Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Trend Micro Bug Hits Several Important Computers

Zonk posted more than 9 years ago | from the disgruntled-travelers dept.

Bug 221

dmarx writes "The Japan Times reports that a bug in Trend Micro's antivirus software has caused the CPUs of several important computers, including those at East Japan Railway, to grind to a halt. A bug free version was released on noon Saturday." From the article: "Kyodo News experienced LAN access failure from around 8:20 a.m. to shortly before noon. The Asahi Shimbun and Yomiuri Shimbun also had trouble with their LANs at their Tokyo and Osaka bureaus, but the problems did not affect editing or printing of their evening editions."

cancel ×


Sorry! There are no comments related to the filter you selected.

Tragic. That's the word to describe this (-1, Offtopic)

Dancin_Santa (265275) | more than 9 years ago | (#12335506)

This is what happens when systems fail. []

Shame on the testers who didn't catch this.

I expect 100 posts like this. (5, Informative)

muyuubyou (621373) | more than 9 years ago | (#12335521)

... but in case you're wondering if this may have caused the derailment at Amagasaki [] , apparently it didn't. Amagasaki is located in western Japan (covered by JR-West).

Still, the coincidence in time makes me wonder. I sure hope they don't use Windows in the train system I use... just read the EULA. My life is pretty "mission-critical" to me.

Re:I expect 100 posts like this. (1)

Chryzo (776438) | more than 9 years ago | (#12335658)

some of the trains here in Norway runs a *nix flavour. Yay!

Re:I expect 100 posts like this. (2, Informative)

shanen (462549) | more than 9 years ago | (#12335714)

I think it may be too early to rule out any connection to the fatal derailment. There is some preliminary evidence that the engineer may have been pushing in an attempt to get back on schedule--and the delays may have been indirectly related to the train delays mentioned in this article.

However, I admit that it was more likely due to his youth and inexperience. He was 23 and had less than a year handling the trains--but they also need to reconsider any external factors that may have helped pressure him to make the fatal mistake.

On the main topic, I'm not sure why Virus Buster is not being mentioned here. One of my Japanese co-workers said that was the affected product. I think they may have been acquired by Trend Micro, but it's still marketed under that name (written in katakana), and I think it is still the top anti-virus product in the Japanese market. I worked in Akihabara some years ago, and it was definitely quite dominant at that time.

Re:Tragic. That's the word to describe this (3, Informative)

commodoresloat (172735) | more than 9 years ago | (#12335541)

This has nothing to do with antivirus software. The driver was driving too fast. They don't have computers that run new software like this controlling the trains!

Re:Tragic. That's the word to describe this (1)

shanen (462549) | more than 9 years ago | (#12335747)

Actually, there is (or maybe was) a line that was running with a computerized system. I remember because they had a pretty serious problem with it a couple of years ago. Unfortunately, I can't recall the details now, though I think it was also near Osaka, but that no one was injured.

The train systems are becoming increasingly automated however. For example, the older lines have open platforms, but several of the newer lines have a wall at the edge of the platform, with elevator-style doors that align with the train doors. No way to fall off the platform in that situation. I'm pretty sure they use a computerized braking system to stop the trains precisely so that that the doors line up, and probably a computerized interlock system to synchronize the pairs of doors.

Re:Tragic. That's the word to describe this (1)

Will2k_is_here (675262) | more than 9 years ago | (#12335549)

Shame on the testers who didn't catch this.

No shit! I wasted several hours trying to get my computer running again. How come they didn't?!

though I had nothing better to do anyway :(

Re:Tragic. That's the word to describe this (0)

Anonymous Coward | more than 9 years ago | (#12335568)

Never trust any company with the word "Micro" in their name. Seriously, "micros" have a lower standard on everything compared to mainframes. You get what you pay for.

Re:Tragic. That's the word to describe this (1, Funny)

dangitman (862676) | more than 9 years ago | (#12335610)

Never trust any company with the word "Micro" in their name. Seriously, "micros" have a lower standard on everything compared to mainframes. You get what you pay for.

You want me to trust one of those finicky and new-fangled mainframes, when my slide-rule works perfectly reliably????? WTF?

Re:Tragic. That's the word to describe this (0, Redundant)

k98sven (324383) | more than 9 years ago | (#12335706)

No, shame on you for implying that this bug had anything to do with that accident.

bugs on the train? (2, Funny)

afdsfsdafsdaf (454138) | more than 9 years ago | (#12335507)

geeez just 1 bug? they should move to DC and try the metro... THEN they can complain.. ;-)

Hopfully unrelated (-1, Redundant)

Anonymous Coward | more than 9 years ago | (#12335512)

Re:Hopfully unrelated (0)

Anonymous Coward | more than 9 years ago | (#12335522)

Yeah, I was wondering about that. Sounds like the driver was running late and speeding to meet the schedule, though...

Before the flury of obvios train crash jokes start (5, Informative)

Anonymous Coward | more than 9 years ago | (#12335516)

That was East Japan Railway. The crash was on Japan Rail West.

Re:Before the flury of obvios train crash jokes st (0)

Anonymous Coward | more than 9 years ago | (#12335560)

Jokes? You are sick.

Anyways, what's to stop the bug from affecting their system at a different location? It's not like the East and West side of Japan are some huge distance apart.

Re:Before the flury of obvios train crash jokes st (0)

Anonymous Coward | more than 9 years ago | (#12335891)

Anyways, what's to stop the bug from affecting their system at a different location? It's not like the East and West side of Japan are some huge distance apart.

It's different companies (and presumably, different computer infrastructure...)!

Re:Before the flury of obvios train crash jokes st (1)

mwood (25379) | more than 9 years ago | (#12335892)

It sounds like they are two different companies, which makes it somewhat likely that they run different AV products. But all of this is guesswork; let's wait for the facts.

Sounds familiar. (5, Interesting)

bigtallmofo (695287) | more than 9 years ago | (#12335518)

The buggy file slowed down computer performance substantially by making CPUs run at almost full capacity, the software company said.

Sounds like every interactively-scanning antivirus program I've ever installed. I wonder, when Microsoft releases server benchmarks, if they run them with antivirus software running in the background? I think this would give a 10%-15% edge to operating systems that don't require such measures of protection.

Re:Sounds familiar. (1)

fr0dicus (641320) | more than 9 years ago | (#12335533)

Like what for example?

Re:Sounds familiar. (3, Funny)

biglig2 (89374) | more than 9 years ago | (#12335558)

No viruses on BeOS. Actually, no virus checkers either...

Re:Sounds familiar. (5, Funny)

Will2k_is_here (675262) | more than 9 years ago | (#12335603)

No viruses on BeOS. Actually, no virus checkers either...

No users either...

Re:Sounds familiar. (5, Funny)

cortana (588495) | more than 9 years ago | (#12335865)

Overall, sounds like the ideal server platform to admin. :)

Re:Sounds familiar. (2, Insightful)

jeffmeden (135043) | more than 9 years ago | (#12336068)

no virus checkers huh... how can you be remotely certain then, that there are no viruses?

Re:Sounds familiar. (1)

Will2k_is_here (675262) | more than 9 years ago | (#12335573)

Like what for example?

The obvious reference here is everything else. While viruses do exist for them, a good firewall and a smart user is enough to ensure security for them. And in the rare occasion of an infection, it's better to restore from a backup then to run an AV program all the time.

Re:Sounds familiar. (2, Informative)

bmalek (855094) | more than 9 years ago | (#12335553)

This sounds like a study I recently read about the poor performance of Apache vs. IIS. If you read between the lines you find out that the reason why the Apache server performed so poorly is because it was using PHP as a module instead of being compiled into the server. Well duh, of course the Apache server is going to perform worse that way... As the saying goes: 'Lies, damn lies, and statistics' - Benjamin Disraeli

Re:Sounds familiar. (2, Informative)

barzok (26681) | more than 9 years ago | (#12335683)

Neither ASP nor ASP.NET are "compiled into" the web server itself - requests for ASP files are passed to ASP.DLL and ASPX is handled by the ASP.NET worker process. Both can be removed from the IIS configuration if desired, I'm pretty sure, using the same mechanism by which one installs the PHP processor (DLL) into IIS.

Re:Sounds familiar. (5, Informative)

Anonymous Coward | more than 9 years ago | (#12335970)

The different he's talking about with PHP is using mod_php as opposed to php.exe. If Apache uses mod_php, it goes out and hits php4.dll just like your asp.dll. If it's not using mod_php, it's going out and executing "php.exe %1" every time you hit a PHP page, waiting for the result, then sending it to the browser. This is much slower than the DLL approach.

You just need mod_php compiled in to Apache (the equivilent of ISAPI), *not* all of PHP, for this to work.

Re:Sounds familiar. (1)

makomk (752139) | more than 9 years ago | (#12336037)

Mod parent AC up. Of course, that's Windows-specific - on Linux it's or something, but the principle's the same.

Re:Sounds familiar. (1)

Vo0k (760020) | more than 9 years ago | (#12336010)

I write a database that sorts the search using BubbleSort. Only. Nothing else.
There's a competing database where I can use arbitrary plugin for sorting, be this quicksort, bubblesort or bogosort. There are many. Most people use the fastest ones, but sometimes they use some odd sorting methods and replace the default quicksort plugin with their own.
So I start the benchmark, my database vs the other one. - set up to run on bubble sort.
Whoa, my database sorts data faster than the other one! I won! My database is faster!

Re:Sounds familiar. (1)

mwood (25379) | more than 9 years ago | (#12335917)

If it was like most of those studies, more likely the difference was due to a finely-tuned IIS running on a 4-way Xeon vs. Apache right out of the box running on a pocket calculator with half its memory disabled.

Re:Sounds familiar. (1)

djbckr (673156) | more than 9 years ago | (#12335617)

Hmmm, just this weekend my computer started consuming all CPU, and I use Trend-Micro (which by the way, I love).

I couldn't figure it out - had to boot to safe mode just to backup my files before I re-installed the OS.

Re:Sounds familiar. (1)

kyojin the clown (842642) | more than 9 years ago | (#12335927)

you re-install your OS before you look at the processes tab? blimey.

Servers do not need real time virus protection. (0)

Anonymous Coward | more than 9 years ago | (#12335729)

Servers do not need virus protection.

WTF are you doing running real time virus protection on a server anyway? What kind of server do you have that requires it? Our SQL servers are firewalled off with connections only happening for SSH and the SQL ports.

Our web servers are HTTP and SSL only.

Our print servers are so fucking locked down you need to be an admin to do anything other then submit a job.

Seeing as most windows viruses are email related then what are you doing checkign email on your server.

The ONLY place we have real-time virus protection installed is our EMAIL server. It autoupdates from Symantec, delete any email with a known virus attachment, deletes SPAM (while not virus protection per say it sure cuts down the malicious emails), and blocks any file with a windows executable extension.

If you are running real time protection on your servers you need to fire your admins and get some new ones who have a clue about computer security.

Re:Servers do not need real time virus protection. (1)

grasshoppa (657393) | more than 9 years ago | (#12335776)

Ok, pop quiz:

Your SQL server is infected with a trojan. Nevermind how, it's not important. Your manager wants to know why it wasn't protected.

You are building yourself into a glass house. Mistakes happen. They are made by your or others on your staff. You should plan for those mistakes, life has a way of teaching these kind of lessons on it's own. Typically painfully.

Re:Servers do not need real time virus protection. (0)

Anonymous Coward | more than 9 years ago | (#12335823)

The few trojans that have existed for SQL server opened ports for outside communication. (I think the latest one opened port 1337) Since all traffic to and from that port is blocked at the firewall I would do the same thing I did when we got infected with that one. Shut down SQL server, install the patch, bring SQL server back up. Total downtime, under 10 minutes.

Don't be a retard, the point of preventing intrusion is that if you do get hacked, no damage can be done because the server is so locked down it can't do anything other then act as an SQL server.

Re:Servers do not need real time virus protection. (1)

grasshoppa (657393) | more than 9 years ago | (#12335889)

Don't be a retard, the point of preventing intrusion is that if you do get hacked, no damage can be done because the server is so locked down it can't do anything other then act as an SQL server.

You and I have differing definitions of "locked down", and in any case, I wasn't specifically referring to trojans, I was simply using them for the example.

Shit happens. As network admin, it's your job to limit the damage using every available mean. By not using AV on all machines ( yes, virginia, linux boxes too ), you are being negligent in your duties.

Re:Servers do not need real time virus protection. (1, Insightful)

Anonymous Coward | more than 9 years ago | (#12335979)

As an admin my job is to keep the servers running acceptable and cost effectively.

Real time virus protection hurts SQL server performance. Real time virus protection hurts web server performance. Real time virus protection costs money on print servers. If no damage can be done, then why spend the money or take the performance hit?

Re:Servers do not need real time virus protection. (0)

grasshoppa (657393) | more than 9 years ago | (#12336038)

If no damage can be done, then why spend the money or take the performance hit?

Oh? You know this for God herself told you?

You don't know. Mistakes happen. Plan for them.

Re:Servers do not need real time virus protection. (1)

mwood (25379) | more than 9 years ago | (#12335941)

"What kind of server do you have that requires [realtime AV]?"

File servers. You know, machines whose sole purpose is for end-users to stow files on them.

If your end users are keeping all of their critical files on their workstations you need to fire your admins and get some new ones who have a clue about disaster recovery.

Re:Servers do not need real time virus protection. (0)

Anonymous Coward | more than 9 years ago | (#12336036)

Absolutely! File servers get real time protection. I would think this would be so obvious that it didn't need mentioning but apparently it does.

Other then file servers, what kinds of servers need real time protection.

(notice I didn't mention file servers in my original post)

I will help in case other obvious things are not apparent.

Water is wet, the sky is up, fire is hot, and slashdotters like to look insightful by pointing out the glaringly obvious.

Re:Servers do not need real time virus protection. (1)

BrainstormOC (700265) | more than 9 years ago | (#12336051)

Guess everyone has a ton of money to throw around securing everything so perfectly. I WISH I could get that kind of funding for securing things. I've tried and tried to show the execs the importance of it all, and in the end it still gets shot down because the allocate the money to build an addition to our complex so more people will buyin and we'll have more money to play with, which of course will go towards improving that building or.....anything but improving the infrastructure already in place or funding security. Who do YOU work for? Not everyone gets that kind of money to play with Mr. Attitude.... *rolls eyes* sheesh.....

It should be part of the TCO (3, Interesting)

RoLi (141856) | more than 9 years ago | (#12335781)

Exactly. This is just part of the cost of running Windows. Any serious TCO-analysis should include the cost to purchase, install and update anti-virus software on Windows.

Is this anywhere related (-1, Redundant)

PinkX (607183) | more than 9 years ago | (#12335524)

To the Japan Train crash [] ? hopefully not.

Train crash in Japan (-1, Redundant)

woluwedal (701711) | more than 9 years ago | (#12335526)

I know its just probably a horrible coincidence, but there's just been a train crash in Japan killing at least 50. 031.stm []

Re:Train crash in Japan (-1, Offtopic)

Vo0k (760020) | more than 9 years ago | (#12335545)

But if it's not... Killed by antivirus software...?
I'd like to see this number confronted with the number of people killed by computer viruses (like crashing medical equipment or blocking some emergency services)

Re:Train crash in Japan (-1)

Anonymous Coward | more than 9 years ago | (#12335860)

It's a few years old, and has no real list of numbers, but check out

Fatal Defect : Chasing Killer Computer Bugs

Editorial Reviews
In Fatal Defects: Chasing Killer Computer Bugs, Ivars Peterson describes dozens and dozens of hoary computer bugs and gives biographical sketches of the bug detectives who located and fixed them. This book, which reads like a novel, is both entertaining and informative. Many of the bugs that Peterson discusses are not in computer programs per se but in the human systems that run and operate the computers. Very often the operator fails to understand what the computer program requires as input and types in an incorrect command. The computer then executes the command, with potentially disastrous results. Fatal Defects has important lessons for both those who design computers and those who use them.

It includes the Therac-25 incidents, in which a medical machine designed to emit either xrays or raditaion for killing tumors killed several people. The reason? The people entering in the dosage information would 'arrow-up' to change from one type of treatment to the other, which confused the machine, and full-strength radiation was released instead of the correct X-rays.

Hold the phone! (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#12335532)

Find that purchase order, we're staying with McAfee!

Who's to blame (4, Insightful)

janek78 (861508) | more than 9 years ago | (#12335539)

I suppose the manufacturer of the faulty software is not liable in any way. Would we buy say TV sets if their Terms of use said that they are in no way guaranteed to work for the purpose they were bought for, nor are they safe to use (like exploding randomly - It's time for the penguin on the top of the TV to explode).

I understand software is a tad more complex than your average TV, but cars are not exactly simple either and they seem to work quite well (most of the time). Will we ever get software that just works or will we always have to buy something in the good faith that it will work, but if it does not, it is our tough luck?

BTW, I hope slashdotting another japanese server won't cause much additional damage...

Re:Who's to blame (4, Informative)

Vo0k (760020) | more than 9 years ago | (#12335587)

Let me wake you up.
Car manufacturers fight really hard to stop this from getting more of media attention, but modern cars are known to have SERIOUS software bugs. Just google car software bug or similar for stories and references - running 100MPH down a motorway and have the engine switched off, everything shut down (and even the steering wheel blocked), or having the central lock imprison you in the car, so you can't get out, or having random pieces of equipment (wipers, windows, chair adjustment) to start at random... These are real stories. Cars aren't what they used to be...

Re:Who's to blame (0, Offtopic)

Anonymous Coward | more than 9 years ago | (#12335680)

Just google car software bug

Just coke window napkin vase

Man, 4 nouns in a row =oO

Re:Who's to blame (0)

Anonymous Coward | more than 9 years ago | (#12335709)

Re:Who's to blame (-1)

Anonymous Coward | more than 9 years ago | (#12335746)

Just 3. Google is acting as a verb. A bug in car software. A car software bug. Message boards don't not have the bestest grammar evar.

Re:Who's to blame (1)

dkone (457398) | more than 9 years ago | (#12335750)

google in this case is a verb, please post again when finished with 9th grade English.

Re:Who's to blame (0)

RJabelman (550626) | more than 9 years ago | (#12336054)

Verbing weirds language

Re:Who's to blame (2, Insightful)

Analogy Man (601298) | more than 9 years ago | (#12335757)

Cars aren't what they used to be...

And that is a good thing...despite these software glitches cars are SIGNIFACTLY safer today due to computers:

  • ABS Braking
  • Structural Analysis software
  • Vehicle dynamics / handling simulation
  • CFD analysis for tires (they are quite efficient pumps really)

If cars are going to go fly by wire they need to be tested and maintained like airplanes instead of like disposable consumer electronics...but in balance computers have made cars safer.

that's the problem (4, Insightful)

zogger (617870) | more than 9 years ago | (#12335949)

They are starting to make the cars so complex that it drives the cost up significantly for initial purchase, and the repair costs get astronomical because it requires a specialist in most cases to *really* fix them, but they still only last a few years before they start to break down and become uneconomical for most people. Catch 22 now. Airplanes on the other hand have high initial cost, high repairs and maintenance costs, but are designed for decades of service, not just a few years. Where are the high tech safer cards with 20 year warranties? the cost has gone up tremendously compared to when I was a kid, yet they still seem to break as much and are much harder to work on for joe average.

No easy choices for joe consumer and land transportation. It's not like you can go buy a brand new cheap car that isn't infested with all sorts of electronic stuff that isn't really necessary. It may be useful, but it's not exactly necessary. You can get older cars of course, but even then it's a high cost to restore them and in a lot of cases they have to be modified to pass emissions, which lowers their actual practicality value by introducing complexity. More stuff bolted on = more stuff to break, simple as that. I mean, new cars now cost what houses used to cost not that long ago, and they still drop in value the same as they always did, drive off the lot, whoops, several thousand gone, then it goes downhill from there. It's a cost/benefits/practicality issue that's quite complex, I don't think it can be really stated that cars are that much more of a deal now just because of all the electronic controls, which are consistently the number #1 consumer complaint with cars and repairs, the electronic control systems nowadays. Blackbox voodoo stuff that even the dealer factory trained guys have a hard time dealing with once they develop bugs.

Re:Who's to blame (0)

Anonymous Coward | more than 9 years ago | (#12335762)

having the central lock imprison you in the car, so you can't get out,

if you are so feeble that you can not physically override a solenoid locking system by moving the lever by hand then you deserve to die in your car.

got any more urban ledgends to share with us?

Re:Who's to blame (2, Interesting)

kfg (145172) | more than 9 years ago | (#12335777)

RyanFenton, posting in the computerized cars for traffic control thread:

I'd MUCH rather trust a reasonably engineered computerized system than the thousands of other drivers around me on my way about town.

I didn't post there, but my very first reaction on reading was:

"And just where the hell do propose to find one of those?"

This story illustrates my reaction. Imagine thousands of cars around you on your way about town that have suddenly lost all control.

Without the introduction of computers cars are actually not that complicated. They consist of a relatively few number of parts mechanically linked in such a way that any child can intuitively grasp their operation. You can teach yourself a fair amount of auto mechanics through entirely empirical methods, just sitting down with the device, taking it apart, putting it back togehter, and grasping how the whole thing works by such observation.

Nobody's going to write a virus checker that way, or a car control system. The computer is too complicated, consisting of billions of invisible "parts" whose operation is entirely abstracted from their function.

To the extent that cars are complicated these days, to the further extent that even formally trained mechanics cannot figure out what's wrong with them without plugging them into a computer, it is because they now contain. . .computers.

So refering to cars as an example of something that's complicated but reliable is not factual ( and I myself have found myself sitting by the side of the road with a mechanically sound car that refused to run because a control chip died), but also begs the question.


Re:Who's to blame (-1)

Anonymous Coward | more than 9 years ago | (#12335845)

Begs what question?

Re:Who's to blame (1)

terraformer (617565) | more than 9 years ago | (#12335854)

Yup, my 2004 saab 93 has more than a few of them. Sometimes the volume control on the steering wheel works, sometimes not (it seems to depend on whether or not I let the car POST before kicking over the engine). I get out of the car and low and behold, my reverse lights are on, nothing else though and I was not in reverse when I shut down the engine. Sometimes when I hit the remote to lock the drivers side door (the only one open) the other three doors open while the drivers side closes. Hit the lock button (as opposed to the unlock button which is seperate) again and the situation reverses and there is still an unlocked door. It takes starting the car back up and waiting to clear it. These are all minor but I would love to know what others are lurking...

Re:Who's to blame (1)

Beatbyte (163694) | more than 9 years ago | (#12335872)

I agree. And because it's happened to me.

Driving 70mph in heavy rain and my whipers quit. I quickly hit the brakes and drove off the road. I'm glad I had a little Rain-X left on the windshield. Otherwise I would have been about 20 feet down in a ditch.

The other time that truck tried to kill me was when the butterfly in the throttlebody stuck wide open. That was a hell of a ride!

Re:Who's to blame (3, Interesting)

Patrik_AKA_RedX (624423) | more than 9 years ago | (#12335759)

Software design is still a pretty young field of construction. Building construction has had more than 2 millenia to develop, while software design had about century (give or take a decade). In the early days (read: centuries) buildings were designed by rules of thumb. Only the last few centuries the real science of contruction was developed. (The metalurgical properties of steel wasn't researched until after WW2 when they figured out that welded ships couldn't handle the extreme cold of northern seas very well) In software design we're at the point where we're trying to come up with the science, but are still mostly using rules of thumb.

Given time software will reach a point where it's about as reliable as concrete buildings, but in the mean time we'll be stuck with the many kinds of blue screens.

A lesson here. (3, Insightful)

Anonymous Coward | more than 9 years ago | (#12335557)

This is why sysadmins should never roll out updates without testing them first. And what's even worse than non-testing is letting individual stations update directly from a vendor's site on the internet. Just asking for trouble.

New sales slogan (5, Funny)

Alien Being (18488) | more than 9 years ago | (#12335570)

With Trend Micro, viruses are the least of your worries.

LPT$VPN.594? (2, Interesting)

Anonymous Coward | more than 9 years ago | (#12335589)

Was this the issue with LPT$VPN.594?

The large bookseller I work for (think "Stables and Lords") got hit with that on Friday. All the XP machines (basically, the Manager's computers in the stores) and even a few of the XP computers in the Helpdesk (where I work) would lock up and freeze during boot.

Deleting the offending file fixed the issue.

Re:LPT$VPN.594? (1, Informative)

Anonymous Coward | more than 9 years ago | (#12335722)

Yeah, that was it:

Pattern File 2.594.00 may cause high CPU utilization

Overview of Issue

On April 22, 2005, selected OfficeScan, PC-cillin, ServerProtect for NT, Client/Server Suite for SMB and Client/Server/Messaging Suite for SMB customers began experiencing difficulties using their computers due to slow down or 100% CPU utilization. This was shortly after Trend Micro posted Official Pattern Release (OPR) 2.594.00 at 3:30 p.m. US Pacific Time (or 11:30 p.m. GMT), which was later found to potentially cause performance issues when certain computer configurations are met.

OPR or Pattern File 2.594.00 was therefore removed by Trend Micro from its websites and Active Update servers by 5:02 p.m. US Pacific Time of the same day (or 1:02 a.m. of April 23, 2005 GMT), and was only available for approximately 1 hour and 30 minutes.

Subsequently released pattern files (e.g., OPR 2.596.00 or higher) do not cause this issue.

Why did this happen?

To protect its customers against the growing threat of the WORM_RBOT family, Trend Micro enhanced the decompression ability of its Pattern File by supporting 3 new heuristic patterns, including UltraProtect decompression, in OPR 2.594.00.

Due to an isolated anomaly in the engineering, development and pattern release process, the UltraProtect decompression may, in certain circumstances, cause some systems to experience high CPU power consumption. This can lead to system instability when this specific file type is scanned using Pattern File 2.594.00.

Bug free? (4, Funny)

taobill (575617) | more than 9 years ago | (#12335591)

A bug free version was released on noon Saturday.

They can prove that there are no bugs can they? That would be a neat trick.

And what's "on noon"?

How about: A fixed version was released at noon on Saturday.

Re:Bug free? (1)

Ulrich Hobelmann (861309) | more than 9 years ago | (#12335755)

No, they used the new, hot Software Engineering technique: Bug-free Software Engineering!

But I agree, it's sad that any company makes that claim.

Actually (-1)

Anonymous Coward | more than 9 years ago | (#12335767)

There are many "noons" around the globe depending on the timezone you are in, which one was it?

Heh, my favourite noon is actually Shanghai Noon. Gotta love that Jackie Chan!

Re:Bug free? (-1, Flamebait)

kentmartin (244833) | more than 9 years ago | (#12335790)

Damn, I have mod points at the moment, but can't find the "-1, Pedantic git" mod option.

Re:Bug free? (1)

Vo0k (760020) | more than 9 years ago | (#12335912)

Actually there ARE techniques of "proving there are no bugs". A program can be mathematically proven to be correct and error-free.

As usually, there's a hook. Proving correctness of anything more complicated than 2-3 nested loops and a handful of conditional statements would require more computational power that exists in the whole world.

Not quite useless - 20-line routine about mixing fuel in a jet engine is something worth proving, and these things are subjected to this technique. But 3 megabytes of an antivirus - sorry...

Two questions... (-1, Troll)

Anonymous Coward | more than 9 years ago | (#12335595)

Why the hell does something as important as a railway management SCADA system run a microsoft OS??

who was the engineer (as in guy designing it) and his address so people can throw eggs as him for his stupidity.

second, WHY is it on anything but a protected provate network so "virus" software is needed?

yes kids, you CAN have insecure windows machines on a network and safe WITHOUT virus scan software. any netadmin that says otherwise is a know nothing fool.

Can anyone explain? (2, Funny)

0olong (876791) | more than 9 years ago | (#12335616)

Why a bug in Trend Micro's antivirus software would appear in Eastern Japanese LANs specifically?

Does it like sushi?

Re:Can anyone explain? (1)

0olong (876791) | more than 9 years ago | (#12335677)

Nevermind. I decided to read the article. Considering time zones, Japanese businesses probably were the ones with the earliest working hours.

The problem with AV (4, Insightful)

Fished (574624) | more than 9 years ago | (#12335634)

Antivirus checking is, by nature, an invasive procedure. Is it really surprising that these products have such a lousy reputation for impacting system stability?

Oddly, my Solaris and/or Linux and/or OSX servers are able to get by without any sort of AV protection (other than promptly installing patches). And, oddly enough, they are more stable.

Go figure. :)

Re:The problem with AV (3, Interesting)

mikeumass (581062) | more than 9 years ago | (#12335651)

Less market share. Windows is a much more apetizing market. Especially since most users wouldn't know if they had a trojan in the first place. How many people actually renew thier subscriptions with Norton or NA?

Re:The problem with AV (2, Interesting)

Deffexor (230167) | more than 9 years ago | (#12336030)

I actually ran into this problem at a customer's site this weekend. They had Trend Micro AV and the computer was utterly crippled. It was like it had some utterly malicious virus on it gobbling up all the cpu time.

Using SysInternal's Process Explorer, I was ultimately able to see that a module (running as a part of the "system" process) called "TmXPflt.sys" was running 4 simultaneous threads each using about 25% of the CPU. Since the "system" process is given higher priority than all other processes, the system naturally slowed to a crawl.

I rebooted into safe mode and renamed this file and restarted. The system behaved like normal again. The file said it was a Trend Micro "XP Post Filter" (mail filter?) - After all that, I thought that it was particularly weird that I hadn't read about some problem from Trend Micro on a major news outlet (like Slashdot) :-)

This is a disaster! (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#12335650)

I may be risking my life by telling you this, but I consider Trend Micro's catch-phrases antithetical to my principles as a person concerned for the good of all. Before I begin, let me point out that the worst types of condescending, tendentious schemers there are are the biggest threat to freedom the world has ever seen. That's clear. But some people think I'm exaggerating when I say that Trend Micro's reinterpretations of historic events are some of the most cranky, wishy-washy, and featherbrained I've ever encountered. But I'm not exaggerating; if anything, I'm understating the situation. Before I move on, I just want to state once more that my empirically validated theory is that only by taking risks and pushing boundaries with this letter can I take steps toward creating an inclusive society free of attitudinal barriers. What's my problem, then? Allow me to present it in the form of a question: Why does the media consistently refuse to acknowledge that Trend Micro's inclinations will come back to bite us in the behind some day? No, don't guess; this isn't audience participation day. I'll just tell you. But before I do, you should note that Trend Micro's whinges are not our only concern. To state the matter in a few words, if you've read any of the obnoxious slop that Trend Micro has concocted, you'll truly recall Trend Micro's description of its plan to encourage the acceptance of scapegoating and demonization. If you haven't read any of it, well, all you really need to know is that Trend Micro has, at times, called me "maladroit" or "dim-witted". Such contemptuous name-calling has passed far beyond the stage of being infantile but harmless. It has the capacity to drive us into a state of apoplexy. Trend Micro's methods are much subtler now than ever before. Trend Micro is more adept at hidden mind control and its techniques of social brainwash are much more appealingly streamlined and homogenized.

I am not mistaken when I say that Trend Micro is trying to brainwash us. It wants us to believe that it's mad to get us out of the hammerlock that it is holding us in; that's boring; that's not cool. You know what I think of that, don't you? I think that even if one is opposed to crazy Marxism (and I am), then surely, Trend Micro is typical of inarticulate stumblebums in its wild invocations to the irrational, the magic, and the fantastic to dramatize its agendas. Trend Micro's mercenaries all have serious personal problems. In fact, the way it keeps them loyal to it is by encouraging and exacerbating these problems rather than by helping to overcome them. I can easily see Trend Micro performing the following repugnant acts. First, it will inject even more fear and divisiveness into political campaigns. Then, it will generate alienation and withdrawal. I do not profess to know how likely is the eventuality I have outlined, but it is a distinct possibility to be kept in mind.

I am being entirely serious when I say that Trend Micro's beliefs all stem from one, simple, faulty premise -- that obstructionism is a viable and vital objective for our nation's educational institutions. As everyone knows, there is considerable evidence to show that Trend Micro is serious about wanting to fuel inquisitions. What you might not know, however, is that honor means nothing to Trend Micro. Principles mean nothing to Trend Micro. All it cares about is how best to shout obscenities at passers-by.

Trend Micro's claim that it has been robbed of all it does not possess is not only an attack on the concept of objectivity, but an assault on the human mind. Even though Trend Micro presents a public face that avoids overt autism, it is not as vitriolic or flagitious as you might think. It's more so. Trend Micro is an inspiration to pertinacious tricksters everywhere. They panegyrize its crusade to coordinate a revolution and, more importantly, they don't realize that I do not have the time, in one sitting, to go into the long answer as to why Trend Micro backstabs its representatives. But the short answer is that I believe I have finally figured out what makes organizations like it rip apart causes that others feel strongly about. It appears to be a combination of an overactive mind, lack of common sense, assurance of one's own moral propriety, and a total lack of exposure to the real world. The only appropriate attitudes in a society overrun by mingy galoots are fear and distrust. I'm not going to say why; we all know the reason.

Trend Micro extricates itself from difficulty by intrigue, by chicanery, by dissimulation, by trimming, by an untruth, by an injustice. Relative to just a few years ago, abusive dolts are nearly ten times as likely to believe that the federal government should take more and more of our hard-earned money and more and more of our hard-won rights. This is neither a coincidence nor simply a sign of the times. Rather, it reflects a sophisticated, psychological warfare program designed by Trend Micro to raise extortionate demands.

Trend Micro should learn to appreciate what it has instead of feeling so oppressed because it can't do everything it wants, every time it wants to. What I'm saying is this: Trend Micro is the type of organization that turns up its nose at people like you and me. I guess that's because we haven't the faintest notion about the things that really matter, such as why it would be good for it to make people suspicious of those who speak the truth. I must point out that when Trend Micro was first found trying to retain an institution which, twist and turn as you like, is and remains a disgrace to humanity, I was scared. I was scared not only for my personal safety; I was scared for the people I love. And now that Trend Micro is planning to engage in or goad others into engaging in illegal acts, I'm decidedly downright terrified.

What a cunning coup on the part of Trend Micro's goons, who set out to harm others, or even instill the fear of harm, and got as far as they did without anyone raising an eyebrow. The fact is, there is something dirty about Trend Micro's shabby mendacity and sneaking duplicity. The sooner it comes to grips with that reality, the better for all of us. If I were elected Ruler of the World, my first act of business would be to show principle, gumption, verve, and nerve. I would further use my position to inform certain segments of the Earth's population that it is important to realize that I shall do my utmost to strike at the heart of Trend Micro's efforts to promote subversive ideologies, such as diabolism. More than that, if we contradict Trend Micro, we are labelled misguided ingrates. If we capitulate, however, we forfeit our freedoms.

I would like to digress here. In light of my stance on this issue, I don't want to build castles in the air. I don't want to plan things that I can't yet implement. But I do want to face our problems realistically, get to the root of our problems, and be determined to solve them, because doing so clearly demonstrates how if it wants to complain, it should have an argument. It shouldn't just throw out the word "phytopaleontological", for example, and expect us to be scared. In a sense, Trend Micro says that the Universe belongs to it by right. But then it turns around and says that if it kicks us in the teeth, we'll then lick its toes and beg for another kick. You know, you can't have it both ways, Trend Micro. Trend Micro doesn't care about freedom, as it can neither sell it nor put it in the bank. It's just a word to it.

Strictly speaking, throughout history, there has been a clash between those who wish to protect the interests of the general public against the greed and unreason of self-deceiving deadheads and those who wish to help scummy fugitives evade capture by the authorities. Naturally, Trend Micro belongs to the latter category. The main dissensus between me and Trend Micro is that I maintain that Trend Micro's equivocations do not hold under close moral scrutiny. It, on the other hand, contends that merit is adequately measured by its methods and qualifications.

Trend Micro's hariolations appeal to people who are fearful about the world's political and economic situation and long for simple solutions to complex problems. Its supporters probably don't realize that, because it's not mentioned in the funny papers or in the movies. Nevertheless, Trend Micro doesn't use words for communication or for exchanging information. It uses them to disarm, to hypnotize, to mislead, and to deceive. Some time ago, in the aftermath of Trend Micro's last volley of attacks, a group of treacherous recidivists began to pander to impolitic lounge lizards. I wish I could put it more delicately, but that would miss the point. I can't predict the future, but I do know this: Trend Micro's ebullitions are merely a stalking horse. They mask its secret intention to nourish raucous ideologies. Thus, in summing up, we can establish the following: 1) Trend Micro's few positive contributions will continue to be overshadowed by its broader message of hate, and 2) Trend Micro's obiter dicta are made of the same spirit that accounts for the majority of the problems we face in this world.

Re:This is a disaster! (0)

Anonymous Coward | more than 9 years ago | (#12335703)

Ummm. Okay. And your point is?

Re:This is a disaster! (-1)

Anonymous Coward | more than 9 years ago | (#12335756)

His point was very clear!

Can't you understand it? Too much email or IM eh?

Antivirus software on mission critical computers? (5, Insightful)

mferrier (878754) | more than 9 years ago | (#12335670)

Yet another example of why critical computer systems should be stripped down to the barebones tried-and-true software and isolated from any potential source of interference. This goes doubly for a system like this on which the local infrastructure depends!

Re:Antivirus software on mission critical computer (1)

Hasai (131313) | more than 9 years ago | (#12335918)

Ah; you mean like rip-out the Microsoft OS and replace it with a minimalized Linux kernel? I'm all for that.... ;)

Auto Update of Antivirus IS a secuirty risk (4, Insightful)

csk_1975 (721546) | more than 9 years ago | (#12335697)

There was a discussion about auto update of both definitions and scan engines being a security risk some time ago on Full Disclosure (I think it started as a Windows Update thread). This event just goes to show that software which auto updates should be used with caution and controls are required if its going to be used on critical systems, ie any updates need to be tested prior to roll out. Whether or not this can be viewed as a security incident is debatable, but software which downloads updates that cause a DOS are usually viewed as malicious. I wonder about the cruft like Plaxo (and all that other supposedly safe stuff) which download updates all the time, I can't stop it (not for technical reasons ;) but I'm just waiting for the day an auto downloaded update craps out some VP's laptop.

Why AntiVirus? (3, Interesting)

MindStalker (22827) | more than 9 years ago | (#12335710)

What I want to know is why do the computers controlling the train system in Japan need antivirus. Are they attached to the internet? Do they have disk drives? This system should have neither, I can understand the reason for a seperated system to be connected to the net for reporting train schedules and problems. But connecting a control system like that? Running it on windows? Silly. Thats worse than having antivirus on an ATM.

Re:Why AntiVirus? (1)

MindStalker (22827) | more than 9 years ago | (#12335732)

By disk drives I meant floppy drives/cdroms etc not hard drives.

Re:Why AntiVirus? (3, Interesting)

guy-in-corner (614138) | more than 9 years ago | (#12335808)

Even if a computer system isn't connected to the Internet, you can guarantee that -- if it's connected to any kind of network infrastructure -- some idiot is going to jack their laptop into it, or plug a USB key into one of the PCs.

This is how viruses can get onto supposedly 'private' networks.

It takes a significant amount of effort from the IT guys to harden a system against this -- managed switches, Windows group policy. They're guaranteed to forget something.

The right thing to do is to disable the AV updates over the Internet, and use internal update servers (assuming that your AV solution supports it).

This means that you can validate the AV software on a test rig before it ends up on mission-critical production kit.

Re:Why AntiVirus? (1)

MindStalker (22827) | more than 9 years ago | (#12335897)

Guess I should have RTFA, states only some ticket office computers were affected, not the critical controlling ones. :(

A disassemble of this virus (2, Funny)

WetCat (558132) | more than 9 years ago | (#12335731)

0x100000 hlt

This crash brought to you by the letter 'P' (1)

DarkFencer (260473) | more than 9 years ago | (#12335774)

Um... I really have to wonder at the QA testing that goes on at Trend Micro. It seems that there have been some pretty big screwups there that made it into their enterprise software.

In case anyone forgot this one:
Trend Micro Quarantines Letter P []

Second Trend Micro screw-up this month (0)

Anonymous Coward | more than 9 years ago | (#12335804)

Earlier this month, Trend Micro screwed up and released definitions that triggered false positives on fairly stock machines: (google groups discussion) []

I've really been less than thrilled with Trend's software.

We had the same problem (4, Insightful)

Xerxes1729 (770990) | more than 9 years ago | (#12335806)

The same thing happened at my school this weekend. At the beginning of the year, ITS required that anyone with a Windows machine install this Trend Micro program and give them the password to an administrator account*. By "securing" all the Windows machines, network outages would be prevented. Ironic, eh? Those of us who use other OSs, of course, were unaffected. And best of all, when they sent out a notice about fixing the problem, they didn't explain what had happened - we had to wait for one of the students who works there to tell us.

*They wanted me to give them my root password before they would turn on my network connection. I told the nice woman that if ITS expected me to trust them with my password, surely they would trust me with the password to one of the servers. She rolled her eyes and activated my connection.

Re:We had the same problem (3, Insightful)

Ruprecht the Monkeyb (680597) | more than 9 years ago | (#12335893)

The problem is with your IT department, then, not with Trend Micro. The TM client software can be deployed in a number of ways that don't require client interaction, much less giving them the admin password.

I use TM's enterprise stuff at a number of clients, and I've found it to be far more reliable than anything else. Most of my clients were using other products before I moved them over to TM, and nearly all of them were having problems with client interaction, updates not working, etc. And despite updating regularly, I've never been hit by any of the bugs reported.

What wrong (0)

Bohemoth2 (179802) | more than 9 years ago | (#12335820)

wit Mc Afee? it works well enough for me

Nice response time (-1, Troll)

Anonymous Coward | more than 9 years ago | (#12335825)

Wish Microsoft had a response time to bugs like that.

Helpful, NOT... (2, Informative)

timbo1234 (840094) | more than 9 years ago | (#12335846)

This hosed all our work computers until the update appeared. 99% CPU usage on all of them. No helpfull info on the Trend site either. Cheers guys...

Re:Helpful, NOT... (1, Informative)

Anonymous Coward | more than 9 years ago | (#12336015) erview.htm

The statement by trend micro.....

So dual CPU makes sense... (2, Interesting)

stm2 (141831) | more than 9 years ago | (#12335862)

Some weeks ago there was a news here about using 1 CPU just to run housekeeping software (AV, anti-spyware, firewall, and so on) and let the other for user's taks.
It seems it is not so bad idea after all (at least, for Windows users).

Info on Full-Disclosure list (3, Informative)

tsvk (624784) | more than 9 years ago | (#12336014)

There was discussion on this on the Full-Disclosure mailing list [] when posters suspected [] that the 100% CPU usage on their computers was because of some new unknown virus.

A repesentative of Trend Micro Germany made a post to the thread [] where he explained the situation, apologized for it and offered pointers to their support database so that people could get the malfunctioning virus signatures uninstalled.

Deaths in Japan (-1, Redundant)

p0 (740290) | more than 9 years ago | (#12336018)

A train crash related to this bug has killed 50 people in Japan.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?