Flawed Trend Micro antivirus update cripples PCs
It quarantines critical Windows files, prevents booting of some XP, Vista machines
Computerworld - Antivirus updates issued by Trend Micro Inc. on Friday crippled Windows XP and Vista PCs when they mistook several critical system files for malware, and blocked access to those files.
Some users have yet to regain control of their PCs, according to e-mail sent to Computerworld.
Two signature updates that Trend Micro released Friday for its most popular consumer security software incorrectly identified up to eight different Windows files as Trojans, then quarantined those files, thinking they were dangerous. The updates were issued to users running Trend Micro's AntiVirus plus AntiSpyware 2008, Internet Security 2008 and Internet Security Pro 2008.
In some cases, quarantining the files prevented the PC from booting.
Trend Micro acknowledged the snafu, but said the buggy updates were out for only a short time. "For a brief period of time late last week, primarily some continental European consumers were affected by a Trend Micro pattern-file update with a false positive that could have led to quarantining a few Windows components," said company spokeswoman Andrea Mueller in an e-mail.
When it realized that the updates were flagging innocent files, Trend Micro issued a replacement signature update.
That was too late for some users, however.
"I have spent a lot of hours to fix this issue, also with a long phone call with [Trend Micro] support this afternoon," said Bruno Misonne from Belgium in an e-mail to Computerworld.
Misonne said two PCs, one running Vista and the other XP, were affected by the faulty update. He was able to restore the Vista system, but had been unable to recover the XP machine. "Technical support told me that they are overfilled with cases," he said in a follow-up e-mail. "This bad signature simply removes essential files."
Trend Micro has published a detailed support document for users whose antivirus software downloaded and installed the flawed updates. The document includes step-by-step instructions for users who are unable to boot their PCs that requires them to use Windows' Safe Mode to regain control, then asks them to download and run a restore utility that moves the system files out of quarantine and to their proper locations.
This isn't the first time that Trend Micro has pushed a malicious signature update to its customers. In April 2005, the company issued a buggy definition file that locked up Windows XP machines, most of them owned by Japanese users, as the software consumed 100% of the processor's cycles.
Last year, an antivirus signature released by rival Symantec Corp. knocked out thousands of Chinese PCs by falsely labeling two Windows .dll files as malware, preventing users from booting their computers.
Read more about Security in Computerworld's Security Topic Center.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts