Slashdot Mirror

← Back to Stories (view on slashdot.org)

Trend Micro Bug Hits Several Important Computers

Posted by Zonk on from the disgruntled-travelers dept.

dmarx writes "The Japan Times reports that a bug in Trend Micro's antivirus software has caused the CPUs of several important computers, including those at East Japan Railway, to grind to a halt. A bug free version was released on noon Saturday." From the article: "Kyodo News experienced LAN access failure from around 8:20 a.m. to shortly before noon. The Asahi Shimbun and Yomiuri Shimbun also had trouble with their LANs at their Tokyo and Osaka bureaus, but the problems did not affect editing or printing of their evening editions."

13 of 221 comments (clear)

  1. Before the flury of obvios train crash jokes start by Anonymous Coward · · Score: 5, Informative

    That was East Japan Railway. The crash was on Japan Rail West.

  2. I expect 100 posts like this. by muyuubyou · · Score: 5, Informative

    ... but in case you're wondering if this may have caused the derailment at Amagasaki, apparently it didn't. Amagasaki is located in western Japan (covered by JR-West).

    Still, the coincidence in time makes me wonder. I sure hope they don't use Windows in the train system I use... just read the EULA. My life is pretty "mission-critical" to me.

    1. Re:I expect 100 posts like this. by shanen · · Score: 2, Informative
      I think it may be too early to rule out any connection to the fatal derailment. There is some preliminary evidence that the engineer may have been pushing in an attempt to get back on schedule--and the delays may have been indirectly related to the train delays mentioned in this article.

      However, I admit that it was more likely due to his youth and inexperience. He was 23 and had less than a year handling the trains--but they also need to reconsider any external factors that may have helped pressure him to make the fatal mistake.

      On the main topic, I'm not sure why Virus Buster is not being mentioned here. One of my Japanese co-workers said that was the affected product. I think they may have been acquired by Trend Micro, but it's still marketed under that name (written in katakana), and I think it is still the top anti-virus product in the Japanese market. I worked in Akihabara some years ago, and it was definitely quite dominant at that time.

      --
      Freedom = (Meaningful - Coerced) Choice != (Speech | Beer^2), and sad sock puppets' bad mods avail them naught.
  3. Re:Tragic. That's the word to describe this by commodoresloat · · Score: 3, Informative

    This has nothing to do with antivirus software. The driver was driving too fast. They don't have computers that run new software like this controlling the trains!

  4. Re:Sounds familiar. by bmalek · · Score: 2, Informative

    This sounds like a study I recently read about the poor performance of Apache vs. IIS. If you read between the lines you find out that the reason why the Apache server performed so poorly is because it was using PHP as a module instead of being compiled into the server. Well duh, of course the Apache server is going to perform worse that way... As the saying goes: 'Lies, damn lies, and statistics' - Benjamin Disraeli

  5. Re:Who's to blame by Vo0k · · Score: 4, Informative

    Let me wake you up.
    Car manufacturers fight really hard to stop this from getting more of media attention, but modern cars are known to have SERIOUS software bugs. Just google car software bug or similar for stories and references - running 100MPH down a motorway and have the engine switched off, everything shut down (and even the steering wheel blocked), or having the central lock imprison you in the car, so you can't get out, or having random pieces of equipment (wipers, windows, chair adjustment) to start at random... These are real stories. Cars aren't what they used to be...

    --
    Anagram("United States of America") == "Dine out, taste a Mac, fries"
  6. Re:Sounds familiar. by barzok · · Score: 2, Informative

    Neither ASP nor ASP.NET are "compiled into" the web server itself - requests for ASP files are passed to ASP.DLL and ASPX is handled by the ASP.NET worker process. Both can be removed from the IIS configuration if desired, I'm pretty sure, using the same mechanism by which one installs the PHP processor (DLL) into IIS.

  7. Re:LPT$VPN.594? by Anonymous Coward · · Score: 1, Informative
    Yeah, that was it:

    Pattern File 2.594.00 may cause high CPU utilization

    Overview of Issue

    On April 22, 2005, selected OfficeScan, PC-cillin, ServerProtect for NT, Client/Server Suite for SMB and Client/Server/Messaging Suite for SMB customers began experiencing difficulties using their computers due to slow down or 100% CPU utilization. This was shortly after Trend Micro posted Official Pattern Release (OPR) 2.594.00 at 3:30 p.m. US Pacific Time (or 11:30 p.m. GMT), which was later found to potentially cause performance issues when certain computer configurations are met.

    OPR or Pattern File 2.594.00 was therefore removed by Trend Micro from its websites and Active Update servers by 5:02 p.m. US Pacific Time of the same day (or 1:02 a.m. of April 23, 2005 GMT), and was only available for approximately 1 hour and 30 minutes.

    Subsequently released pattern files (e.g., OPR 2.596.00 or higher) do not cause this issue.

    Why did this happen?

    To protect its customers against the growing threat of the WORM_RBOT family, Trend Micro enhanced the decompression ability of its Pattern File by supporting 3 new heuristic patterns, including UltraProtect decompression, in OPR 2.594.00.

    Due to an isolated anomaly in the engineering, development and pattern release process, the UltraProtect decompression may, in certain circumstances, cause some systems to experience high CPU power consumption. This can lead to system instability when this specific file type is scanned using Pattern File 2.594.00.
  8. Helpful, NOT... by timbo1234 · · Score: 2, Informative

    This hosed all our work computers until the update appeared. 99% CPU usage on all of them. No helpfull info on the Trend site either. Cheers guys...

    1. Re:Helpful, NOT... by Anonymous Coward · · Score: 1, Informative

      http://www.trendmicro.com/en/support/pattern594/ov erview.htm

      The statement by trend micro.....

  9. Re:Sounds familiar. by Anonymous Coward · · Score: 5, Informative

    The different he's talking about with PHP is using mod_php as opposed to php.exe. If Apache uses mod_php, it goes out and hits php4.dll just like your asp.dll. If it's not using mod_php, it's going out and executing "php.exe %1" every time you hit a PHP page, waiting for the result, then sending it to the browser. This is much slower than the DLL approach.

    You just need mod_php compiled in to Apache (the equivilent of ISAPI), *not* all of PHP, for this to work.

  10. Info on Full-Disclosure list by tsvk · · Score: 3, Informative


    There was discussion on this on the Full-Disclosure mailing list when posters suspected that the 100% CPU usage on their computers was because of some new unknown virus.

    A repesentative of Trend Micro Germany made a post to the thread where he explained the situation, apologized for it and offered pointers to their support database so that people could get the malfunctioning virus signatures uninstalled.

  11. Trend Micro by Fjornir · · Score: 2, Informative
    So -- this is the same Trend Micro that decided to quarantine Cygwin a month or so back, took out our entire development team. A couple of years back Trend Micro decided to quarantine all emails containing the letter 'p'.

    Since my office was so seriously affected by this problem, it would be great if people could post other embarassing Trend Micro stories too!

    --
    I want a new world. I think this one is broken.