back to article Tech's Volkswagen moment? Trend Micro accused of cheating Microsoft driver QA by detecting test suite

Trend Micro is on the defensive after it was accused of engineering its software to cheat Microsoft's QA testing, branding the allegation "misleading." Bill Demirkapi, an 18-year-old computer security student at the Rochester Institute of Technology in the US, told The Register on Tuesday he was researching methods for …

  1. Kevin Johnston Silver badge

    Petty or Pedant?

    I know I shouldn't rise to this but...

    "Most of the driver feels like proof-of-concept garbage that is held together by duck tape"

    There is a brand name of Duck Tape but generically it is Duct Tape designed to be used when joining large hoses in ducting which need strength and flexibility at the joints.

    Grrrrrr

    1. Scotthva5

      Re: Petty or Pedant?

      Pedantic but correct.

      1. Anonymous Coward
        Anonymous Coward

        Re: Petty or Pedant?

        Sticky-back-plastic please

        1. Anonymous Coward
          Anonymous Coward

          Re: Petty or Pedant?

          Not Fablon?

      2. tekHedd

        Re: Petty or Pedant?

        Pedantic but incorrect. Duck take is called this because it is made with a cloth (duck) backing.

        ^^ /this/ is pedantic-but-correct. Just FYI.

        ^^ so was that postscript.

        ^^ and that one.

        1. Phil Kingston

          Re: Petty or Pedant?

          "Duck take is called this because it is made with a cloth (duck) backing."

          If only you'd typed tape correctly

    2. KittenHuffer Silver badge

      Re: Petty or Pedant?

      The stories I've seen is that it dates back to WW2 and was originally for providing a waterproof seal on ammo cases, and was named 'duck tape' by the squaddies that used it.

      Does anyone have conclusive proof that this is, or is not, so?

      1. Anonymous Coward
        Anonymous Coward

        Re: Petty or Pedant?

        Duct tape is an Americanism, a British squaddie would have known it as gaffer tape.

        1. Archivist

          Re: Petty or Pedant?

          I think you'll find Gaffer Tape was invented for the film industry. The only squaddies were actors.

          1. Fred Goldstein

            Re: Petty or Pedant?

            I used to have a role of duck tape and a roll of gaffer tape, and the gaffer tape was a whole lot better. Way too good for the average consumer.

            Manco,in the US, may claim a duck as a trademark, but the tape may have been made from "cotton duck" material, and it is lousy for ducts, so duck tape seems reasonable.

    3. diodesign (Written by Reg staff) Silver badge

      Petty or Pedant?

      No, you're just wrong.

      Duck tape is an alternative spelling of duct tape. Duck tape came before duct tape.

      C.

      1. Martin-73 Silver badge

        Re: Petty or Pedant?

        Interesting. I wonder if that had to do with one brand trademarking 'Duck tape" ?

        Oddly at least here in the UK, there's an alternative 'duct tape' used for exhaust ducting from extractor fans. It's basically thick wide electrical tape.

    4. IHateWearingATie
      Go

      Re: Petty or Pedant?

      Never apologise for pedantry on El Reg. It's what we thrive on.

      1. Jonathan Richards 1
        Headmaster

        Re: Petty or Pedant?

        Or rather, "it is that upon which we thrive". You are welcome.

        1. David 132 Silver badge

          Re: Petty or Pedant?

          You are technically correct. The best kind of correct.

    5. Anonymous Coward
      Anonymous Coward

      Re: Petty or Pedant?

      Proper "duct tape" is foil with adhesive. "duck tape" is a common term for the usual shiny cloth-backed tape used for bodges the world over, with "Duck Tape" being a particular brand name for it. "duck tape" is actually the older term (1899), named after the duck cloth used for it, and "duct tape" a later corruption of it (1965).

      Whatever you do, don't try sealing ducts with duc[k,t] tape!

      1. The Man Who Fell To Earth Silver badge
        FAIL

        Re: Petty or Pedant?

        "Whatever you do, don't try sealing ducts with duc[k,t] tape!"

        Yup. It will peel itself off over time. The warmer the duct gets, the faster. My brother in-law once tried to tape insulation over ductwork with duck tape (cloth, not the real thing) from Home Depot and within a month or so it had all fallen off. Then he talked to someone who actually knew what they were doing, used the aluminum foil tape made for ductwork, and (miracle!) it worked. And is still working years later.

        1. Hubert Cumberdale

          Re: Petty or Pedant?

          That foil tape is also perfect for foiling over firework mortars to prevent cross-ignition and ingress of damp after set-up. I know a firework display company that gets through miles of the stuff every year.

    6. HildyJ Silver badge
      Pint

      Re: Petty or Pedant? a definitive explanation

      Duck Tape is indeed a registered trademark for a variety of tapes. Also Ductape is a registered trademark of heat resistant tape designed for heating ducts.

      Duck tape was a term for strips of cotton duck cloth dating to around 1900 when it did not have any adhesive. A variation was developed for waterproofing ammunition boxes in WWII.

      After this, duct tape became common parlance (probably via 3M) allowing Duck Tape to be trademarked.

      Generally duct tape has a strong adhesive with a fabric matrix allowing it to be torn. Gaffer's tape does not qualify because it doesn't have a strong adhesive since it is designed to be removed without leaving traces. Tape designed for hot air ducts (or Fablon) doesn't qualify because it lacks the fabric matrix and must be cut.

      Finally and definitively, NASA boffins call it duct tape and it saved Apollo 13. As boffin Ed Smylie, who designed the CO2 scrubber mod, said "One thing a Southern boy will never say is, 'I don't think duct tape will fix it.'"

      1. Herby

        Fixing with Duct tape...

        As the saying goes, if you can't fix it with Duct Tape (or whatever it is called) you aren't using enough of it!

      2. AdamWill

        Re: Petty or Pedant? a definitive explanation

        "Finally and definitively, NASA boffins call it duct tape and it saved Apollo 13. As boffin Ed Smylie, who designed the CO2 scrubber mod, said "One thing a Southern boy will never say is, 'I don't think duct tape will fix it.'""

        Unless that quote was written down, you can't tell what spelling the boffin in question would have used, because spoken aloud "duct tape" and "duck tape" tend to sound exactly the same (you can't presume that anyone who thinks of it as "duct tape" will carefully pronounce that final t). So what you're getting is the spelling of the journalist who wrote down the quote, not the spelling of the person who said it.

    7. Snorlax Silver badge

      Re: Petty or Pedant?

      This place is full of pedants. Don’t apologise.

    8. Foxglove

      Re: Petty or Pedant?

      'You are technically correct -- the best kind of correct.'

      Credit - Bureaucrat Number 1.0.

  2. Julz Silver badge
    Black Helicopters

    I Guess

    That MysteriousCheck() is less obvious than NSACheck().

  3. Pascal Monett Silver badge

    "We believe this allegation is misleading"

    Of course you do. So please provide an official explanation for why that code was included.

    This is not a bug, nor a mistake, nor a case of rogue engineer. The code was written specifically to check on Borkzilla's driver certification. There is no reason why the guy should have alerted you beforehand so you could silence him with spurious excuses while you renamed MysteriousCheck to PerfectlyNormalCheck and pretended everything was ok.

    It is not ok, and I hope you'll get raked over the coals for it.

    1. overunder Silver badge

      Re: "We believe this allegation is misleading"

      Yep.

      Based on the reasoning to why WHQL exists, arbitrarily deciding what goes where because of WHQL isn't passing anyones test case... besides Trend Micro's. If it was passing, then it's kind of like owing $100 to a clerk, but because the clerk is blind you hand over a $1 (not exactly, but a similar privileged decision).

      1. Psmo Silver badge

        Re: "We believe this allegation is misleading"

        However, this is a known bug in the USian bill production system.

        Making all the bills the same size leads to a huge pile of stupid that could be solved in a straightforward way.

    2. teknopaul Silver badge

      Re: "We believe this allegation is misleading"

      Microsoft said it is aware of the issue, and is "working closely with Trend Micro to investigate these claims."

      And Microsoft is notably not working with the bloke that found the issue.

      Because, Trend pay the tax Microsoft impose on driver writers, they are both interested in finding a way for Trend to save face and keep up the payments.

      1. Anonymous Coward
        Anonymous Coward

        Re: "We believe this allegation is misleading"

        a) They didn't say they weren't. This is just you extrapolating.

        b) With the information already released publicly, it is more than likely they know where to look already.

        If / when this is confirmed, two things may happen:

        1) The lad is thanked, maybe given a token of recognition; or

        2) the manager responsible is pissed off because he thinks this makes him look like a gullible, ineffective idiot and tries to swipe everything under the carpet.

  4. Anonymous Coward
    Anonymous Coward

    Responsible disclosure is a privilege reserved for the mistake not the misdeed

    Otherwise the author is incentivised to continue the cover-up.

    Change my view.

    1. TeeCee Gold badge
      Happy

      Re: Responsible disclosure is a privilege reserved for the mistake not the misdeed

      Besides, anyone would be obliged to publicly disclose that lot. It's just way too bloody funny to keep to yourself.

  5. Doctor Syntax Silver badge

    ""The researcher did not inform us whereas standard and effective reporting for the industry would have required that he contact us first."

    I thought that was for bugs. This appears to be a feature.

    1. Frank Bitterlich

      Exactly. When you're caught cheating, "responsible disclosure" doesn't apply.

  6. chuBb. Bronze badge

    Poachers becoming game keepers

    That's the av industry for you, of course it will do more than intended and if your core skill is detecting code that hides or behaves differently depending on environment then I would be surprised if the good code didn't copy tricks and strategy from bad code.

    I expect trend will claim it was debug code used to mock up whql status for dev reasons and an honest mistake, honest guv

  7. Peter X

    Meanwhile, in Redmond

    I can't help imagining that somewhere in Redmond, there's someone strolling along, all innocent, hands clasped behind their back, whistling. And thinking, "Well, I'll just stay out of this one..."

  8. WolfFan Silver badge

    They have a credibility problem.

    As soon as I saw that they were blathering about the ‘researcher’ not notifying them before going public, well I was totally convinced, by their own words, that they were guilty, guilty, guilty of everything the ‘researcher’ said. I don’t have any Trend Micro products on any machines at home or at work, but if I did, I’d be removing them and replacing them with other products, and I’d be screaming at their customer service line for a refund and saying why. And I’d probably be transferred over to their legal people and the words “lawyer”, “law suit”, “fraud by misrepresentation”, and “Federal Court” would be mentioned. But that’s me. I’ve been told that I have a bad attitude.

    1. Imhotep

      Re: They have a credibility problem.

      You have a bad attitude.

      Funny how attitudes are classed as "bad" by the people caught in bad behavior.

    2. JCitizen Bronze badge
      FAIL

      Re: They have a credibility problem.

      Well - they do now - with me at least. Up until about 2005, Trend Micro was THE antivirus to use, and every office I worked in had adopted to it, so I also bought it for my machines. However it went down hill fast, and I've not seen any evidence it deserves retesting yet. However, I must also admit that probably NO antivirus is very good at detecting the new malware out there, and you are probably better off simply clamping down on vulnerabilities on the OS and all applications on the machine.

      I can see Trend's frustration with this, and can even understand why they may have thought using underhanded methods was fighting fire with fire - but it just doesn't work out to be a success for the future. I haven't and won't be recommending Trend Micro for a great while now - they'd have to build up trust all over again for me.

  9. tekHedd

    "Working closely..."

    Love how all the big players work with each other. A bit like, I dunno, picking a random example completely at random, a bit like a church saying "We are working closely with the accused priest to investigate your accusations of rape, and will take appropriate action. Thank you for bringing this to our attention." And also "it was inappropriate for you to go public with this."

    1. Snorlax Silver badge

      Re: "Working closely..."

      What the hell is wrong with you? This situation is nothing like a person being raped.

      If that’s your idea of a random example to compare, you need to see a psychiatrist.

  10. FlippingGerman

    Public

    Well of course he posted it publicly, what's he supposed to do, "hey guys, looks like your doing dodgy stuff" "oh yeah sorry we'll just fix that". Nah. Going public is the only choice he has.

    Also, 18 years old and already doing this kind of stuff and presenting DEFCON and BlackHat? He's someone to watch (and I mean that in a complimentary, non-FBI-y way).

  11. man_iii

    Micro Shaft Drivers

    Recently had to install Logitech mouse drivers for an ancient MX1000 which to this day is still running. On a Linux system the Bluetooth mouse would 'Just Work' Alas the hardware failures during the 'Rona Times means no replaceable parts for the time present. Cue the MicroBloat WindLows 10 whereupon this famous mighty mouse falls on its own driver sword. Logi SetPoint 16.69 drivers fail to reconnect after suspend or sleep forcing the WUser to manually do the device removal and rediscover and pair the bloody thing only to disco repeat the same thing whenever Wind10 decides to sleep....

    Uninstall and reboot and do it with the 'generic' HiD mouse driver and no issues ... just the Logitech special sauce like remap the various. 10 mouse buttons is un possible now.

    :smh:

    1. Psmo Silver badge

      Re: Micro Shaft Drivers

      Sounds like Logitech doing dumb things with their drivers and nothing to do with Micromite.

      Hate 'em as much as you like, but their tightening of the rules for drivers and generic drivers has stabilised Windows systems enormously over the last couple of decades.

      1. man_iii

        Re: Micro Shaft Drivers

        It doesn't excuse Microsoft for having a driver certified with problems where you certify the driver that can't handle the HAL ? Logitech as a company has its own problems ... I won't go into it ...

        If you introduce bogus drivers in Linux you will get shouted at by someone ... for example the whole Nvidia and Linus spat.

        No excuses from a Multi-Billion dollar company vs Free as in Beer opensource software.

        As we speak I have moved off the WindBlows MicroShoft 10 latest to Fedora32 Everything latest :-D

    2. This post has been deleted by its author

  12. BlackPhi

    Am I Misunderstanding?

    The sentence which struck me in the article was "The problem is that Trend Micro's driver is insecure by design, making it a perfect candidate for abuse by malicious actors around the world." Am I misunderstand what this is saying, or is there a seemingly deliberate backdoor in their products? If so, for whose benefit?

    1. Frank Bitterlich

      Re: Am I Misunderstanding?

      Not exactly a backdoor. More like a fake lock on your front door, because you can never remember to take your keys, and temporarily replacing it with a real lock when the insurance guy visits.

      Looks like their software has problems doing its job when the dirver is working in a secure fashion, and they have to resolve to insecure memory allocation to work around the issues.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020