Trend Micro’s Problems

When I first took my job as Security Manager we had this horrid AV software called Trend Micro Officescan. The console seeems ancient and its just not what is needed in an enterprise environment. The downfall of Trend Micro is its inability to keep our network Virus free. Our main problem virus is known as Virut, it goes by scribble/Virux/iFrame as well. Trend can detect the virus but cannot clean the virus in most cases. In most cases when Virut infects a computer, its objective is to infect, spread then kill the computer. Virut also is capable of receiving instructions from IRC based chat channels which allows a remote user to take control of the infected machine. Virut is a polymorphic virus, meaning it has the ability to change its code and behaviors. This same virus brought down the Texas judicial system when it came out in early 2009. Virut works by infecting .exe (regular program files, the icons you click on usually are .exe files) and .scr (screen saver files). The way the program seems to propagate is through the HTML_iFrame vulnerability. This is when the code is placed on html files on the system, then spreads to a Virut infection. This means any websites saved on the PC, including help files associated with programs are infected and in turn infect the machine. Currently when Trend detects the threat on a machine it will try and disinfect the file which fails 95% of the time, Trend then tries to quarantine the file. Once the cleaning and quarantine fails Trend then just deletes the file. The problem with this is that Trend deletes certain essential system files that are needed to keep the system running. Trend also has a console which allows for management of the system but is limited, so there are essentially four consoles and no central management console. Trend definitions also seem to be a problem, the server is either not passing them out to each and every device or the devices are not allowing the program to update. This is causing infections and network attenuation. Device control is also not available through Trend Micro Officescan. Device control is when you plug in a device or thumb drive and the software automatically scans the device(s) for threats. This is one of the main ways viruses get onto systems.

Speaking with Trend Micro, I have learned they have a new product out that is meant for larger environments. I have not tried this out but the company also said we could get down to one server then went back to say as many as 4 servers would be needed.

The moral of this long drawn out story? Don't do business with Trend Micro, itll be worth a few extra dollars or a little bit of worry with a free tool than to subscribe to these guys. Their support is horrible, I have yet to get a return call back from almost a year ago...still waiting on that one Trend.