Login

Please login to Techworld.com

Forgot password?
Need your new account confirmation email resent?
Forgot email?

Not a member yet?

Register for a Techworld Account and enjoy unlimited access to our extensive white paper library and exclusive Enterprise multi-user software trials. Account members can also comment on articles and access best practices guides.

Security

Top How-Tos / Advice articles

Anti-virus update cripples PCs

Red faces at Trend Micro.

By Gregg Keizer, Computerworld (US) | Published: 09:21, 10 September 2008

Two anti-virus updates issued by Trend Micro last week crippled PCs running both Windows XP and Vista, when they mistook several critical system files for malware, and blocked access to those files.

And some users have yet to regain control of their PCs, according to email sent to Techworld's sister publication, Computerworld.

Two signature updates that Trend Micro released last Friday for its most popular consumer security software incorrectly identified up to eight different Windows files as Trojans, then quarantined those files, thinking they were dangerous. The updates were issued to users running Trend Micro's AntiVirus plus AntiSpyware 2008, Internet Security 2008 and Internet Security Pro 2008.

In some cases, quarantining the files prevented the PC from booting.

Trend acknowledged the snafu, but said the buggy updates were out for only a short time. "For a brief period of time late last week primarily some continental European consumers were affected by a Trend Micro pattern-file update with a false positive that could have led to quarantining a few Windows components," said company spokeswoman Andrea Mueller in an email.

When it realised that the updates were flagging innocent files, Trend Micro issued a replacement signature update.

That was too late for some users, however.

"I have spent a lot of hours to fix this issue, also with a long phone call with [Trend Micro] support this afternoon," said Bruno Misonne from Belgium in an email.

Misonne said two PCs, one running Vista and the other XP, were affected by the faulty update. He was able to restore the Vista system, but had been unable to recover the XP machine. "Technical support told me that they are overfilled with cases," he said in a follow-up email. "This bad signature simply removes essential files."

Trend Micro has published a detailed support document for users whose anti-virus software downloaded and installed the flawed updates. The document includes step-by-step instructions for users who are unable to boot their PCs, which requires them to use Windows' Safe Mode to regain control, then asks them to download and run a restore utility that moves the system files out of quarantine and to their proper locations.

This isn't the first time that Trend Micro has pushed a malicious signature update to its customers. In April 2005, the company issued a buggy definition file that locked up Windows XP machines, most of them owned by Japanese users, as the software consumed 100 percent of the processor's cycles.

Last year, an anti-virus signature released by rival Symantec knocked out thousands of Chinese PCs by falsely labelling two Windows .dll files as malware, preventing users from booting their computers.

Send to a friend

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.