WordType Designs
Driven To Distractions©
The Sound of One Hand Clapping©

A rchive Date
[ 10-06-2000 ]
Category
[ Information Technologies ]
sub-Categoy
[ Trend Micro ]
      [Web attacks: Cure worse than disease?
      In a twisted, techy sort of irony, Trend Micro's anti-viral OfficeScan - which also checks for DoS vulnerabilities - is a prime vehicle for foul play.
      By Steven J. Vaughan-Nichols, Sm@rt Reseller
      UPDATED March 9, 2000 6:42 AM PT

      The difference between checking for security holes and exploiting them is purely one of intent, as anti-virus maker Trend Micro Inc. has discovered.

      Trend Micro's enterprise anti-viral program OfficeScan - which also scans for denial-of-service (DoS) vulnerabilities - also is a prime vehicle for foul play. According to Bugtraq reports and Trend Micro itself, OfficeScan also opens the door for internal attacks.

      OfficeScan, it turns out, suffers from several problems. If the product is set to be administered from a server, as commonly done, an attacker can impersonate the server and crash clients. Indeed, all it takes to lock up a client system is opening up more than five simultaneous connections and then flooding them with random data.

      System administrators can seal this hole by upgrading to version 3.5 of OfficeScan, which allows users to set the update features to other ports, and installing the updated dynamic link library, 3508tmsock.dll. For registered OfficeScan 3.1x users, that is a free upgrade.

      Tip of the iceberg
      There's more trouble lurking in OfficeScan. Unlike all other Trend Micro products, OfficeScan doesn't have an authentication/crypto-protected protocol between clients and the program manager. That means within a network on the same subnet, there are numerous ways to use OfficeScan to do everything from cause a LAN-wide DoS attack to rewrite entire hard drives to subtly place invisible Trojan programs on computers.

      For the short term, the only solution is to disable the NTlisten.exe service on systems. By the end of the week, Trend Micro claims it will have a better answer.

      Dan Schrader, VP of new technology at Trend Micro, acknowledges these problems are "very significant and we're taking it seriously."

      Specifically, by this weekend, Trend Micro will be releasing a patch that will automatically update OfficeScan programs to include authentication and encryption of commands and data flying between server and clients. Those, and other improvements, should seal this hole, he says.

      Why are the fixes taking a week? According to Schrader, because OfficeScan works on heterogeneous networks, Trend Micro is "making sure it's bulletproof before we release it."

      Ironically, the news of the OfficeScan vulnerability follows on the heels of Microsoft's offer of a free copy of OfficeScan for Microsoft Small Business Server 4.5 with every copy of SBS 4.5 purchased between March 1 and June 30.]
      Cross-Indexed:

      New document Icon


Some pages may require Adobe Acrobat Reader


Copyright and Fair Use Information: The contents of this web site is protected by international copyright laws and may not be reproduced in any form or manner whatsoever, if for the purpose of resale or solicitation of a donation. The essays included here, may be reproduced only if: 1)They are not altered in any way; 2) reproductions must be accompanied by this copyright page ; and 3) it is given freely and without charge.
Fair use: The fair use of copyrighted work, including such use by reproduction in copies or phonorecords or by any other means specified in above sections, for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright. In determining whether the use made of a work in any particular case is fair use the factors to be considered include : (1) the purpose and character of the use, including whether the use is of a commercial nature or is for nonprofit educational purposes; (2) the nature of the copyrighted work; (3) the amount and substantiality of the portion used in relation to the copyrighted work as a whole, and; (4) the effect of the use upon the potential market value of the copyrighted work.
Home | About Narrative? |Contact
Copyright © 2025. All Rights Reserved
HAG122125 (1998 -2026)