Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Bug IT

Trend Micro Bug Hits Several Important Computers 221

dmarx writes "The Japan Times reports that a bug in Trend Micro's antivirus software has caused the CPUs of several important computers, including those at East Japan Railway, to grind to a halt. A bug free version was released on noon Saturday." From the article: "Kyodo News experienced LAN access failure from around 8:20 a.m. to shortly before noon. The Asahi Shimbun and Yomiuri Shimbun also had trouble with their LANs at their Tokyo and Osaka bureaus, but the problems did not affect editing or printing of their evening editions."
This discussion has been archived. No new comments can be posted.

Trend Micro Bug Hits Several Important Computers

Comments Filter:
  • by Anonymous Coward on Monday April 25, 2005 @07:49AM (#12335516)
    That was East Japan Railway. The crash was on Japan Rail West.
  • Sounds familiar. (Score:5, Interesting)

    by bigtallmofo ( 695287 ) on Monday April 25, 2005 @07:49AM (#12335518)
    The buggy file slowed down computer performance substantially by making CPUs run at almost full capacity, the software company said.

    Sounds like every interactively-scanning antivirus program I've ever installed. I wonder, when Microsoft releases server benchmarks, if they run them with antivirus software running in the background? I think this would give a 10%-15% edge to operating systems that don't require such measures of protection.

    • Like what for example?
    • Re:Sounds familiar. (Score:2, Informative)

      by bmalek ( 855094 )
      This sounds like a study I recently read about the poor performance of Apache vs. IIS. If you read between the lines you find out that the reason why the Apache server performed so poorly is because it was using PHP as a module instead of being compiled into the server. Well duh, of course the Apache server is going to perform worse that way... As the saying goes: 'Lies, damn lies, and statistics' - Benjamin Disraeli
      • Re:Sounds familiar. (Score:3, Informative)

        by barzok ( 26681 )
        Neither ASP nor ASP.NET are "compiled into" the web server itself - requests for ASP files are passed to ASP.DLL and ASPX is handled by the ASP.NET worker process. Both can be removed from the IIS configuration if desired, I'm pretty sure, using the same mechanism by which one installs the PHP processor (DLL) into IIS.
        • Re:Sounds familiar. (Score:5, Informative)

          by Anonymous Coward on Monday April 25, 2005 @08:58AM (#12335970)
          The different he's talking about with PHP is using mod_php as opposed to php.exe. If Apache uses mod_php, it goes out and hits php4.dll just like your asp.dll. If it's not using mod_php, it's going out and executing "php.exe %1" every time you hit a PHP page, waiting for the result, then sending it to the browser. This is much slower than the DLL approach.

          You just need mod_php compiled in to Apache (the equivilent of ISAPI), *not* all of PHP, for this to work.
        • So...
          I write a database that sorts the search using BubbleSort. Only. Nothing else.
          There's a competing database where I can use arbitrary plugin for sorting, be this quicksort, bubblesort or bogosort. There are many. Most people use the fastest ones, but sometimes they use some odd sorting methods and replace the default quicksort plugin with their own.
          So I start the benchmark, my database vs the other one. - set up to run on bubble sort.
          Whoa, my database sorts data faster than the other one! I won! My data
      • If it was like most of those studies, more likely the difference was due to a finely-tuned IIS running on a 4-way Xeon vs. Apache right out of the box running on a pocket calculator with half its memory disabled.
        • I'd say the fact apache will run out of the box on a pocket calculator with half the memory disabled is far more impressive than just coming top in a benchmark.
          • I was being somewhat facetious -- I can't name a pocket calculator that's known to run Apache, although doubtless someone's tried it on a sufficiently husky palmtop. But you've seen that kind of "study" -- like the one that proved that it costs more to run Linux than Windows if you buy a PeeCee to run Windows and an AS/400 to run Linux.
            • I've certainly seen the studies. They're the same ones which state (quite correctly) that ISS totally outperforms everything else, providing everything else is running on sub-par hardware and ISS is optimised to hell.

              Now I'm gonna go try shove Apache onto my graphical calculator.
    • Hmmm, just this weekend my computer started consuming all CPU, and I use Trend-Micro (which by the way, I love).

      I couldn't figure it out - had to boot to safe mode just to backup my files before I re-installed the OS.

    • by RoLi ( 141856 ) on Monday April 25, 2005 @08:31AM (#12335781)
      Exactly. This is just part of the cost of running Windows. Any serious TCO-analysis should include the cost to purchase, install and update anti-virus software on Windows.
  • Who's to blame (Score:4, Insightful)

    by janek78 ( 861508 ) on Monday April 25, 2005 @07:51AM (#12335539) Homepage
    I suppose the manufacturer of the faulty software is not liable in any way. Would we buy say TV sets if their Terms of use said that they are in no way guaranteed to work for the purpose they were bought for, nor are they safe to use (like exploding randomly - It's time for the penguin on the top of the TV to explode).

    I understand software is a tad more complex than your average TV, but cars are not exactly simple either and they seem to work quite well (most of the time). Will we ever get software that just works or will we always have to buy something in the good faith that it will work, but if it does not, it is our tough luck?

    BTW, I hope slashdotting another japanese server won't cause much additional damage...
    • Re:Who's to blame (Score:5, Informative)

      by Vo0k ( 760020 ) on Monday April 25, 2005 @07:59AM (#12335587) Journal
      Let me wake you up.
      Car manufacturers fight really hard to stop this from getting more of media attention, but modern cars are known to have SERIOUS software bugs. Just google car software bug or similar for stories and references - running 100MPH down a motorway and have the engine switched off, everything shut down (and even the steering wheel blocked), or having the central lock imprison you in the car, so you can't get out, or having random pieces of equipment (wipers, windows, chair adjustment) to start at random... These are real stories. Cars aren't what they used to be...
      • Re:Who's to blame (Score:2, Insightful)

        by Analogy Man ( 601298 )
        Cars aren't what they used to be...

        And that is a good thing...despite these software glitches cars are SIGNIFACTLY safer today due to computers:

        • ABS Braking
        • Structural Analysis software
        • Vehicle dynamics / handling simulation
        • CFD analysis for tires (they are quite efficient pumps really)

        If cars are going to go fly by wire they need to be tested and maintained like airplanes instead of like disposable consumer electronics...but in balance computers have made cars safer.

        • that's the problem (Score:4, Insightful)

          by zogger ( 617870 ) on Monday April 25, 2005 @08:54AM (#12335949) Homepage Journal
          They are starting to make the cars so complex that it drives the cost up significantly for initial purchase, and the repair costs get astronomical because it requires a specialist in most cases to *really* fix them, but they still only last a few years before they start to break down and become uneconomical for most people. Catch 22 now. Airplanes on the other hand have high initial cost, high repairs and maintenance costs, but are designed for decades of service, not just a few years. Where are the high tech safer cards with 20 year warranties? the cost has gone up tremendously compared to when I was a kid, yet they still seem to break as much and are much harder to work on for joe average.

          No easy choices for joe consumer and land transportation. It's not like you can go buy a brand new cheap car that isn't infested with all sorts of electronic stuff that isn't really necessary. It may be useful, but it's not exactly necessary. You can get older cars of course, but even then it's a high cost to restore them and in a lot of cases they have to be modified to pass emissions, which lowers their actual practicality value by introducing complexity. More stuff bolted on = more stuff to break, simple as that. I mean, new cars now cost what houses used to cost not that long ago, and they still drop in value the same as they always did, drive off the lot, whoops, several thousand gone, then it goes downhill from there. It's a cost/benefits/practicality issue that's quite complex, I don't think it can be really stated that cars are that much more of a deal now just because of all the electronic controls, which are consistently the number #1 consumer complaint with cars and repairs, the electronic control systems nowadays. Blackbox voodoo stuff that even the dealer factory trained guys have a hard time dealing with once they develop bugs.
      • Re:Who's to blame (Score:2, Interesting)

        by kfg ( 145172 )
        RyanFenton, posting in the computerized cars for traffic control thread:

        I'd MUCH rather trust a reasonably engineered computerized system than the thousands of other drivers around me on my way about town.

        I didn't post there, but my very first reaction on reading was:

        "And just where the hell do propose to find one of those?"

        This story illustrates my reaction. Imagine thousands of cars around you on your way about town that have suddenly lost all control.

        Without the introduction of computers cars are
      • Yup, my 2004 saab 93 has more than a few of them. Sometimes the volume control on the steering wheel works, sometimes not (it seems to depend on whether or not I let the car POST before kicking over the engine). I get out of the car and low and behold, my reverse lights are on, nothing else though and I was not in reverse when I shut down the engine. Sometimes when I hit the remote to lock the drivers side door (the only one open) the other three doors open while the drivers side closes. Hit the lock button
      • I agree. And because it's happened to me.

        1998 GMC SONOMA SLS
        Driving 70mph in heavy rain and my whipers quit. I quickly hit the brakes and drove off the road. I'm glad I had a little Rain-X left on the windshield. Otherwise I would have been about 20 feet down in a ditch.

        The other time that truck tried to kill me was when the butterfly in the throttlebody stuck wide open. That was a hell of a ride!
        • I've been lucky enough to never experience a stuck throttle, but what did you end up doing? I've always assumed I could shift to Neutral if that happened, but if it's something you've not thought about before, I can definitely see that not immediately springing to mind while it's happening.

          And the wipers: was it the motor or a problem with the controller that made them stop? My family has been using GM trucks for a while, and we've had to replace a few failed/failing wiper motors, though I think a 1992 wa

          • I ended up slamming on the brakes and turning the truck off (locked steering and went flying into median). Once I got it apart and noticed the TPS was fine and the throttlebody was screwed up (still was stuck wide open), I screamed and cussed and bought another one.

            The wiper problem was definitely the controller. They worked after I pulled the battery negative for 5 minutes, then reattached, started the truck and went driving.
      • Cars aren't what they used to be...

        You never drove a 1967 Jaguar. Electrics by Lucas -- the Prince of Darkness.
    • Re:Who's to blame (Score:4, Interesting)

      by Patrik_AKA_RedX ( 624423 ) on Monday April 25, 2005 @08:27AM (#12335759) Journal
      Software design is still a pretty young field of construction. Building construction has had more than 2 millenia to develop, while software design had about century (give or take a decade). In the early days (read: centuries) buildings were designed by rules of thumb. Only the last few centuries the real science of contruction was developed. (The metalurgical properties of steel wasn't researched until after WW2 when they figured out that welded ships couldn't handle the extreme cold of northern seas very well) In software design we're at the point where we're trying to come up with the science, but are still mostly using rules of thumb.

      Given time software will reach a point where it's about as reliable as concrete buildings, but in the mean time we'll be stuck with the many kinds of blue screens.
    • Generally, people don't add nearly as much operationally detrimental crap to their cars as they do their computers. If they did, cars would probably have as many problems as the average or power user's PC.

      And cars certainly don't get something additional forcefully installed into them via a backdoor every time they visit some company's parking lot.

      That would be novel, wouldn't it -- free parking, as long as we can secretly install a tracker that lets us know which drive-thrus and coffee shops you go to th
  • A lesson here. (Score:3, Insightful)

    by Anonymous Coward on Monday April 25, 2005 @07:55AM (#12335557)
    This is why sysadmins should never roll out updates without testing them first. And what's even worse than non-testing is letting individual stations update directly from a vendor's site on the internet. Just asking for trouble.
  • by Alien Being ( 18488 ) on Monday April 25, 2005 @07:57AM (#12335570)
    With Trend Micro, viruses are the least of your worries.
  • LPT$VPN.594? (Score:2, Interesting)

    by Anonymous Coward
    Was this the issue with LPT$VPN.594?

    The large bookseller I work for (think "Stables and Lords") got hit with that on Friday. All the XP machines (basically, the Manager's computers in the stores) and even a few of the XP computers in the Helpdesk (where I work) would lock up and freeze during boot.

    Deleting the offending file fixed the issue.
    • Re:LPT$VPN.594? (Score:1, Informative)

      by Anonymous Coward
      Yeah, that was it:

      Pattern File 2.594.00 may cause high CPU utilization

      Overview of Issue

      On April 22, 2005, selected OfficeScan, PC-cillin, ServerProtect for NT, Client/Server Suite for SMB and Client/Server/Messaging Suite for SMB customers began experiencing difficulties using their computers due to slow down or 100% CPU utilization. This was shortly after Trend Micro posted Official Pattern Release (OPR) 2.594.00 at 3:30 p.m. US Pacific Time (or 11:30 p.m. GMT), which was later found to potentially ca

  • Bug free? (Score:4, Funny)

    by taobill ( 575617 ) on Monday April 25, 2005 @08:00AM (#12335591)
    A bug free version was released on noon Saturday.

    They can prove that there are no bugs can they? That would be a neat trick.

    And what's "on noon"?

    How about: A fixed version was released at noon on Saturday.

    • Actually there ARE techniques of "proving there are no bugs". A program can be mathematically proven to be correct and error-free.

      As usually, there's a hook. Proving correctness of anything more complicated than 2-3 nested loops and a handful of conditional statements would require more computational power that exists in the whole world.

      Not quite useless - 20-line routine about mixing fuel in a jet engine is something worth proving, and these things are subjected to this technique. But 3 megabytes of an a
      • Actually there ARE techniques of "proving there are no bugs". A program can be mathematically proven to be correct and error-free.

        As usually, there's a hook. Proving correctness of anything more complicated than 2-3 nested loops and a handful of conditional statements would require more computational power that exists in the whole world.


        It'll need significantly more computational power than that. After all a program unintentionally entering an infinite loop is a bug. And since the Halting Problem is unco
        • It'll need significantly more computational power than that. After all a program unintentionally entering an infinite loop is a bug. And since the Halting Problem is uncomputable - no computer (well, not without a *major* breakthrough) can determine whether an arbitrary program will have such a bug.

          Why? Not at all.
          The process checks ALL branchings and ALL possible combinations of states of the program (that's why it's so computationally intensive), and once entering endless loop, the program will keep cha
          • Why? Not at all.
            The process checks ALL branchings and ALL possible combinations of states of the program (that's why it's so computationally intensive), and once entering endless loop, the program will keep changing its state in a closed cycle - Pretty simple autocorelation analysis of the time-state function of given branch will reveal it's an endless loop and terminate analysis of the branch.


            Well, for a computer with finite space you could analyse all possible states - but then again to do so you would
            • Well, for a computer with finite space you could analyse all possible states - but then again to do so you would need a comuter with a larger space, so how do you know that one is correct?

              Three outcomes are possible:
              - Proven incorrect
              - Proven correct
              - Unprovable using available system.
              You just treat "unprovable" as "proven incorrect" for mission-critical pieces. Sanity checks for running out of -its own- space on the proving system are quite simple. Yes, you need a large system, MUCH larger to that.
              With t
              • The mpz_* functions are from a bignum library, so the rather 32 bit ints the integers can take up all of available memory...

                xn_plus_yn_equals_zn_satisfiable simply returns whether x^n + y^n = z^n is satisfiable for n with some value of (bignum) integers x, y and z.

                In other words the program halts if Fermat's Last Theorem is true and infinite loops if it is not.

                Of course if you take "the prover couldn't find a problem after running for 3 days" as meaning the "code is invalid" then you can "prove" the corr
  • Why a bug in Trend Micro's antivirus software would appear in Eastern Japanese LANs specifically?

    Does it like sushi?
  • by Fished ( 574624 ) * <amphigory@@@gmail...com> on Monday April 25, 2005 @08:06AM (#12335634)
    Antivirus checking is, by nature, an invasive procedure. Is it really surprising that these products have such a lousy reputation for impacting system stability?

    Oddly, my Solaris and/or Linux and/or OSX servers are able to get by without any sort of AV protection (other than promptly installing patches). And, oddly enough, they are more stable.

    Go figure. :)

    • Less market share. Windows is a much more apetizing market. Especially since most users wouldn't know if they had a trojan in the first place. How many people actually renew thier subscriptions with Norton or NA?
    • I actually ran into this problem at a customer's site this weekend. They had Trend Micro AV and the computer was utterly crippled. It was like it had some utterly malicious virus on it gobbling up all the cpu time.

      Using SysInternal's Process Explorer, I was ultimately able to see that a module (running as a part of the "system" process) called "TmXPflt.sys" was running 4 simultaneous threads each using about 25% of the CPU. Since the "system" process is given higher priority than all other processes, the s
    • Patches can do the same thing to your system though if they aren't up to snuff. I would be careful about being the first kid on your block to get a patch unless you think it is absolutely critical.
  • by mferrier ( 878754 ) on Monday April 25, 2005 @08:13AM (#12335670)
    Yet another example of why critical computer systems should be stripped down to the barebones tried-and-true software and isolated from any potential source of interference. This goes doubly for a system like this on which the local infrastructure depends!
  • by csk_1975 ( 721546 ) on Monday April 25, 2005 @08:17AM (#12335697)
    There was a discussion about auto update of both definitions and scan engines being a security risk some time ago on Full Disclosure (I think it started as a Windows Update thread). This event just goes to show that software which auto updates should be used with caution and controls are required if its going to be used on critical systems, ie any updates need to be tested prior to roll out. Whether or not this can be viewed as a security incident is debatable, but software which downloads updates that cause a DOS are usually viewed as malicious. I wonder about the cruft like Plaxo (and all that other supposedly safe stuff) which download updates all the time, I can't stop it (not for technical reasons ;) but I'm just waiting for the day an auto downloaded update craps out some VP's laptop.
    • I keep thinking of that DNS cache poisoning exploit thats going around. What if you could poison a cache, then have a box upstream of the home user pretending to be Norton Auto-Update, or whatever...I'd be surprised if they didn't hasve a secure connection on their end, but it could still be possible.

      Then you could have people automatically downloading malicious code with a program that is meant to protect against that very possibility.
  • Why AntiVirus? (Score:4, Interesting)

    by MindStalker ( 22827 ) <mindstalker AT gmail DOT com> on Monday April 25, 2005 @08:20AM (#12335710) Journal
    What I want to know is why do the computers controlling the train system in Japan need antivirus. Are they attached to the internet? Do they have disk drives? This system should have neither, I can understand the reason for a seperated system to be connected to the net for reporting train schedules and problems. But connecting a control system like that? Running it on windows? Silly. Thats worse than having antivirus on an ATM.
    • By disk drives I meant floppy drives/cdroms etc not hard drives.
    • Even if a computer system isn't connected to the Internet, you can guarantee that -- if it's connected to any kind of network infrastructure -- some idiot is going to jack their laptop into it, or plug a USB key into one of the PCs.

      This is how viruses can get onto supposedly 'private' networks.

      It takes a significant amount of effort from the IT guys to harden a system against this -- managed switches, Windows group policy. They're guaranteed to forget something.

      The right thing to do is to disable the

      • Guess I should have RTFA, states only some ticket office computers were affected, not the critical controlling ones. :(
      • the "traditional" vector for virus infection has always been the technician's floppy disk with test programs on it... now replaced by the USB key stuffed full of usefull diagnostics instead... just waiting to pick up a virus from one customer's system and walk it into another customer's system...
    • MindStalker asks and states:

      What I want to know is why do the computers controlling the train system in Japan need antivirus. ... connecting a control system like that? Running it on windows? Silly.

      I agree and wonder if the ensuing chaos had anything to do with this unusual and fatal accident. [bbc.co.uk] The engineer, of course, is being blamed for speeding. You have to wonder what was making him speed. Japanese trains usually run like clockwork.

      Fifty two people died and hundreds were injured. You can see the

  • 0x100000 hlt
  • Um... I really have to wonder at the QA testing that goes on at Trend Micro. It seems that there have been some pretty big screwups there that made it into their enterprise software.

    In case anyone forgot this one:
    Trend Micro Quarantines Letter P [slashdot.org]
  • by Xerxes1729 ( 770990 ) on Monday April 25, 2005 @08:34AM (#12335806)
    The same thing happened at my school this weekend. At the beginning of the year, ITS required that anyone with a Windows machine install this Trend Micro program and give them the password to an administrator account*. By "securing" all the Windows machines, network outages would be prevented. Ironic, eh? Those of us who use other OSs, of course, were unaffected. And best of all, when they sent out a notice about fixing the problem, they didn't explain what had happened - we had to wait for one of the students who works there to tell us.

    *They wanted me to give them my root password before they would turn on my network connection. I told the nice woman that if ITS expected me to trust them with my password, surely they would trust me with the password to one of the servers. She rolled her eyes and activated my connection.

    • by Ruprecht the Monkeyb ( 680597 ) * on Monday April 25, 2005 @08:46AM (#12335893)
      The problem is with your IT department, then, not with Trend Micro. The TM client software can be deployed in a number of ways that don't require client interaction, much less giving them the admin password.

      I use TM's enterprise stuff at a number of clients, and I've found it to be far more reliable than anything else. Most of my clients were using other products before I moved them over to TM, and nearly all of them were having problems with client interaction, updates not working, etc. And despite updating regularly, I've never been hit by any of the bugs reported.
  • Helpful, NOT... (Score:2, Informative)

    by timbo1234 ( 840094 )
    This hosed all our work computers until the update appeared. 99% CPU usage on all of them. No helpfull info on the Trend site either. Cheers guys...
  • by stm2 ( 141831 ) <(moc.selatigidseneg) (ta) (issabs)> on Monday April 25, 2005 @08:43AM (#12335862) Homepage Journal
    Some weeks ago there was a news here about using 1 CPU just to run housekeeping software (AV, anti-spyware, firewall, and so on) and let the other for user's taks.
    It seems it is not so bad idea after all (at least, for Windows users).

  • by tsvk ( 624784 ) on Monday April 25, 2005 @09:06AM (#12336014)


    There was discussion on this on the Full-Disclosure mailing list [grok.org.uk] when posters suspected [grok.org.uk] that the 100% CPU usage on their computers was because of some new unknown virus.

    A repesentative of Trend Micro Germany made a post to the thread [grok.org.uk] where he explained the situation, apologized for it and offered pointers to their support database so that people could get the malfunctioning virus signatures uninstalled.

  • by booch ( 4157 ) <slashdot2010@cr[ ... m ['aig' in gap]> on Monday April 25, 2005 @09:45AM (#12336424) Homepage
    The operating system should really prevent this type of problem. The whole purpose of the OS is to mediate access to resources such as CPU. So if one process is able to monopolize the CPU and prevent other processes from getting CPU time, then the OS has failed to do its job. (I'm not sure Linux would do a better job or not -- I've seen cases where it had similar problems.)
    • Except this was the antivirus software, a file system filter driver running in kernel mode. Its not a matter of one process taking up more resources, it was happening with kernel threads running at a high priority.
  • Trend Micro (Score:2, Informative)

    by Fjornir ( 516960 )
    So -- this is the same Trend Micro that decided to quarantine Cygwin a month or so back, took out our entire development team. A couple of years back Trend Micro decided to quarantine all emails containing the letter 'p'.

    Since my office was so seriously affected by this problem, it would be great if people could post other embarassing Trend Micro stories too!

  • Trend's had some cross-product bugs in virus software before [scmagazine.com]

    But then so has McAfee [scmagazine.com] and CA [scmagazine.com], (though the last was a licensing component at fault).

    There definitely does seem to be an increasing trend in vulnerable AV software at the moment.
  • link [scmagazine.com] Checkmark labs recently gave out an award to the company for its spyware product. Spyware, as you know, slows down computers and makes them difficult to use. Oh the irony!!!
  • Antivirus programs cause more problems than they fix. They cause significantly degraded performance. They cause unusual and unexpected problems with legitimate software. They give a false sense of security. In the end, though, they can only really protect against known malware, days or weeks after it's a problem. A combination of user training and regular software updates is more effective, in my opinion.
  • by js9kv ( 690351 ) on Monday April 25, 2005 @11:36AM (#12337737) Journal
    Two of my customers were hit with this at the same time on Friday around 4:50pm - the only good thing about it was that it hit at a time when many of the folks most affected by the bad update had gone for the weekend. They called, described the problem, and it hit almost completely in sync, all the machines that were running the latest XP with all the patches. We spent 3 hours that night troubleshooting and eventually figured out it was the AV software messing it up - and then about 20 minutes later on Trend Micro's site they had a "you gotta update from v594 to v596" to fix it. First off, lets face some reality here - it was only a matter of time before something this scale happened - AV software, if developed by a small group and not effectively tested, could be perhaps the least QA tested software on business PC's in the world today. Remember that response time is the major factor in AV protection - and getting your signatures out faster than the other guys, and faster than the virus spreads, is about the only success that these vendors know. For a long time now I've seen shoddy work from various AV vendors - Norton steals resources, Trend leaves stuff behind after an un-install and McAfee spams their own users after install. Thus far the only two that havn't bothered me that much are Zone Alarm and Grisoft's free AVG. For the last 2 years I've asked Trend Micro, Symantec and McAfee to add a single feature into their server-based email virus protection - and that is the smarts to know when to (and not to) respond to a message with a "this message contains a virus". Right now virus responses are a binary value - you either send them or you don't. Shouldn't the AV software be able to know from it's signature whether or not the senders email address is spoofed? Anyway, I digress. What it all boils down to is that AV vendors have a huge market penetration, and if some vendors aren't QA'ing their work (or if Microsoft is restricting updates by country) then it's inevitable that something nasty is going to be spread by the AV software. Also remember that it's not just the AV software - Microsoft's last round of updates seem to have broken more than just this.
  • video cards are to the point where they contain HIGHLY SPECIALIZED computations a bazillion times faster than they could by sharing the CPU

    people are looking at the new intel dual core setups for among other things, dedicating one core to their antivirus checker, as norton lately has been bogging down the CRAP outta pc's

    how hard is it to make a PCI/ISA/ slot card that is the CPU for antivirus.. yes- I propose someone build an anti-virus processor, and mount it on a card.. let it do everything that gets

As the trials of life continue to take their toll, remember that there is always a future in Computer Maintenance. -- National Lampoon, "Deteriorata"

Working...