Symantec may compensate Chinese users hit by buggy update
It promises to open security response center in China by end of year
"We are now focusing on helping our clients restart their computers and will consider other issues once that work is finished," Symantec's Vincent Weafer said when asked whether the company would compensate users.
Last Friday, about 1 a.m. Beijing time, Symantec delivered a flawed virus-signature update to customers. The update mistook two critical system files of the Simplified Chinese edition of Windows XP Service Pack 2 as a Trojan horse. The two files -- netapi32.dll and lsasrv.dll -- were falsely quarantined, which in turn crippled Windows. If an affected PC was rebooted, Windows failed on start-up and showed only a blue screen.
Symantec reworked the update and re-released it the same day at 2:30 p.m. Beijing time, but the fix was too late for any PC that had been rebooted in the intervening 13-plus hours. Those systems needed new copies of the two .dll files restored to the hard drive's "windowssystem32" directory to restart.
As of Wednesday, some users were still struggling to return their PCs to working order, state-run China Central Television (CCTV) reported yesterday. "Many computers here still won't work after restoration," CCTV quoted a network technician identified as Mr. Qiao. "And Norton software can't be completely removed. I can't imagine a big company like Symantec not offering enough support on this."
CCTV also noted that Chinese computer experts had criticized Symantec for posting a solution that was too hard for average users to implement. Symantec initially published instructions to its Chinese-language Web site that required users to manually restore netapi32.dll and lsasrv.dll to the PC. The FAQ has been updated since then, however, and now sports a download link to a repair tool that automatically restores the two .dll files.
On Monday, the Cupertino, Calif.-based security company blamed its automated threat analysis system for the buggy signature update. "This inadvertently resulted in a change to a single definition used by the automated system and subsequently led to two files being falsely detected as malware," corporate spokeswoman Linda Smith Munyan said Monday.
While Symantec has not confirmed the number of Chinese systems affected, reports have ranged from thousands to millions. According to China Daily, the Communist Party-controlled English-language newspaper, some corporate customers have demanded compensation ranging from about $13,067 to $130,671.
More than two years ago, security rival Trend Micro Inc. faced a similar situation after it distributed a flawed virus-definition file that slowed thousands of PCs to a crawl. Three months later, the antivirus vendor said that dealing with customer queries and complaints had set it back $8.2 million in direct costs and forced it to revise its quarterly forecast to account for anticipated lower sales and decreased revenue.
On Wednesday, Symantec announced that it would open a security response center in China before the end of the year. Although it stopped short of tying the news with the flawed update incident, it stressed its commitment to the China market several times in a statement.
"Symantec recognizes that China is a rapidly growing market with local security needs," said Bernard Kwok, Symantec's vice president of its China region. "Symantec values its customers in China and is dedicated to providing comprehensive, global, 24/7 security expertise to guard against today's complex Internet." The company already has response centers in the U.S., Ireland and Japan.
Read more about Security in Computerworld's Security Topic Center.
- 5 Strategies for Modern Data Protection Read the five strategies for modern data protection that will not only help solve your current data management challenges but also ensure that...
- Single-Vendor Security Ecosystems Offer Concrete Benefits Over Point Solutions IT security decision-makers from companies with 100 to 5,000 employees evaluates the current endpoint security solution market based on Forrester's own market data,...
- Case Study: Intuit Turns to Self-Service IT Intuit empowered its users to resolve their own IT issues with a consumer-like experience to free IT to focus on more strategic initiatives....
- Automation for a Better Tomorrow Check out the five most common annoyances facing enterprise IT service desks today, and how automation can resolve all of them. Download the...
- Business-driven data protection Setting up data protection infrastructures with your organizations' core mission or business in mind is key. In this webinar, the ARCserve team will...
- On-Demand Webinar: Mind the Gap! Watch the webinar featuring Bob Janssen, CTO and Co-Founder of RES Software, to start building a solid foundation for business and IT to... All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!