Symantec may compensate Chinese users hit by buggy update
It promises to open security response center in China by end of year
"We are now focusing on helping our clients restart their computers and will consider other issues once that work is finished," Symantec's Vincent Weafer said when asked whether the company would compensate users.
Last Friday, about 1 a.m. Beijing time, Symantec delivered a flawed virus-signature update to customers. The update mistook two critical system files of the Simplified Chinese edition of Windows XP Service Pack 2 as a Trojan horse. The two files -- netapi32.dll and lsasrv.dll -- were falsely quarantined, which in turn crippled Windows. If an affected PC was rebooted, Windows failed on start-up and showed only a blue screen.
Symantec reworked the update and re-released it the same day at 2:30 p.m. Beijing time, but the fix was too late for any PC that had been rebooted in the intervening 13-plus hours. Those systems needed new copies of the two .dll files restored to the hard drive's "windowssystem32" directory to restart.
As of Wednesday, some users were still struggling to return their PCs to working order, state-run China Central Television (CCTV) reported yesterday. "Many computers here still won't work after restoration," CCTV quoted a network technician identified as Mr. Qiao. "And Norton software can't be completely removed. I can't imagine a big company like Symantec not offering enough support on this."
CCTV also noted that Chinese computer experts had criticized Symantec for posting a solution that was too hard for average users to implement. Symantec initially published instructions to its Chinese-language Web site that required users to manually restore netapi32.dll and lsasrv.dll to the PC. The FAQ has been updated since then, however, and now sports a download link to a repair tool that automatically restores the two .dll files.
On Monday, the Cupertino, Calif.-based security company blamed its automated threat analysis system for the buggy signature update. "This inadvertently resulted in a change to a single definition used by the automated system and subsequently led to two files being falsely detected as malware," corporate spokeswoman Linda Smith Munyan said Monday.
While Symantec has not confirmed the number of Chinese systems affected, reports have ranged from thousands to millions. According to China Daily, the Communist Party-controlled English-language newspaper, some corporate customers have demanded compensation ranging from about $13,067 to $130,671.
More than two years ago, security rival Trend Micro Inc. faced a similar situation after it distributed a flawed virus-definition file that slowed thousands of PCs to a crawl. Three months later, the antivirus vendor said that dealing with customer queries and complaints had set it back $8.2 million in direct costs and forced it to revise its quarterly forecast to account for anticipated lower sales and decreased revenue.
On Wednesday, Symantec announced that it would open a security response center in China before the end of the year. Although it stopped short of tying the news with the flawed update incident, it stressed its commitment to the China market several times in a statement.
"Symantec recognizes that China is a rapidly growing market with local security needs," said Bernard Kwok, Symantec's vice president of its China region. "Symantec values its customers in China and is dedicated to providing comprehensive, global, 24/7 security expertise to guard against today's complex Internet." The company already has response centers in the U.S., Ireland and Japan.
Read more about Security in Computerworld's Security Topic Center.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts