Tag Archives: Trend Micro

Anti-virus Vendor, Er, Hacked. Serves Up, Er, Viruses

The Japanese arm of antivirus vendor Trend Micro has announced its website had been hacked and its pages modified to service up viruses. In other words, if someone had visited their website chances are they’d have picked up a virus.

Not the sort of thing you expect from an antivirus manufacturer, and they’re not being very forthcoming about it, either. While the company has announced that some of their website pages are found to be modified from March 9th to 12th, this is so far only in Japanese, according to asiajin. And that was yesterday. Nothing on their U.S. website yet.

Gen Kanai suggests it was because the company is using Windows 2000, and rips into TrendMicro both for the length of the breach and the lack of transparency: “If a security services/software firm can’t keep their own web servers secured, and left their own hacked website up for 3 days, there’s no logical reason to expect that their own security services are any better.”

Not very reassuring. I’ve often recommended HouseCall but until this is sorted out and Trend Micro comes clean about this, I’m steering clear.

Is Antivirus Software Still Up To The Job?

How often do antivirus manufacturers admit that their products are not really up to the challenge anymore?

The only folks I know who do this are those from Trend Micro. I interviewed Steve Chang, its founder, a couple of years back, and he made it clear that antivirus software can’t keep everything out. But it doesn’t always come across quite as frankly as it should. This BusinessWorld piece today makes clear, in an interview with Ah Sin Ang, Trend Micro Incorporated’s regional marketing manager for South Asia, asks the important question, (is there) yet no antivirus software than can protect us from phishing?

Ang’s reply could be more thorough, but it’s probably more honest than some of Trend Micros’ competitors: If you are aware that banks don’t send you these types of emails, you’ll be protected. That’s why Trend Micro emphasizes public education.

He also makes the valid point that ‘antivirus’ is not a particularly useful term anymore: Although anti-virus is a general term for Internet security, we like an antivirus software to clarify what that software means – does it include protection against Trojans, spyware, adware and hackers? Does it block unhealthy sites? Once you get infected, there may be a lot of pop-ups featuring pornographic and gambling sites. A good integrated software must also allow filtering. When you filter, it must also be able to filter spam and phishing.

I think the bottom line is that antivirus software is not doing what its customers think it’s doing. Most of us can’t tell the difference between a worm and a Trojan, and tend to assume that antivirus software will also protect us if we click on something in an email that takes us to an infected site. This is no longer true, if it ever was. Instead, the software gives us a false sense of security. Would we better off not having it, and instead educating ourselves about threats?

The Charting Of An Urban Myth? Or A Double Bluff?

Here’s a cautionary tale from Vmyths, the virus myths website, on how urban legends are born.

Vmyths says that Reuters News Agency filed a report from Singapore last week quoting anti-virus manufacturer Trend Micro (makers of PC-cillin) as saying computer virus attacks cost global businesses an estimated $55 billion in damages in 2003. That’s a lot of damage. Two spokesmen at Trend Micro have since called Vmyths to “correct” the report. One said it was “wrong.”  Another said Trend Micro “cannot gauge a damage value — because they simply don’t collect the required data”.

Vmyths says the report was later pulled, but without any explanation. I’m not so sure. I can still see it on Reuters’ own website, Forbes, Yahoo, The Hindustan Times, ZDNet, MSNBC, ComputerWorld, The New York Times, etc etc. And the story still sits in Reuters’ official database, Factiva (co-owned by Dow Jones, the company I work for.) I’ve sought word from Trend Micro (I wasn’t able to reach anyone in Taiwan, Singapore or Tokyo by phone and emails have gone unanswered for 10 hours; I guess Chinese New Year has already started. Perhaps the U.S. will be more responsive). Emails to the author of the Reuters report have gone unanswered so far.

As Vmyths points out, it’s great that Trend Micro has tried to set the record straight.  But if the story was wrong, why is it still out there on the web, and, in particular, on Reuters’ own sites? And why hasn’t Trend Micro put something up on its website pointing out the report is wrong? Has Trend Micro done everything it can to get things right? Was the report wrong, or the original data?

This episode highlights how, in the age of the Internet, an apparently erroneous story can spread so rapidly and extensively, from even such an authoritative source as Reuters, and how hard it is to correct errors once the Net gets hold of them. In the pre-WWW world (and speaking as a former Reuters journalist) it was relatively simple process to correct something: overwrite it from the proprietary Reuters screen with a corrected version, withdraw the story, or, in the case of subscribers taking a Reuters feed (newspapers, radio stations and what-have-you), sending a note correcting the story. Proprietary databases could be corrected. So long as the story wasn’t already in print, you were usually safe. Nowadays it’s not so easy.

Vmyths is right: Expect to see the $55 billion figure pop up all over the place. (Of course, until we know for sure, it’s possible that the real myth that comes out of this could be that the story was wrong, when in fact it was right.) Ow, I’m getting a headache.

Update: PC-cilin Goes All 2004

 Trend Micro today released PC-cillin Internet Security 2004, the latest version of an antivirus program that I have written fondly of in the past. There don’t seem to be any new bells and whistles this time around, but then again it doesn’t really need it: Internet Security includes a personal firewall and “advanced privacy and spyware protection to protect passwords, bank account numbers, and other personal information”. It also blocks spam and inappropriate (adult) Web sites. It sells for $50 which will get you a year of updates.