AlbertPacino
Skilled
Anti-virus reveals reason for crashing update.
The update, named by Trend Micro as Official Pattern Release (OPR) 2.594.00 was released at 11.30pm GMT on 22 April and was removed from the Active Update list 90 minutes later at 1.02am, 23 April.
Customers using OfficeScan, PC-cillin, Server Protect for NT, Client/Server Suite 2.0 for SMB and Client/Server/Messaging Suite for SMB were directly affected by a bug in the file update, which created a loop which used up nearly 100 percent of CPU processing power.
As a result affected computers using the auto update feature either stalled or crashed. An hour-and-a-half later a second patch (2.596.00) to combat this issue was released by Trend Micro.
The vast majority of the computers affected were in Japan, although Trend Micro has received several reports of users of their product experiencing problems in the US, Middle East and Australia.
According to Australian Trend Micro managing director Chris Poulos, the reason for the bug being included in an update was due to Trends Micro's own internal testing procedure. "The testing procedure is a game of speed and fulfilling procedures, and I think one test went to fast and not quite correctly," Poulos said.
"How it was tested is more the case than it was released untested - the procedure for that file (OPR 2.594.00) did not take the full extent of the testing procedure - it is about getting the pattern file out there to protect the customer.
"We have a management procedure to understand what happened because learning from mistakes is critical for any organisation."
Poulos added that the fact the issue occurred on a long weekend lessened the potential damage for Australian customers, adding: "If life was up to chances we have been dealt a good hand". This was the first time this has happened to Trend Micro, he stressed.
The compression tool used by Trend Micro, named UltraProtect, compresses and encrypts Windows applications. Trend have confirmed they added support for UltraProtect in the offending pattern file (2.594.00), and found the decompression of certain file scanning caused high CPU use under Windows XP SP2.
[RANK="www.techworld.com/security/news/index.cfm?NewsID=3559"]Source[/RANK]