The anti virus manufacturer Trend Micro is accused by several security researchers of having cheated on Microsoft’s quality tests for a kernel driver. The driver is part of the free anti malware software and the company is said to have adapted it so that it recognizes Microsoft’s test environment and then behaves differently than is the case on the systems of users. Roughly analogously on the behavior of some brand cars, which behaved differently in emissions tests than in normal operation and thus triggered the emissions scandal few years ago.
Trend Micro Denies Having Manipulated The Microsoft Quality Tests
The unusual behavior of the Trend Micro driver was discovered by the independent security researchers, who researched methods for the discovery of rootkits under Windows and therefore had a closer look at the program.Researchers began to disassemble parts of the program and reversed to engineer them.
Unsafe Kernel Driver Attracts Attention
Many weaknesses in the code of the kernel driver are also used in other Trend Micro products. The driver can be misused by a Windows rootkit to access key kernel functions relatively easily. Such vulnerabilities are used by malicious code that has already gained system rights to dig deeper into the system and to hide from the administrator and any software. This is an important feature of rootkit malware.
These vulnerabilities are not unintentional security holes, but were deliberately programmed to provide powerful kernel functions for user mode programs with the appropriate rights. However, these options can of course also be misused by attackers who have managed to position themselves. The perfect victim for hackers all over the world who want to dig deeper into systems. The driver was deliberately programmed to be insecure and therefore dangerous.