Level Extreme platform
Subscription
Corporate profile
Products & Services
Support
Legal
Français
Trend Micro
Message
From
05/04/2012 16:11:28
Jos Pols
C., South Africa
 
 
To
05/04/2012 16:00:43
Al Doman (Online)
M3 Enterprises Inc.
North Vancouver, British Columbia, Canada
General information
Forum:
Windows
Category:
Virus scan
Title:
Re: Trend Micro
Miscellaneous
Thread ID:
01540236
Message ID:
01540461
Views:
30
>>>>>>Any Trend Micro anti-malware users here ... ?
>>>>>
>>>>>Some of my clients use it.
>>>>
>>>>How do you feel about the way it gets Trend Micro Japan to re-download whatever files your clients download from the sites they visit when the phishing filter feature is turned on (which it is by default)?
>>
>>
>>>I haven't seen anything like that, but if it's behaving as you say, it sounds like a bug. Your best bet wis ould be to contact their tech support and/or support forums.
>>
>>This is no bug. This is how their phishing filter works by design. I have verified at several clients and tested with unique file names. This thing monitors files you download, sends the url to Japan ip address range owned by trend micro which within minutes redownloads the file. It is part of the phishing filter. There are google search results for more info...
>
>I took a quick look at the URLs in your other post. It looks like Trend has chosen to architect that portion of their suite to run user Web requests through their "reputation" servers.
>
>I've already said this a number of times on this forum: antivirus is evil. Considering how it hooks into your system, what it snoops, and what it does, it's functionally no different from malware. If you run GMER on your Trend-equipped system, you'll see it reports one of the Trend components as an installed rootkit.
>
>So, don't be surprised to see AV products doing all kinds of unexpected and unwholesome stuff. If you don't like it, turn off the feature, or use a different product - or none at all.

Hi Al.

We dont use Trend Micro. We discovered this because Trend was re-playing URLs which were created uniquely and specifically for some of our clients. They downloaded files from our server which they had no right or permission to. Clients have no idea about this feature. I have been in contact with the IT company that supplied the clients this product and they didnt even know about it.

I agree that AV products are bad - there is a serious conflict of interest going on plus the fact that they will always be behind the malware curve anyway. Better to have educated users rather than rely on questionable tools especially ones which download files behind your back. But it is big business.

By the way, this is so bad that we even found Trend running client unique URLs in emails we sent to certain clients in tests. i.e. they scan the email for URLS, send the URLS to Japan, and run the URL to see what happens ...

Do you think GMER is a good product? It is rated very highly.
In the End, we will remember not the words of our enemies, but the silence of our friends - Martin Luther King, Jr.
Previous
Next
Reply
Map
View

Click here to load this message in the networking platform