Slashdot Mirror

← Back to Stories (view on slashdot.org)

Trend Micro Bug Hits Several Important Computers

Posted by Zonk on from the disgruntled-travelers dept.

dmarx writes "The Japan Times reports that a bug in Trend Micro's antivirus software has caused the CPUs of several important computers, including those at East Japan Railway, to grind to a halt. A bug free version was released on noon Saturday." From the article: "Kyodo News experienced LAN access failure from around 8:20 a.m. to shortly before noon. The Asahi Shimbun and Yomiuri Shimbun also had trouble with their LANs at their Tokyo and Osaka bureaus, but the problems did not affect editing or printing of their evening editions."

27 of 221 comments (clear)

  1. Before the flury of obvios train crash jokes start by Anonymous Coward · · Score: 5, Informative

    That was East Japan Railway. The crash was on Japan Rail West.

  2. Sounds familiar. by bigtallmofo · · Score: 5, Interesting

    The buggy file slowed down computer performance substantially by making CPUs run at almost full capacity, the software company said.

    Sounds like every interactively-scanning antivirus program I've ever installed. I wonder, when Microsoft releases server benchmarks, if they run them with antivirus software running in the background? I think this would give a 10%-15% edge to operating systems that don't require such measures of protection.

    --
    I'm a big tall mofo.
    1. Re:Sounds familiar. by biglig2 · · Score: 3, Funny

      No viruses on BeOS. Actually, no virus checkers either...

      --
      ~~~~~ BigLig2? You mean there's another one of me?
    2. Re:Sounds familiar. by Will2k_is_here · · Score: 5, Funny

      No viruses on BeOS. Actually, no virus checkers either...

      No users either...

    3. Re:Sounds familiar. by cortana · · Score: 5, Funny

      Overall, sounds like the ideal server platform to admin. :)

    4. Re:Sounds familiar. by Anonymous Coward · · Score: 5, Informative

      The different he's talking about with PHP is using mod_php as opposed to php.exe. If Apache uses mod_php, it goes out and hits php4.dll just like your asp.dll. If it's not using mod_php, it's going out and executing "php.exe %1" every time you hit a PHP page, waiting for the result, then sending it to the browser. This is much slower than the DLL approach.

      You just need mod_php compiled in to Apache (the equivilent of ISAPI), *not* all of PHP, for this to work.

    5. Re:Sounds familiar. by biglig2 · · Score: 3, Funny

      Because if anyone had written a BeOS virus it would be announced on BeBits - they need to get the application numbers up somehow.

      --
      ~~~~~ BigLig2? You mean there's another one of me?
  3. I expect 100 posts like this. by muyuubyou · · Score: 5, Informative

    ... but in case you're wondering if this may have caused the derailment at Amagasaki, apparently it didn't. Amagasaki is located in western Japan (covered by JR-West).

    Still, the coincidence in time makes me wonder. I sure hope they don't use Windows in the train system I use... just read the EULA. My life is pretty "mission-critical" to me.

  4. Who's to blame by janek78 · · Score: 4, Insightful

    I suppose the manufacturer of the faulty software is not liable in any way. Would we buy say TV sets if their Terms of use said that they are in no way guaranteed to work for the purpose they were bought for, nor are they safe to use (like exploding randomly - It's time for the penguin on the top of the TV to explode).

    I understand software is a tad more complex than your average TV, but cars are not exactly simple either and they seem to work quite well (most of the time). Will we ever get software that just works or will we always have to buy something in the good faith that it will work, but if it does not, it is our tough luck?

    BTW, I hope slashdotting another japanese server won't cause much additional damage...

    1. Re:Who's to blame by Vo0k · · Score: 4, Informative

      Let me wake you up.
      Car manufacturers fight really hard to stop this from getting more of media attention, but modern cars are known to have SERIOUS software bugs. Just google car software bug or similar for stories and references - running 100MPH down a motorway and have the engine switched off, everything shut down (and even the steering wheel blocked), or having the central lock imprison you in the car, so you can't get out, or having random pieces of equipment (wipers, windows, chair adjustment) to start at random... These are real stories. Cars aren't what they used to be...

      --
      Anagram("United States of America") == "Dine out, taste a Mac, fries"
    2. Re:Who's to blame by Patrik_AKA_RedX · · Score: 3, Interesting

      Software design is still a pretty young field of construction. Building construction has had more than 2 millenia to develop, while software design had about century (give or take a decade). In the early days (read: centuries) buildings were designed by rules of thumb. Only the last few centuries the real science of contruction was developed. (The metalurgical properties of steel wasn't researched until after WW2 when they figured out that welded ships couldn't handle the extreme cold of northern seas very well) In software design we're at the point where we're trying to come up with the science, but are still mostly using rules of thumb.

      Given time software will reach a point where it's about as reliable as concrete buildings, but in the mean time we'll be stuck with the many kinds of blue screens.

  5. Re:Tragic. That's the word to describe this by commodoresloat · · Score: 3, Informative

    This has nothing to do with antivirus software. The driver was driving too fast. They don't have computers that run new software like this controlling the trains!

  6. A lesson here. by Anonymous Coward · · Score: 3, Insightful

    This is why sysadmins should never roll out updates without testing them first. And what's even worse than non-testing is letting individual stations update directly from a vendor's site on the internet. Just asking for trouble.

  7. New sales slogan by Alien+Being · · Score: 5, Funny

    With Trend Micro, viruses are the least of your worries.

  8. Bug free? by taobill · · Score: 4, Funny
    A bug free version was released on noon Saturday.

    They can prove that there are no bugs can they? That would be a neat trick.

    And what's "on noon"?

    How about: A fixed version was released at noon on Saturday.

  9. The problem with AV by Fished · · Score: 4, Insightful
    Antivirus checking is, by nature, an invasive procedure. Is it really surprising that these products have such a lousy reputation for impacting system stability?

    Oddly, my Solaris and/or Linux and/or OSX servers are able to get by without any sort of AV protection (other than promptly installing patches). And, oddly enough, they are more stable.

    Go figure. :)

    --
    "He who would learn astronomy, and other recondite arts, let him go elsewhere. " -- John Calvin, commenting on Genesis 1
    1. Re:The problem with AV by mikeumass · · Score: 3, Interesting

      Less market share. Windows is a much more apetizing market. Especially since most users wouldn't know if they had a trojan in the first place. How many people actually renew thier subscriptions with Norton or NA?

  10. Antivirus software on mission critical computers? by mferrier · · Score: 5, Insightful

    Yet another example of why critical computer systems should be stripped down to the barebones tried-and-true software and isolated from any potential source of interference. This goes doubly for a system like this on which the local infrastructure depends!

  11. Auto Update of Antivirus IS a secuirty risk by csk_1975 · · Score: 4, Insightful

    There was a discussion about auto update of both definitions and scan engines being a security risk some time ago on Full Disclosure (I think it started as a Windows Update thread). This event just goes to show that software which auto updates should be used with caution and controls are required if its going to be used on critical systems, ie any updates need to be tested prior to roll out. Whether or not this can be viewed as a security incident is debatable, but software which downloads updates that cause a DOS are usually viewed as malicious. I wonder about the cruft like Plaxo (and all that other supposedly safe stuff) which download updates all the time, I can't stop it (not for technical reasons ;) but I'm just waiting for the day an auto downloaded update craps out some VP's laptop.

  12. Why AntiVirus? by MindStalker · · Score: 3, Interesting

    What I want to know is why do the computers controlling the train system in Japan need antivirus. Are they attached to the internet? Do they have disk drives? This system should have neither, I can understand the reason for a seperated system to be connected to the net for reporting train schedules and problems. But connecting a control system like that? Running it on windows? Silly. Thats worse than having antivirus on an ATM.

    1. Re:Why AntiVirus? by guy-in-corner · · Score: 3, Interesting

      Even if a computer system isn't connected to the Internet, you can guarantee that -- if it's connected to any kind of network infrastructure -- some idiot is going to jack their laptop into it, or plug a USB key into one of the PCs.

      This is how viruses can get onto supposedly 'private' networks.

      It takes a significant amount of effort from the IT guys to harden a system against this -- managed switches, Windows group policy. They're guaranteed to forget something.

      The right thing to do is to disable the AV updates over the Internet, and use internal update servers (assuming that your AV solution supports it).

      This means that you can validate the AV software on a test rig before it ends up on mission-critical production kit.

  13. It should be part of the TCO by RoLi · · Score: 3, Interesting

    Exactly. This is just part of the cost of running Windows. Any serious TCO-analysis should include the cost to purchase, install and update anti-virus software on Windows.

  14. We had the same problem by Xerxes1729 · · Score: 4, Insightful
    The same thing happened at my school this weekend. At the beginning of the year, ITS required that anyone with a Windows machine install this Trend Micro program and give them the password to an administrator account*. By "securing" all the Windows machines, network outages would be prevented. Ironic, eh? Those of us who use other OSs, of course, were unaffected. And best of all, when they sent out a notice about fixing the problem, they didn't explain what had happened - we had to wait for one of the students who works there to tell us.

    *They wanted me to give them my root password before they would turn on my network connection. I told the nice woman that if ITS expected me to trust them with my password, surely they would trust me with the password to one of the servers. She rolled her eyes and activated my connection.

    1. Re:We had the same problem by Ruprecht+the+Monkeyb · · Score: 3, Insightful

      The problem is with your IT department, then, not with Trend Micro. The TM client software can be deployed in a number of ways that don't require client interaction, much less giving them the admin password.

      I use TM's enterprise stuff at a number of clients, and I've found it to be far more reliable than anything else. Most of my clients were using other products before I moved them over to TM, and nearly all of them were having problems with client interaction, updates not working, etc. And despite updating regularly, I've never been hit by any of the bugs reported.

  15. that's the problem by zogger · · Score: 4, Insightful

    They are starting to make the cars so complex that it drives the cost up significantly for initial purchase, and the repair costs get astronomical because it requires a specialist in most cases to *really* fix them, but they still only last a few years before they start to break down and become uneconomical for most people. Catch 22 now. Airplanes on the other hand have high initial cost, high repairs and maintenance costs, but are designed for decades of service, not just a few years. Where are the high tech safer cards with 20 year warranties? the cost has gone up tremendously compared to when I was a kid, yet they still seem to break as much and are much harder to work on for joe average.

    No easy choices for joe consumer and land transportation. It's not like you can go buy a brand new cheap car that isn't infested with all sorts of electronic stuff that isn't really necessary. It may be useful, but it's not exactly necessary. You can get older cars of course, but even then it's a high cost to restore them and in a lot of cases they have to be modified to pass emissions, which lowers their actual practicality value by introducing complexity. More stuff bolted on = more stuff to break, simple as that. I mean, new cars now cost what houses used to cost not that long ago, and they still drop in value the same as they always did, drive off the lot, whoops, several thousand gone, then it goes downhill from there. It's a cost/benefits/practicality issue that's quite complex, I don't think it can be really stated that cars are that much more of a deal now just because of all the electronic controls, which are consistently the number #1 consumer complaint with cars and repairs, the electronic control systems nowadays. Blackbox voodoo stuff that even the dealer factory trained guys have a hard time dealing with once they develop bugs.

  16. Info on Full-Disclosure list by tsvk · · Score: 3, Informative


    There was discussion on this on the Full-Disclosure mailing list when posters suspected that the 100% CPU usage on their computers was because of some new unknown virus.

    A repesentative of Trend Micro Germany made a post to the thread where he explained the situation, apologized for it and offered pointers to their support database so that people could get the malfunctioning virus signatures uninstalled.

  17. This was bound to happen, and it will happen again by js9kv · · Score: 3, Insightful

    Two of my customers were hit with this at the same time on Friday around 4:50pm - the only good thing about it was that it hit at a time when many of the folks most affected by the bad update had gone for the weekend. They called, described the problem, and it hit almost completely in sync, all the machines that were running the latest XP with all the patches. We spent 3 hours that night troubleshooting and eventually figured out it was the AV software messing it up - and then about 20 minutes later on Trend Micro's site they had a "you gotta update from v594 to v596" to fix it. First off, lets face some reality here - it was only a matter of time before something this scale happened - AV software, if developed by a small group and not effectively tested, could be perhaps the least QA tested software on business PC's in the world today. Remember that response time is the major factor in AV protection - and getting your signatures out faster than the other guys, and faster than the virus spreads, is about the only success that these vendors know. For a long time now I've seen shoddy work from various AV vendors - Norton steals resources, Trend leaves stuff behind after an un-install and McAfee spams their own users after install. Thus far the only two that havn't bothered me that much are Zone Alarm and Grisoft's free AVG. For the last 2 years I've asked Trend Micro, Symantec and McAfee to add a single feature into their server-based email virus protection - and that is the smarts to know when to (and not to) respond to a message with a "this message contains a virus". Right now virus responses are a binary value - you either send them or you don't. Shouldn't the AV software be able to know from it's signature whether or not the senders email address is spoofed? Anyway, I digress. What it all boils down to is that AV vendors have a huge market penetration, and if some vendors aren't QA'ing their work (or if Microsoft is restricting updates by country) then it's inevitable that something nasty is going to be spread by the AV software. Also remember that it's not just the AV software - Microsoft's last round of updates seem to have broken more than just this.