Re: Trend Micro Customers: Patch Now

[security curmudgeon <jericho () attrition org>]

On Thu, 23 Aug 2007, Paul Ferguson wrote:

: I wouldn't normally post something like this, but I believe in full 
: disclosure and getting the word out to affected consumers.
: 
: http://fergdawg.blogspot.com/2007/08/trend-micro-customers-patch-now.html

I have Trend Micro PC-cillin Internet Security 2007 on my work laptop 
(corporate mandate). When I told it to get updates, the message only said 
this:

   "New security updates to strengthen your computer's protection are now 
    available..."

That doesn't quite seem like full disclosure to me. Most customers who 
read that will not understand that it is updating to "strengthen the 
computer's protection" against attacks made against the software 
protecting them. Meaning, if they didn't have the security software 
installed they wouldn't need that additional protection. =)

I appreciate your comment on the blog entry above:

    ObDisclosure: I work for Trend Micro, if you haven't figured that out 
    by now. And we believe in appropriate responsibility and full 
    disclosure.

You sure seem to believe in full disclosure, but I wouldn't go so far as 
to say 'we' which implies all of Trend Micro. The threat level on the TM 
page is still 'normal', the news links mention nothing about this, 
PC-Cillin product update page has nothing since Apr 24, etc.

jericho
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.