Symantec may compensate Chinese users hit by buggy update
It promises to open security response center in China by end of year
"We are now focusing on helping our clients restart their computers and will consider other issues once that work is finished," Symantec's Vincent Weafer said when asked whether the company would compensate users.
Last Friday, about 1 a.m. Beijing time, Symantec delivered a flawed virus-signature update to customers. The update mistook two critical system files of the Simplified Chinese edition of Windows XP Service Pack 2 as a Trojan horse. The two files -- netapi32.dll and lsasrv.dll -- were falsely quarantined, which in turn crippled Windows. If an affected PC was rebooted, Windows failed on start-up and showed only a blue screen.
Symantec reworked the update and re-released it the same day at 2:30 p.m. Beijing time, but the fix was too late for any PC that had been rebooted in the intervening 13-plus hours. Those systems needed new copies of the two .dll files restored to the hard drive's "windowssystem32" directory to restart.
As of Wednesday, some users were still struggling to return their PCs to working order, state-run China Central Television (CCTV) reported yesterday. "Many computers here still won't work after restoration," CCTV quoted a network technician identified as Mr. Qiao. "And Norton software can't be completely removed. I can't imagine a big company like Symantec not offering enough support on this."
CCTV also noted that Chinese computer experts had criticized Symantec for posting a solution that was too hard for average users to implement. Symantec initially published instructions to its Chinese-language Web site that required users to manually restore netapi32.dll and lsasrv.dll to the PC. The FAQ has been updated since then, however, and now sports a download link to a repair tool that automatically restores the two .dll files.
On Monday, the Cupertino, Calif.-based security company blamed its automated threat analysis system for the buggy signature update. "This inadvertently resulted in a change to a single definition used by the automated system and subsequently led to two files being falsely detected as malware," corporate spokeswoman Linda Smith Munyan said Monday.
While Symantec has not confirmed the number of Chinese systems affected, reports have ranged from thousands to millions. According to China Daily, the Communist Party-controlled English-language newspaper, some corporate customers have demanded compensation ranging from about $13,067 to $130,671.
More than two years ago, security rival Trend Micro Inc. faced a similar situation after it distributed a flawed virus-definition file that slowed thousands of PCs to a crawl. Three months later, the antivirus vendor said that dealing with customer queries and complaints had set it back $8.2 million in direct costs and forced it to revise its quarterly forecast to account for anticipated lower sales and decreased revenue.
On Wednesday, Symantec announced that it would open a security response center in China before the end of the year. Although it stopped short of tying the news with the flawed update incident, it stressed its commitment to the China market several times in a statement.
"Symantec recognizes that China is a rapidly growing market with local security needs," said Bernard Kwok, Symantec's vice president of its China region. "Symantec values its customers in China and is dedicated to providing comprehensive, global, 24/7 security expertise to guard against today's complex Internet." The company already has response centers in the U.S., Ireland and Japan.
Read more about Security in Computerworld's Security Topic Center.
- Securing Mobility, From Device to Network At one time, the process of managing and securing mobile devices and applications was fairly straightforward. Most organizations worried about one application (email)...
- Data Protection eGuide In this eGuide, CSO and sister publications IDG News Service, Computerworld, and CIO pull together news, trend, and how-to articles about the increasingly...
- Warning: Cloud Data at Risk Experts agree that relying on SaaS vendors to backup and restore your data is dangerous. Yet that's exactly what huge portions of the...
- The Opportunities and Challenges of the Cloud In this report F5 poses questions to IDC analysts, Sally Hudson and Phil Hochmuth, on behalf of F5's customers to better understand the...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!