Trend Micro is on the defensive after it was accused of engineering its software to cheat Microsoft's QA testing, branding the allegation "misleading." Bill Demirkapi, an 18-year-old computer security student at the Rochester Institute of Technology in the US, told The Register on Tuesday he was researching methods for detecting rootkits when he came across Trend's Rootkit Buster for Windows PCs.
While reverse-engineering Trend's rootkit-hunting tool and its kernel-mode driver, which appears to be common among Trend products, Demirkapi found some shortcomings in the code, and publicly documented them. You need administrator access to exploit the holes he found, though that's beside the point: they are an easy way into the kernel for, ironically enough, rootkits and other malware that have gained admin access. "Most of the security concerns I have with Trend Micro's driver were shocking because most of them were not mistakes," said Demirkapi, who has presented at hacking super-conference DEF CON and is due to discuss Windows rootkits at Black Hat USA 2020.