Free Antivirus Software Security Problems

ComputerWorld.com brings notice today of problems with Trend Micro's free online antivirus scanner. Turns out there's a nasty little bug in the service that crackers can use to take over Microsoft Windows PCs via Internet Explorer.

The service, called HouseCall, is made available via ActiveX and exploits a particular vulnerability in the ActiveX control HouseCall uses.

'"The vulnerability is caused due to a use-after-free error in the HouseCall ActiveX control (Housecall_ActiveX.dll)," said Secunia's warning.

"This can be exploited to dereference previously freed memory by tricking the user into opening a Web page containing a specially crafted 'notifyOnLoadNative()' callback function."'

Trend Micro, in typically speedy fashion, has fixed the flaw, but we were very disappointed to read this in Trend Micro HouseCall ActiveX Control advisory,

'"This hot fix was developed as a workaround or solution to a customer-reported problem. As such, this hot fix has received limited testing and has not been certified as an official product update," Trend Micro said in its own advisory, published last Thursday.

"Consequently, this hot fix is provided 'as is'. Trend Micro makes no warranty or promise about the operation or performance of this hot fix nor does it warrant that this hot fix is error free."'

For a company like Trend Micro, who makes Trend Micro AntiVirus, who knows full well the issues with computer security, we were disappointed in them. They can do better.

We know they can. They know they can.