Tough weekend for AV giants as FPs and DNS issues hit

Trend false alert cripples users' systems, Sophos sites taken out by DNS mixup.

Two of the larger security firms, Trend Micro and Sophos, had a busy weekend cleaning up after troubles hit them on Friday. Trend Micro released a pair of signature updates which led to its products erroneously identifying several Windows system files as malware, resulting in some systems becoming unusable. Meanwhile, some Sophos customers were left unable to access updates thanks to DNS problems which impacted access to the firm's websites for up to 48 hours.

The Trend false positive resulted from a pair of faulty definitions, and hit XP and Vista users around the world. An update to fix the problem was released promptly on Friday, but not in time for some, who found their systems frozen as access to the required DLL and Javascript files was denied by the security software.

Although the exact number of customers affected remains unclear, one correspondent told ComputerWorld the Trend support lines were overflowing with demands for assistance. The incident is not thought to be as major as one suffered by Trend three years ago, which severely affected many users in Trend's home market of Japan and led to public apologies from the Trend board. More details and comment on the recent problems are in ComputerWorld here or The Register here, with an official support article at Trend here.

Sophos users found access to some of the company's websites, including those used to provide security updates, interrupted after what was apparently an error made by an external DNS management company. The slip meant that the sophos.com domain was unreachable for a time, although local versions of the site were unaffected. Even once the problem had been spotted and fixed, users in some areas continued to have problems into the weekend as the changes propagated.

Sophos issued statements making it clear that the problems were not the results of any malicious activity, and reassuring customers that updates would be caught up with as soon as the DNS changes settled in. The advisory is on the Sophos site here.

10 September 2008

Tags: DNS, false positive, sophos, trend micro. del.icio.us digg this