CNET también está disponible en español.

Ir a español

Don't show this again


Trend Micro's Transaction Guard sloppiness

Trend Micro makes some mistakes regarding its free Transaction Guard utility.

In my last posting about DropMyRights, I used the Trend Micro Transaction Guard utility as an example of a Java applet installing software while running inside a restricted instance of Firefox.

Transaction Guard was only used to illustrate a point, the reference was not an endorsement of the product, which I have hardly any experience with. Since writing the last posting, I have tried to use Transaction Guard many times from three different Windows XP machines over the space of two days. Not once have I been able to install it. It consistently fails with the "network connection not available" error shown below.

But that's only the beginning.

Just days after describing how a restricted mode Web browser can run Java applets, I run into the warning below, issued when Transaction Guard starts to download and run a Java applet from within Firefox.

This is not true. The installation of a Java applet does not require administrator privileges. How can Java programmers not know the conditions needed to run the applet they programmed? And if you're not sure, it's pretty easy to verify (or in this case disprove). How can Trend Micro make a mistake like this?

Another mistake in the sentence is that the word "applet" is not capitalized. For reference see What is Java? by Sun Microsystems and Wikipedia. Also, "Java" and "applet" are two words, not one, but we all make typos (no spell check?).

Other instructions in the Transaction Guard Install Help window are also wrong. (See a full-size screenshot.) When it comes to authorizing their applet to run, it says "Click 'yes' or 'always' to allow this JavaApplet run on this computer." But the two buttons in the Security Warning window displayed by Java 1.5.0_12 when run by Firefox version are labeled Run and Cancel.

In fact, the whole Security Warning window looks nothing at all like the sample. I made a side-by-side screenshot showing the sample on the left and the actual window on the right. It's not even close.

Trend Micro is a fairly large company, with either "over 2,000 employees" or "over 3,000 employees," depending on which of their Web pages you read. Yet, they are writing Java applets and, literally, they can't spell it.

ActiveX in Internet Explorer

When Transaction Guard is run from Internet Explorer, it uses ActiveX instead of Java. The instructions say "Installation of ActiveX requires administrator privileges." True enough.

What it doesn't say however, is that without administrator privileges, the installation of the ActiveX control will hang. No errors are issued; it just stops.

I'm not an ActiveX programmer, but it doesn't have to be this way. That is, the inability to install an ActiveX program (normally called a "control") can be detected and the user told about the problem in an informative way. For example, PC Pitstop has an ActiveX test page that immediately detects that a restricted instance of Internet Explorer does not support ActiveX.

Finally, despite the fact that the utility is called Transaction Guard, the name of both the ActiveX control and the Java applet is TmHcmsX, not the most user-friendly name.

All in all, a quality improvement opportunity.

Update: August 21, 2007. I tried to install Transaction Guard again today and it failed with the same "Network connection not available" error. Even worse, it hung Firefox such that Windows XP said it was not responding and it had to be killed with Task Manager.