Symantec may compensate users hit by buggy update

Symantec Corp. may compensate Chinese computer users whose systems were crippled by an antivirus update last week, a senior director of the company's security response team said.

"We are now focusing on helping our clients restart their computers and will consider other issues once that work is finished," Symantec's Vincent Weafer said when asked whether the company would compensate users.

Last Friday, about 1 a.m. Beijing time, Symantec delivered a flawed virus-signature update to customers. The update mistook two critical system files of the Simplified Chinese edition of Windows XP Service Pack 2 as a Trojan horse. The two files -- netapi32.dll and lsasrv.dll -- were falsely quarantined, which in turn crippled Windows. If an affected PC was rebooted, Windows failed on start-up and showed only a blue screen.

Symantec reworked the update and re-released it the same day at 2:30 p.m. Beijing time, but the fix was too late for any PC that had been rebooted in the intervening 13-plus hours. Those systems needed new copies of the two .dll files restored to the hard drive's "windowssystem32" directory to restart.

As of Wednesday, some users were still struggling to return their PCs to working order, state-run China Central Television (CCTV) reported yesterday. "Many computers here still won't work after restoration," CCTV quoted a network technician identified as Mr. Qiao. "And Norton software can't be completely removed. I can't imagine a big company like Symantec not offering enough support on this."

CCTV also noted that Chinese computer experts had criticized Symantec for posting a solution that was too hard for average users to implement. Symantec initially published instructions to its Chinese-language Web site that required users to manually restore netapi32.dll and lsasrv.dll to the PC. The FAQ has been updated since then, however, and now sports a download link to a repair tool that automatically restores the two .dll files.

On Monday, the Cupertino, Calif.-based security company blamed its automated threat analysis system for the buggy signature update. "This inadvertently resulted in a change to a single definition used by the automated system and subsequently led to two files being falsely detected as malware," corporate spokeswoman Linda Smith Munyan said Monday.

While Symantec has not confirmed the number of Chinese systems affected, reports have ranged from thousands to millions. According to China Daily, the Communist Party-controlled English-language newspaper, some corporate customers have demanded compensation ranging from about US$13,067 to $130,671.

More than two years ago, security rival Trend Micro Inc. faced a similar situation after it distributed a flawed virus-definition file that slowed thousands of PCs to a crawl. Three months later, the antivirus vendor said that dealing with customer queries and complaints had set it back $8.2 million in direct costs and forced it to revise its quarterly forecast to account for anticipated lower sales and decreased revenue.

On Wednesday, Symantec announced that it would open a security response center in China before the end of the year. Although it stopped short of tying the news with the flawed update incident, it stressed its commitment to the China market several times in a statement.

"Symantec recognizes that China is a rapidly growing market with local security needs," said Bernard Kwok, Symantec's vice president of its China region. "Symantec values its customers in China and is dedicated to providing comprehensive, global, 24/7 security expertise to guard against today's complex Internet." The company already has response centers in the U.S., Ireland and Japan.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Show Comments