Symantec Anti-Virus software damages system files
This morning, Symantec’s worldwide customers found their computers failed to reboot, in the mean time the helpdesk was plunged into a hot pot. The rough root course is that Norton released wrong virus code definition by identifing a few system files(.exe and .dll) as virus and removing them. This will cause system reboot failure.
It’s a very severe incident from a global security perspective. One wrong operation might cause corruption of tens of millions of computer worldwide. In addition, security managers are put into a very embarrassed situation: whether or not you push users to install anti-virus software and keep virus code updated. It seems that both side will hurt you and the authority of security policy.
Till now, only Simplified Chinese version Windows XP SP2 system is reported to be impacted. Two system files under C:windowssystem32: netapi32.dll, and lsasrv.exe are identified wrongly as virus.
Users are prompted that these two files are infected by virus and need to be quarantined. If users follow the prompt, after reboot, the system corrupts…
At this moment, Symantec doesn’t release any news, notification, anslysis, solution, workaround on it officially.
[Tags]Security,Symantec,Anti-Virus[/Tags]
Awesome ideas
since looking your post I find it similar to of a similar website in
avg free download
Hi, I was looking around for a while searching for computer security act and I happened upon this site and your post regarding c Anti-Virus software damages system files | Telecom,Security & P2P, I will definitely this to my computer security act bookmarks!
Great post man (or woman!)… Love your writing! Can’t wait to see more. Is there a subscribe feature here?
Hi there, I was looking around for a while searching for two factor security and I happened upon this site and your post regarding c Anti-Virus software damages system files | Telecom,Security & P2P, I will definitely this to my two factor security bookmarks!
Hey, I was looking around for a while searching for Symantec Norton Internet Security and I happened upon this site and your post regarding c Anti-Virus software damages system files | Telecom,Security & P2P, I will definitely this to my Symantec Norton Internet Security bookmarks!
Hello, I was looking around for a while searching for application security testing and I happened upon this site and your post regarding c Anti-Virus software damages system files | Telecom,Security & P2P, I will definitely this to my application security testing bookmarks!
Hi there, I was looking around for a while searching for microsoft anti virus and I happened upon this site and your post regarding c Anti-Virus software damages system files | Telecom,Security & P2P, I will definitely this to my microsoft anti virus bookmarks!
Hey, I was looking around for a while searching for What Is A Computer Antivirus Virus and I happened upon this site and your post regarding c Anti-Virus software damages system files | Telecom,Security & P2P, I will definitely this to my What Is A Computer Antivirus Virus bookmarks!
The topic is quite trendy in the net at the moment. What do you pay attention to while choosing what to write ?
Hi, I was looking around for a while searching for computer security news and I happened upon this site and your post regarding c Anti-Virus software damages system files | Telecom,Security & P2P, I will definitely this to my computer security news bookmarks!
Hello, I was looking around for a while searching for web security software and I happened upon this site and your post regarding c Anti-Virus software damages system files | Telecom,Security & P2P, I will definitely this to my web security software bookmarks!
Hi, I was looking around for a while searching for microsoft security software and I happened upon this site and your post regarding c Anti-Virus software damages system files | Telecom,Security & P2P, I will definitely this to my microsoft security software bookmarks!
THANK U
Hey, I was looking around for a while searching for computer security test and I happened upon this site and your post regarding c Anti-Virus software damages system files | Telecom,Security & P2P, I will definitely this to my computer security test bookmarks!
Hi, I was looking around for a while searching for standard security systems and I happened upon this site and your post regarding c Anti-Virus software damages system files | Telecom,Security & P2P, I will definitely this to my standard security systems bookmarks!
Hello, I was looking around for a while searching for computer security policy and I happened upon this site and your post regarding c Anti-Virus software damages system files | Telecom,Security & P2P, I will definitely this to my computer security policy bookmarks!
Hi, I was looking around for a while searching for computer security software and I happened upon this site and your post regarding Symantec Anti-Virus software damages system files, I will definitely this to my computer security software bookmarks!
Dave,
Thanks. It really bothers us. Even I know it’s an industry common weakness. Most of anti-virus vendors have the similar problem to kill files false-positively. Originally we planned to upgrade to its Endpoint Protection, however, it seems to be changing…
What has boggled my mind is that Symantec Corporate and Symantec’s Norton line have been so problematic while the Symantec Endpoint Protection line of products has been nearly 100% effective and trouble free in all respects for our company.
One might imagine that the anti-virus scanning engine and updates would be the same across all these products and that the user interface, central management and licensing would be the differentiating factor. This unfortunately has not been the case.
This leaves Symantec customers wondering “which” Symantec they can trust, if any.
Great thread/post!
Hey, I was looking around for a while searching for application security policy and I happened upon this site and your post regarding Symantec Anti-Virus software damages system files, I will definitely this to my application security policy bookmarks!
I was exactly looking for something like that. Be nice to my power effect Nice joke! Why don’t fish play tennis? They might get caught in the net.
Two weeks ago, unfortunately, again, Symantec quarantined one critical production application as a virus. This false positive made a disaster – production stopped for hours.
Symantec offers compensation for bad software update
June 26, 2007
By Sumner Lemon, IDG News Service (Singapore Bureau)
Network World Asia
More than a month after Symantec Corp. knocked out 50,000 Chinese PCs with a bad software update, the company is ready to offer compensation. But Chinese users eligible for the offer have to act fast; it’s only good for a couple of weeks.
Symantec’s problems in China began on May 18, when it released a bad software update that caused its Norton antivirus software to wrongly identify two system files in the Simplified Chinese version of Windows XP as malware and quarantine them. That mistake, which Symantec blamed on “an automated process,” left tens of thousands of PCs crippled and Internet bulletin boards full of angry posts.
Chinese users who lost data because of Symantec’s faulty update demanded compensation, and at least two lawsuits were filed against the company. But Symantec was slow to respond, saying earlier this month it was considering requests for compensation.
After five weeks, Symantec is ready to make amends. The company is offering affected Chinese consumers a 12-month Norton license extension and a copy of Norton Save & Restore 2.0. Corporate customers are being offered Symantec Ghost Solution Suite licenses, depending on the number of PCs affected. Symantec is not offering to extend Norton licenses for corporate customers affected by the bad update.
Symantec described its offer as “a gesture of our goodwill.”
Chinese users will have to move fast if they want to take Symantec up on the deal. The company is only accepting applications for compensation during a brief window of time: from June 27 to July 15. The company didn’t say why the period is so short, but said it was a sufficient span of time.
“We are offering more than two weeks for the registration period which we believe is a reasonable period of time for customers to register,” said Catriona Turner, a Symantec spokeswoman in Australia, in an e-mail response to questions. “If there are legitimate reasons why a particular customer is unable to register by July 15, we will give consideration to extending the date for that customer.”
Turner said the terms and conditions of the compensation offer did not require users to forego the right to legal action over damage caused to their systems by Symantec’s update. “We hope that our customers will recognize that we are offering this goodwill gesture in recognition of any inconvenience caused by this incident,” she said.
Users who want to take Symantec up on its offer must apply at a special Web site, which will validate their copies of Norton Antivirus to make sure they are licensed copies and eligible for the offer.
“Customers will be asked to complete a series of questions during the validation process to help us ascertain that the customer was genuinely impacted,” Turner said.
See my comment on this incident in Chinese. http://sbin.cn/weblog/2007/05/31/symantec-av-haxdoor/
According to domestic media report, Symantec has officially apologized to their customers and acknowledge their defect of performance. But Symantec refused to compensate their customer for the loss of labor and productivity due to this incident.
The report in Chinese is as the below:
http://tech.sina.com.cn/s/s/2007-05-21/05301516894.shtml
For emergent solution or workaround, please refer to the below chinese web link in Sina.com:
http://tech.sina.com.cn/it/2007-05-18/17381515653.shtml
Due to the bad impact to China IT, it’s said public security departments has paid serious attention to this incident. And some victim customers might sue Symantec for compensation. At least, in some sense, Symantec should pay back partly.
Yesterday afternoon, Symantec has released its official incidents notes and solution. The Simplified Chinese version Windows XP SP2 with patch KB924270 would be corrupted by Symatec AV software virus code definition for Backdoor.Haxdoor, where the system files under the directory c:\windows\system32, named “netapi32.dll(5.1.2600.2976 version)” and lsasrv.dll(5.1.2600.2976 version), would be identified as Backdoor.Haxdoor and were quarantined. So the system would enter corruption when rebooting.
This incidents had plunged millions of computers of Symantec’s customer in China in a big chaos. It’s easily predicted security managers and helpdesk managers would be badly harassed in Monday. The hotline of helpdesk might be always busy tone…
The suck virus is named backdoor.haxdoor.
Till now, only Chinese version Windows XP SP2 system is reported to be impacted. Two system files are:
C:\windows\system32\netapi32.dll and C:\windows\system32\lsasrv.dll.
Users are prompted that these two files are infected by the virus and need to be quarantined. If users follow the prompt, after reboot, the system corrupts…