can go buy a brand new cheap car that isn't infested with all sorts of electronic stuff that isn't really necessary. It may be useful, but it's not exactly necessary. You can get older cars of course, but even then it's a high cost to restore them and in a lot of cases they have to be modified to pass emissions, which lowers their actual practicality value by introducing complexity. More stuff bolted on = more stuff to break, simple as that. I mean, new cars now cost what houses used to cost not that long ago, and they still drop in value the same as they always did, drive off the lot, whoops, several thousand gone, then it goes downhill from there. It's a cost/benefits/practicality issue that's quite complex, I don't think it can be really stated that cars are that much more of a deal now just because of all the electronic controls, which are consistently the number #1 consumer complaint with cars and repairs, the electronic control systems nowadays. Blackbox voodoo stuff that even the dealer factory trained guys have a hard time dealing with once they develop bugs.

Re:Servers do not need real time virus protection.

[Anonymous Coward]

As an admin my job is to keep the servers running acceptable and cost effectively.

Real time virus protection hurts SQL server performance. Real time virus protection hurts web server performance. Real time virus protection costs money on print servers. If no damage can be done, then why spend the money or take the performance hit?

Re:Sounds familiar.

[jeffmeden]

no virus checkers huh... how can you be remotely certain then, that there are no viruses?

Re:The problem with AV

[Anonymous Coward]

Then tell me, why is it that Microsoft's webserver is more vulnerable to exploits, viruses and trojans, http://www.google.com/search?q=+iis+apache+vulnera ble [google.com], than it's competitor Apache which has a market share of 70% http://news.netcraft.com/archives/2004/08/01/augus t_2004_web_server_survey.html [netcraft.com]

Re:Servers do not need real time virus protection.

[grasshoppa]

I am absolutely 100% sure that no damage can be done.

This would frighten me, were I your manager. People who are this sure of anything have been, in my experience, zealots for that OS or so egotistical that I don't want them making decisions.

Crap breaks, people make mistakes. I believe this to the core of my being, and I plan on it. Sure, I lose some performance, but given I can throw more hardware at that particular problem, I don't worry about it.

Re:Before the flury of obvios train crash jokes st

[Anonymous Coward]

Crash appears, 14 hours after the event and therefore subject to modification AND to my interpretation, due to:

1) Train driver overshot the station, so backed up.

2) This put the train a couple of minutes behind schedule.

3) The driver ran faster than allowed through a descending 70 kph right-hand curve to catch up.

4) The train derailed and slammed into an apartment block.

5) The driver survived. Many others didn't. 12 hours after the crash at least 4 people were still trapped.

6) Trend's antivirus products had fuck all to do with this.

7) Supposedly "clueful" people can't help but mention Trend Antivirus and a random train accident in the same breath. Piss on such people who giggle over the deaths of dozens as long as they can make their silly little comments.

Windows O/S on mission critical computer...

[Anonymous Coward]

... is proof that you must be smoking crack. Either that or the machine must not be as "mission critical" as you'd like to think it is.

Windows O/S is only valid for machines that need to be up and running *some* of the time.

This was bound to happen, and it will happen again

[js9kv]

Two of my customers were hit with this at the same time on Friday around 4:50pm - the only good thing about it was that it hit at a time when many of the folks most affected by the bad update had gone for the weekend. They called, described the problem, and it hit almost completely in sync, all the machines that were running the latest XP with all the patches. We spent 3 hours that night troubleshooting and eventually figured out it was the AV software messing it up - and then about 20 minutes later on Trend Micro's site they had a "you gotta update from v594 to v596" to fix it. First off, lets face some reality here - it was only a matter of time before something this scale happened - AV software, if developed by a small group and not effectively tested, could be perhaps the least QA tested software on business PC's in the world today. Remember that response time is the major factor in AV protection - and getting your signatures out faster than the other guys, and faster than the virus spreads, is about the only success that these vendors know. For a long time now I've seen shoddy work from various AV vendors - Norton steals resources, Trend leaves stuff behind after an un-install and McAfee spams their own users after install. Thus far the only two that havn't bothered me that much are Zone Alarm and Grisoft's free AVG. For the last 2 years I've asked Trend Micro, Symantec and McAfee to add a single feature into their server-based email virus protection - and that is the smarts to know when to (and not to) respond to a message with a "this message contains a virus". Right now virus responses are a binary value - you either send them or you don't. Shouldn't the AV software be able to know from it's signature whether or not the senders email address is spoofed? Anyway, I digress. What it all boils down to is that AV vendors have a huge market penetration, and if some vendors aren't QA'ing their work (or if Microsoft is restricting updates by country) then it's inevitable that something nasty is going to be spread by the AV software. Also remember that it's not just the AV software - Microsoft's last round of updates seem to have broken more than just this.