Symantec may compensate Chinese users hit by update bug

Symantec may compensate Chinese computer users whose systems were crippled by an antivirus update last week, a senior director of the company's security response team said.

Share

Symantec may compensate Chinese computer users whose systems were crippled by an antivirus update last week, a senior director of the company's security response team said.

"We are now focusing on helping our clients restart their computers and will consider other issues once that work is finished," Symantec's Vincent Weafer said when asked whether the company would compensate users.

Symantec had delivered a flawed virus-signature update to customers. The update mistook two critical system files of the Simplified Chinese edition of Windows XP Service Pack 2 as a Trojan horse. The two files -- netapi32.dll and lsasrv.dll -- were falsely quarantined, which in turn crippled Windows. If an affected PC was rebooted, Windows failed on start-up and showed only a blue screen.

Symantec reworked the update and re-released it the same day, but the fix was too late for any PC that had been rebooted in the intervening 13-plus hours. Those systems needed new copies of the two .dll files restored to the hard drive's "windowssystem32" directory to restart.

Five days after the initial incident, some users were still struggling to return their PCs to working order, state-run China Central Television (CCTV) reported. "Many computers here still won't work after restoration," CCTV quoted a network technician identified as Mr. Qiao. "And Norton software can't be completely removed. I can't imagine a big company like Symantec not offering enough support on this."

CCTV also noted that Chinese computer experts had criticized Symantec for posting a solution that was too hard for average users to implement. Symantec initially published instructions to its Chinese-language Web site that required users to manually restore netapi32.dll and lsasrv.dll to the PC. The FAQ has been updated since then, however, and now sports a download link to a repair tool that automatically restores the two .dll files.

The security company blamed its automated threat analysis system for the buggy signature update.

While Symantec has not confirmed the number of Chinese systems affected, reports have ranged from thousands to millions. According to China Daily, the Communist Party-controlled English-language newspaper, some corporate customers have demanded compensation ranging from about £6,500 to £65,000.

More than two years ago, security rival Trend Micro faced a similar situation after it distributed a flawed virus-definition file that slowed thousands of PCs to a crawl. Three months later, the antivirus vendor said that dealing with customer queries and complaints had set it back £4.1m in direct costs and forced it to revise its quarterly forecast to account for anticipated lower sales and decreased revenue.

Find your next job with computerworld UK jobs