Please create an account to participate in the Slashdot moderation system


Forgot your password?
Google Security Windows

Patch Out For 'Ridiculous' Trend Micro Command Execution Vulnerability ( 31

An anonymous reader shares a report on The Register: A bug in its software meant that Trend Micro accidentally left a remote debugging server running on customer machines. The flaw, discovered by Google's Project Zero researcher Tavis Ormandy, opened the door to command execution of vulnerable systems (running either Trend Micro Maximum Security, Trend Micro Premium Security or Trend Micro Password Manager). Ormandy -- who previously discovered a somewhat similar flaw in Trend Micro's technology -- described the latest flaw as 'ridiculous'. Trend Micro issued a patch for the flaw, a little over a week after Ormandy reported the bug to it on 22 March. The patch is not complete but does address the most critical issues at hand, according to the security firm.
This discussion has been archived. No new comments can be posted.

Patch Out For 'Ridiculous' Trend Micro Command Execution Vulnerability

Comments Filter:
  • by phantomfive ( 622387 ) on Thursday March 31, 2016 @02:49PM (#51816973) Journal
    Fortunately, Trend Micro won an award, they're the best at stopping zero day threats! [] So it's not a problem, keep using your anti-virus.
    • I let my subscription lapse. I figure I am better off just using Windows Defender.

    • Re: (Score:1, Insightful)

      by Anonymous Coward

      The last AV I used was on MS DOS, Invirsible, and it used a heuristic approach: It set out a trap for viruses, so that when they infected the file it knew how the files were infected and could (usually) reverse the process.

      Shortly after that I began using Linux (back when you had to arrange for its boot image to be written to the MBR manually). I haven't had any need for AV since. This is because an AV is only as good as the software updates are bad. Linux has good software updates, which means that the

      • Linux has good software updates, which means that the exploit vectors are patched at the same rate that an AV would release updates

        That's a good point, I'd never thought of it like that before.

  • by Anonymous Coward on Thursday March 31, 2016 @03:10PM (#51817219)

    I'm pretty sure Trend Micro causes autism.

  • Glass house (Score:5, Interesting)

    by sinij ( 911942 ) on Thursday March 31, 2016 @03:21PM (#51817341)
    Welcome to realization that this is normal. Not even new normal, as it always been this way.

    Pretty much any vendor out there that produces software or IT hardware doesn't effectively test it. IT vendors that take QA seriously are very very rare, most just don't take testing seriously. This is further complicated by the fact that QA is seen as a dead-end IT career. Universally lower pay matches this outlook. Consequently, hiring and retaining good QA is very challenging as anyone competent constantly attempting to move away from it.
    • Re:Glass house (Score:4, Insightful)

      by phantomfive ( 622387 ) on Thursday March 31, 2016 @04:37PM (#51818081) Journal

      IT vendors that take QA seriously are very very rare, most just don't take testing seriously.

      Security vulnerabilities aren't something you can expect QA to find, it's not what they do. If you want secure code, you need to be thinking about security starting in the design phase, and keep thinking about it until release (and beyond). You can't just test for security at the end of the process, that strategy guarantees failure.

      • by Anonymous Coward

        Well, clearly no one at trend micro was thinking about security at any part of the development process, because if they did they wouldn't have left a remote debugging server built into a commercial anti virus program that typically runs with admin rights. So in this case, if some QA guy did a quick port check and just so happened to find the debugging server, I think testing for it would have helped.

        Security is an in depth business. QA is just as much a part of that business as any other part of the process

      • by sinij ( 911942 )
        I disagree. Remote debugging was left on. This is something I do expect QA to catch.
  • by Anonymous Coward

    APK Hosts File Engine 9.0++ SR-4 32/64-bit []

    * Less power/cpu/ram+ IO use vs. local DNS servers + addons w/ less security issues vs. DNS + routers. Less complex vs firewalls (needing layered filtering drivers - hosts don't + firewalls block less used IP addresses, hosts block more used host-domain names) complimenting 'em. Antivirus = reactive. Hosts = proactive, blocking infection BEFORE you get it. Gets its data from 10 reputable security community sites.


    P.S. - Hosts get

    • Hosts = better antivirus than antivirus

      In this case, I guess it's probably true. As long as you include keeping your patches up to date.

"The Avis WIZARD decides if you get to drive a car. Your head won't touch the pillow of a Sheraton unless their computer says it's okay." -- Arthur Miller