Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

Trend Antispyware – update on false positives and other issues

July 16th 2005 in Uncategorized

I had a very productive (and very early morning) teleconference with the Senior Spyware researcher at Trend today, as well as with an Internal Expert at the same company, regarding the various false positives previously reported in this Blog and usability issues affecting various versions of Trend Antispyware (web, consumer and small/medium business).

Now, I’ll admit, after barely three hours of sleep I was not my normal sharp self, but we still managed to get a lot of work done.

Now for the good news:

Adgoblin false positive – fixed in an upcoming definition update (the lead developer at Camtasia will be very pleased to hear about this)…

Bonzi false positive – fixed in an upcoming definition update

bjkh_coolwebsearch false positive – fixed in an upcoming definition

Problems with mvps.org HOSTS file (malware site entries being detected,but routing to local host not being detected) – flagged for attention of AV team.

Not being able to selectively delete ‘threats’ in the SMB version – roadmapped – hopefully will be fixed in the future.

Let me be very clear about this… Trend have been extremely responsive, and have gone to a lot of trouble to liaise with me and address *all* problems that I have raised with them.   A lot of companies *listen*, but not many companies *act* so promptly on complaints or problems brought to their attention.

There is still a lot of work to be done regarding usability and network issues (SMB version) but I am very confident that Trend are listening, and more importantly, acting quickly on feedback from their customers.

2 comments to...
“Trend Antispyware – update on false positives and other issues”


As of today, still getting fals positive



Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1

Guess they are not so responsive.


Hi Joe,

Unfortunately the fixes were only applied to the Corporate version of the Trend Antispyware product (SMB), and at the time of writing had not been applied to the Consumer or Online versions, which are looked after by a different team to that I have contact with.

FWIW, I pinged my contact on Friday and he responded very quickly asking for further info so that he could pass on the issue to the correct consumer teams. Fingers crossed things get fixed as quickly in the Consumer space as they were in the corporate space.


Version 1.0.5 has been released which includes two critical and four highly sensitive security patches (plus six other patches).  Let’s hope THIS version doesn’t break something (remembering the XML debacle).
Details of the critical vulnerabilities are “embargoed“ until 20 July.
WARNING: Before installing 1.0.5 make sure that the target installation directory is EMPTY (ie uninstall old versions […]

Previous Entry

Now we’re up to version 1.0.6 which is apparently a ‘stability update’ (oops, what did they break)… ah, here we go, they need to “Restore API compatibility for extensions and web applications that did not work in Firefox 1.0.5.”
Go and get it :o)

Next Entry