Slashdot Mirror
Trend Micro Bug Hits Several Important Computers
dmarx writes "The Japan Times reports that a bug in Trend Micro's antivirus software has caused the CPUs of several important computers, including those at East Japan Railway, to grind to a halt. A bug free version was released on noon Saturday." From the article: "Kyodo News experienced LAN access failure from around 8:20 a.m. to shortly before noon. The Asahi Shimbun and Yomiuri Shimbun also had trouble with their LANs at their Tokyo and Osaka bureaus, but the problems did not affect editing or printing of their evening editions."
That was East Japan Railway. The crash was on Japan Rail West.
The buggy file slowed down computer performance substantially by making CPUs run at almost full capacity, the software company said.
Sounds like every interactively-scanning antivirus program I've ever installed. I wonder, when Microsoft releases server benchmarks, if they run them with antivirus software running in the background? I think this would give a 10%-15% edge to operating systems that don't require such measures of protection.
I'm a big tall mofo.
... but in case you're wondering if this may have caused the derailment at Amagasaki, apparently it didn't. Amagasaki is located in western Japan (covered by JR-West).
Still, the coincidence in time makes me wonder. I sure hope they don't use Windows in the train system I use... just read the EULA. My life is pretty "mission-critical" to me.
I suppose the manufacturer of the faulty software is not liable in any way. Would we buy say TV sets if their Terms of use said that they are in no way guaranteed to work for the purpose they were bought for, nor are they safe to use (like exploding randomly - It's time for the penguin on the top of the TV to explode).
I understand software is a tad more complex than your average TV, but cars are not exactly simple either and they seem to work quite well (most of the time). Will we ever get software that just works or will we always have to buy something in the good faith that it will work, but if it does not, it is our tough luck?
BTW, I hope slashdotting another japanese server won't cause much additional damage...
This has nothing to do with antivirus software. The driver was driving too fast. They don't have computers that run new software like this controlling the trains!
This is why sysadmins should never roll out updates without testing them first. And what's even worse than non-testing is letting individual stations update directly from a vendor's site on the internet. Just asking for trouble.
With Trend Micro, viruses are the least of your worries.
Was this the issue with LPT$VPN.594?
The large bookseller I work for (think "Stables and Lords") got hit with that on Friday. All the XP machines (basically, the Manager's computers in the stores) and even a few of the XP computers in the Helpdesk (where I work) would lock up and freeze during boot.
Deleting the offending file fixed the issue.
They can prove that there are no bugs can they? That would be a neat trick.
And what's "on noon"?
How about: A fixed version was released at noon on Saturday.
Why a bug in Trend Micro's antivirus software would appear in Eastern Japanese LANs specifically?
Does it like sushi?
Oddly, my Solaris and/or Linux and/or OSX servers are able to get by without any sort of AV protection (other than promptly installing patches). And, oddly enough, they are more stable.
Go figure. :)
"He who would learn astronomy, and other recondite arts, let him go elsewhere. " -- John Calvin, commenting on Genesis 1
Yet another example of why critical computer systems should be stripped down to the barebones tried-and-true software and isolated from any potential source of interference. This goes doubly for a system like this on which the local infrastructure depends!
There was a discussion about auto update of both definitions and scan engines being a security risk some time ago on Full Disclosure (I think it started as a Windows Update thread). This event just goes to show that software which auto updates should be used with caution and controls are required if its going to be used on critical systems, ie any updates need to be tested prior to roll out. Whether or not this can be viewed as a security incident is debatable, but software which downloads updates that cause a DOS are usually viewed as malicious. I wonder about the cruft like Plaxo (and all that other supposedly safe stuff) which download updates all the time, I can't stop it (not for technical reasons ;) but I'm just waiting for the day an auto downloaded update craps out some VP's laptop.
What I want to know is why do the computers controlling the train system in Japan need antivirus. Are they attached to the internet? Do they have disk drives? This system should have neither, I can understand the reason for a seperated system to be connected to the net for reporting train schedules and problems. But connecting a control system like that? Running it on windows? Silly. Thats worse than having antivirus on an ATM.
0x100000 hlt
Exactly. This is just part of the cost of running Windows. Any serious TCO-analysis should include the cost to purchase, install and update anti-virus software on Windows.
*They wanted me to give them my root password before they would turn on my network connection. I told the nice woman that if ITS expected me to trust them with my password, surely they would trust me with the password to one of the servers. She rolled her eyes and activated my connection.
This hosed all our work computers until the update appeared. 99% CPU usage on all of them. No helpfull info on the Trend site either. Cheers guys...
Some weeks ago there was a news here about using 1 CPU just to run housekeeping software (AV, anti-spyware, firewall, and so on) and let the other for user's taks.
It seems it is not so bad idea after all (at least, for Windows users).
DNA in your Linux: DNALinux
They are starting to make the cars so complex that it drives the cost up significantly for initial purchase, and the repair costs get astronomical because it requires a specialist in most cases to *really* fix them, but they still only last a few years before they start to break down and become uneconomical for most people. Catch 22 now. Airplanes on the other hand have high initial cost, high repairs and maintenance costs, but are designed for decades of service, not just a few years. Where are the high tech safer cards with 20 year warranties? the cost has gone up tremendously compared to when I was a kid, yet they still seem to break as much and are much harder to work on for joe average.
No easy choices for joe consumer and land transportation. It's not like you can go buy a brand new cheap car that isn't infested with all sorts of electronic stuff that isn't really necessary. It may be useful, but it's not exactly necessary. You can get older cars of course, but even then it's a high cost to restore them and in a lot of cases they have to be modified to pass emissions, which lowers their actual practicality value by introducing complexity. More stuff bolted on = more stuff to break, simple as that. I mean, new cars now cost what houses used to cost not that long ago, and they still drop in value the same as they always did, drive off the lot, whoops, several thousand gone, then it goes downhill from there. It's a cost/benefits/practicality issue that's quite complex, I don't think it can be really stated that cars are that much more of a deal now just because of all the electronic controls, which are consistently the number #1 consumer complaint with cars and repairs, the electronic control systems nowadays. Blackbox voodoo stuff that even the dealer factory trained guys have a hard time dealing with once they develop bugs.
There was discussion on this on the Full-Disclosure mailing list when posters suspected that the 100% CPU usage on their computers was because of some new unknown virus.
A repesentative of Trend Micro Germany made a post to the thread where he explained the situation, apologized for it and offered pointers to their support database so that people could get the malfunctioning virus signatures uninstalled.
I am absolutely 100% sure that no damage can be done.
This would frighten me, were I your manager. People who are this sure of anything have been, in my experience, zealots for that OS or so egotistical that I don't want them making decisions.
Crap breaks, people make mistakes. I believe this to the core of my being, and I plan on it. Sure, I lose some performance, but given I can throw more hardware at that particular problem, I don't worry about it.
Mod me down with all of your hatred and your journey towards the dark side will be complete!
The operating system should really prevent this type of problem. The whole purpose of the OS is to mediate access to resources such as CPU. So if one process is able to monopolize the CPU and prevent other processes from getting CPU time, then the OS has failed to do its job. (I'm not sure Linux would do a better job or not -- I've seen cases where it had similar problems.)
Software sucks. Open Source sucks less.
Since my office was so seriously affected by this problem, it would be great if people could post other embarassing Trend Micro stories too!
I want a new world. I think this one is broken.
link Checkmark labs recently gave out an award to the company for its spyware product. Spyware, as you know, slows down computers and makes them difficult to use. Oh the irony!!!
The latest gadget news and reviews. www.absolutegadget.com
Two of my customers were hit with this at the same time on Friday around 4:50pm - the only good thing about it was that it hit at a time when many of the folks most affected by the bad update had gone for the weekend. They called, described the problem, and it hit almost completely in sync, all the machines that were running the latest XP with all the patches. We spent 3 hours that night troubleshooting and eventually figured out it was the AV software messing it up - and then about 20 minutes later on Trend Micro's site they had a "you gotta update from v594 to v596" to fix it. First off, lets face some reality here - it was only a matter of time before something this scale happened - AV software, if developed by a small group and not effectively tested, could be perhaps the least QA tested software on business PC's in the world today. Remember that response time is the major factor in AV protection - and getting your signatures out faster than the other guys, and faster than the virus spreads, is about the only success that these vendors know. For a long time now I've seen shoddy work from various AV vendors - Norton steals resources, Trend leaves stuff behind after an un-install and McAfee spams their own users after install. Thus far the only two that havn't bothered me that much are Zone Alarm and Grisoft's free AVG. For the last 2 years I've asked Trend Micro, Symantec and McAfee to add a single feature into their server-based email virus protection - and that is the smarts to know when to (and not to) respond to a message with a "this message contains a virus". Right now virus responses are a binary value - you either send them or you don't. Shouldn't the AV software be able to know from it's signature whether or not the senders email address is spoofed? Anyway, I digress. What it all boils down to is that AV vendors have a huge market penetration, and if some vendors aren't QA'ing their work (or if Microsoft is restricting updates by country) then it's inevitable that something nasty is going to be spread by the AV software. Also remember that it's not just the AV software - Microsoft's last round of updates seem to have broken more than just this.