Posted on 01/12/2016 6:43:44 PM PST by Utilizer
A Google Project Zero researcher has left security vendor Trend Micro with egg on its face, after discovering its software contains multiple, serious vulnerabilities that are easy to exploit without user interaction or notification.
Tavis Ormandy of Project Zero noted that when Trend Micro antivirus is installed on Windows, the password manager component - written mostly in Javascript using the node.js framework that's included by default - allows any any website to run arbitrary code on users' machines.
The flaw in password manager allegedly took Ormandy only about 30 seconds to discover.
He said the vulnerability is trivial to exploit, and can be used to execute commands without any visible prompts or notifications to users, who would be unaware that their machines are being attacked.
Ormandy reported the issue to Trend Micro, which has developed a fix for the problem.
(Excerpt) Read more at itnews.com.au ...
Trend Micro has always been a POS.
“But the salesman said that the Indian programmers were just as good as anyone we could hire in Australia....”
Worse than PC Matic?
*-that knows next to nothing about adware, bloatware, malware, virusware, worms, basic security functions, or also happens to speak EaaSL.
Neck and Neck...
Over at /. they’re saying this involves a “FREE!!” password manager written in javascript, offered as an install option. That would be a bad thing and very unprofessional.
I had Trend Micro once. It was crap. Got rid of it and it was addition by subtraction.
First PC came with Trend Micro.
Everything went south.
Called “customer service”.
My ear is still ringing from them hanging up on me.
(1997)
Oddly enough, I underwent a strikingly similar experience not long before yours, only I was asking some rather pointed questions of the INS...
Apparently, the were quite unwilling to reply with any exact answers. After determining that I was determined to get specific details on their official procedures, rules, and regulations they decided to abruptly end the phone call.
Quite abruptly.
Well, I see that I am not alone!
Hrrmph!... Apparently “they” were, not apparently “the” were.
Typing too fast. :)
PING for your Microsoft list members who may be using Trend Micro antivirus. . .
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.