Security News > 2020 > May > Tech's Volkswagen moment? Trend Micro accused of cheating Microsoft driver QA by detecting test suite

"Trend Micro simply designed the driver to provide a significant amount of functionality to privileged callers in user-mode, allowing attackers to misuse the driver in several ways. The problem is that Trend Micro's driver is insecure by design, making it a perfect candidate for abuse by malicious actors around the world."

Demirkapi believes Trend's kernel driver is cheating on Microsoft's WHQL driver verification test: if the driver detects it is installed on a computer running the test, it alters its behavior to pass the examination, whereas outside the test, it would fail to meet Microsoft's quality standards.

"On Windows 10, the driver verifier enforces that drivers do not allocate executable memory. Instead of complying with this requirement designed to secure Windows users, Trend Micro decided to ignore their user's security and designed their driver to cheat any testing or debugging environment which would catch such violations."

"We are working closely in partnership with the Microsoft security driver team, and at no time was the Trend Micro team avoiding certification requirements."

Trend has pulled its Rootkit Buster downloads from its website, and its driver has been blocked on Windows 10 20H1. Trend Micro denies any wrongdoing.

News URL

https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/05/20/trend_accused_microsoft_cheating/