Trend Micro sucks

Security is a delicate topic. A security company has to carry out assessments very carefully. The checks have to be accurate. False negatives, of course, render the service useless. False positives are a danger for the one who is falsely incriminated. So, there goes a big responsibility along with those security warnings.

In the online world, there are several companies, which judge the security of websites. Trend Micro for instance. And as far as I can tell, they do a miserable job. On November 18th, I was told by a friend on Twitter, that they have issued a warning about my website. There had been a already solved problem with one download file on my page.

An app is suspicious because it features Chinese texts?

In September, Swiss domain registration agency Switch had triggered an alarm because of the Chinese version of the game. In Switzerland, a new law makes it possible to remove infected sites for five days from the domain name servers, if the problem is not removed within a week.

The Chinese version of Classic Clickomania available on this site had always been clean. A Chinese user of the game compiled the version for me and it used a particular compression method. And those obviously rather particular traits caused the alarm. The file was not altered since I uploaded it eight years ago. Since then it was widely in use and never caused any harm. I ran the file on my system not detecting any problem at all. I removed it from the server anyway, because I could not make it look any safer and I did not want it to damage the reputation of my site.

Safe again

After the file was gone, all the services considered my website as safe again. So, I guessed that TrendMicro would cancel the warning after a recheck. It took them more than a month to carry out the recheck, and they told me, that the “the result is still a disease vector”. There is no further explanation, and the email offers only a useless link to a general contact page.

Bad enough that I have to learn from Twitter that they’re telling people through their software not to visit my site. Even worse that they do not offer me any information about the problem and that it takes them more than a month to reevaluate a site. This does not increase security, but it poses a threat to website operators like me.

It is important for us webmasters to keep our sites clean. Obviously. But it is the duty of security companies like TrendMicro, not to carelessly issue weak warnings. Even more important.