Trend Micro has confirmed the reason an anti-virus update crashed computers across the globe was because of the rush to combat a vulnerability for the Rbot worm, but has refused to pay compensation to those affected.
The update, named by Trend Micro as Official Pattern Release (OPR) 2.594.00 was released at 11.30pm GMT on 22 April and was removed from the Active Update list 90 minutes later at 1.02am, 23 April. It has adversely affected 652 businesses, according the Trend Micro, and the company has received 370,000 calls from business and home users over the problem.
"I am really, really sorry for releasing this product ... [which caused] a lot of trouble for our customers and stopped your businesses working for more than two days," said Eva Chen, chief executive officer at Trend Micro. But the company will not pay compensation to individuals or companies, said Mahendra Negi, the company's chief financial officer. "We have been focusing on supporting our customers, we are not looking at compensation," he stated.
Customers using OfficeScan, PC-cillin, Server Protect for NT, Client/Server Suite 2.0 for SMB and Client/Server/Messaging Suite for SMB were directly affected by a bug in the file update, which created a loop which used up nearly 100 percent of CPU processing power.
As a result affected computers using the auto update feature either stalled or crashed. An hour-and-a-half later a second patch (2.596.00) to combat this issue was released by Trend Micro.
The vast majority of the computers affected were in Japan, although Trend Micro has received several reports of users of their product experiencing problems in the US, Middle East and Australia.
According to Australian Trend Micro managing director Chris Poulos, the reason for the bug being included in an update was due to Trends Micro's own internal testing procedure. "The testing procedure is a game of speed and fulfilling procedures, and I think one test went to fast and not quite correctly," Poulos said.
"How it was tested is more the case than it was released untested - the procedure for that file (OPR 2.594.00) did not take the full extent of the testing procedure - it is about getting the pattern file out there to protect the customer.
"We have a management procedure to understand what happened because learning from mistakes is critical for any organisation."
Poulos added that the fact the issue occurred on a long weekend lessened the potential damage for Australian customers, adding: "If life was up to chances we have been dealt a good hand". This was the first time this has happened to Trend Micro, he stressed.
The compression tool used by Trend Micro, named UltraProtect, compresses and encrypts Windows applications. Trend have confirmed they added support for UltraProtect in the offending pattern file (2.594.00), and found the decompression of certain file scanning caused high CPU use under Windows XP SP2.