Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Bug Security Operating Systems Software Windows

Symantec Updates Cause Chaos in China 266

Hello Kitty writes "According to Computerworld, a signature update to Symantec's anti-virus software has knocked out thousands of Chinese PCs. Apparently the latest update for the AV component of the various Norton packages mistook two system files in the Chinese edition of Windows XP SP2 for the 'Backdoor.Haxdoor' trojan. Piracy issues may complicate recovery, since once the updates are installed Symantec says the only hope for reviving an affected system is to re-copy the affected DLLs from the Windows restore disks. Everyone has their official restore disks handy, right?"
This discussion has been archived. No new comments can be posted.

Symantec Updates Cause Chaos in China

Comments Filter:
  • by MarkByers ( 770551 ) on Saturday May 19, 2007 @11:28AM (#19191177) Homepage Journal
    Although it seems easy to accuse Symantec of receiving bribes form Microsoft to try to make piracy in China more difficult, this is unlikely to be the case. Never attribute to malice that which can be adequately explained by stupidity.
    • by khasim ( 1285 ) <brandioch.conner@gmail.com> on Saturday May 19, 2007 @11:43AM (#19191299)
      Okay, I understand when people say that patches cannot be tested against EVERY software package out there.

      But to not test against the core files of the operating system you KNOW they will be installed upon?

      And people pay an annual subscription fee for that kind of "service".
      • by tokul ( 682258 )

        But to not test against the core files of the operating system you KNOW they will be installed upon?
        All localized Windows versions? 33 MUI versions and 27 LIPs? Original XP, SP1, SP2 and other intermediate patched up versions?
        • Yes.

          Symantec are a large and profitable company. They can afford to do that kind of testing.

          • Re: (Score:3, Informative)

            by Xiaran ( 836924 )
            I was once speaking to some people that worked as developers and QA people at McAffee... this kind of thing is their worst nightmare. They test more than you would believe(the head QA guy told me that he used to work on medical equipment testing and that McAffee tested *way* more than that). These kind of produces have user bases that most software developers in the world rarely come close to in terms of numbers... something like 50 million licenses apparently... so if something goes horribly wrong you get
        • Yes. (Score:4, Informative)

          by khasim ( 1285 ) <brandioch.conner@gmail.com> on Saturday May 19, 2007 @12:26PM (#19191607)

          All localized Windows versions? 33 MUI versions and 27 LIPs? Original XP, SP1, SP2 and other intermediate patched up versions?

          Yes. If they need help I'm sure that VMWare will be happy to provide them some expertise (seeing as how they seem to be sorely lacking it). And than is JUST FOR INSTALLING THE PATCH.

          And you don't need to test "other intermediate patched up versions".

          This is a virus scanner. Right?

          So they only need to test against the various released versions of the files. All they need is a set of DIRECTORIES with the files to be scanned in them.

          So one box could have ALL the various patches for that system. Based upon the variances in the files. One box for the US release. One box for the Spanish release. Etc.

          And as I said, they don't have to be physical boxes. VMWare can help out a whole lot in that regard.

          It's called "Computer SCIENCE" for a reason.
    • by BCW2 ( 168187 )
      "Although it seems easy to accuse Symantec of receiving bribes form Microsoft "

      You write that like you don't think Gates & Balmer would do something like that. Based on their normal business practices I'd say it was very possible. They have no respect or consideration for paying customers anymore than they do for other sortware companies.
    • Never attribute to malice that which can be adequately explained by stupidity.

      Always attribute to stupidity which could be adequately explained by malice? ;)

      Sometimes it is pretty malicious to remain so willfully stupid.

      Although, I don't think Symantec is on good terms with Microsoft these days.
  • Microsoft to Symantec: "Its OK, its not like there are many pirated versions, remember we have Windows Genuine Advantage!"
  • How Long (Score:5, Insightful)

    by TheUni ( 1007895 ) on Saturday May 19, 2007 @11:33AM (#19191207) Homepage
    ...until some jackass posts a link to the files netapi32.dll and lsasrv.dll under the guise of a fix for these systems, but he has ACTUALLY infected with the backdoor.haxdoor virus?
  • Not a false positive. The Chinese pirated copies of windows probably come pre-installed with Backdoor.Haxdoor
    • This is no longer trojan but a full symbiant in china. If you kill the virus you kill the host.
    • The fine summary seemed to suggest that all Chinese XP SP2 installations got hosed by this Symantec update. Therefore, if this update is killing an actual backdoor, then all Chinese copies of XP SP2 have the backdoor...
      Just what we need: an official Microsoft backdoor (other than WGA)!
    • by Xemu ( 50595 )
      Not a false positive. The Chinese pirated copies of windows probably come pre-installed with Backdoor.Haxdoor

      Of course the do, courtesy of CIA and the NSA. That's why symantec had to back down and quick...

  • Hypocrisy (Score:5, Insightful)

    by Romwell ( 873455 ) on Saturday May 19, 2007 @11:35AM (#19191235)
    I guess this thread is going to become full of posts in the spirit of "they got what they deserved", as if this was an anti-piracy measure. Of course, piracy of IP is only legitimate when commited within USA, otherwise it is "OMG commies are stealig our moneyz". This was an effing software bug, which casued trouble to everyone, legitimate users too, and I don't see how piracy talk could be relevant. As a side note, having recovery CD's does not have to do anything with piracy. If you pirate Windows, you have all the CD's you need.
    • by grommit ( 97148 ) on Saturday May 19, 2007 @01:14PM (#19191989)
      I do it. They got what they deserved. Not for pirating Windows but for installing Norton/Symantec products. Anybody that willing installs any product from that company deserves any bad thing that happens to their computer.
  • "CISRT said. "This issue has made a huge effection to Chinese people." I knew Symantec was effectionate because it wanted to screw my computer all the time. It's hard to decide what's worse - an infection or an "effection".
  • China is quick to legislate change. I believe after this, all of their social organizations will adopt Linux for the sake of national security.
    • by Tuoqui ( 1091447 )
      Here's hoping. At least with Linux you can have those army of Chinese coders examine each and every part of that 50mb kernel for exploits and flaws :)
  • Time for a Change (Score:5, Interesting)

    by Thumper_SVX ( 239525 ) on Saturday May 19, 2007 @11:54AM (#19191365) Homepage
    Sounds to me like it's time for a change. The Chinese have already demonstrated that when something from Western corporations runs amok they are quite willing to force a change on their people. I'm not saying it's right, it's just so.

    Now, this problem has actually highlighted a bigger problem; that Windows is Western software controlled by Western interests. Even the ancillary software you need to run Windows effectively (read: anti-virus) is from third parties in the West who obviously wouldn't necessarily have the desires of the Chinese government in mind. Now, at best I can see the Chinese government is going to realize that their reliance on Western anti-virus solutions may be a flawed dependency and they will write their own Chinese-specific AV solution. At worst... this might just highlight to the Chinese government how vulnerable they are to a "cyber attack", either malicious or accidental that could potentially cripple them.

    Microsoft might want to start "spinning", and quick. Chinese people are well aware there are better solutions out there than Windows for an operating system. It's only a matter of time before someone in power starts talking about "Red Flag Linux" and how it's openness can help prevent problems exactly like this... then it's all over for Microsoft in that market.

    Yes, I realize the pirated Windows market is huge in China as well... but it's still a massive market for Microsoft to lose because of the accidental actions of one of their "trusted third parties".
    • Why should Microsoft spin anything? Microsoft gets almost no money from China because piracy is so rampant there. It wouldn't be worth it to Microsoft to yet again lay down more money, except for maybe in the far distant future when China actually takes intellectual property seriously. Their government "crackdowns" on piracy are a joke, especially in a government that is extremely efficient when it actually wants to crack down - they just don't want to.
  • Woe is Symantec (Score:5, Insightful)

    by rueger ( 210566 ) on Saturday May 19, 2007 @12:00PM (#19191411) Homepage
    For years I always installed Symantec products, and before them Central Point [wikipedia.org] and Norton products. [wikipedia.org]

    They worked, they worked well, and I could see how they helped me.

    Somewhere along the line though they became first large, then irritating, then expensive to keep updated (pay for virus signature updates?), then finally began actually damaging systems.

    And somewhere along the line I stopped buying their products, installing their products, and recommending their products.

    I've come to view Microsoft the same way. Between excessive DRM, excessive hardware demands, and a generally customer hostile attitude I find it hard to think that I would ever move to a Vista machine. Thus far Windows 2000 still does everything that I need with a lot less hassle.

    Someday though I will need to upgrade. The question is what will fill the gap? Linux still isn't there, nor are most Open Source replacements for common Microsoft and Adobe applications.

    Is there a company that can step in with a viable replacement for Photoshop or MS Office? Can OpenOffice or GIMP make the final leap to become a reasonable and reliable alternative to those tools? I don't want something that sort of does everything that Photoshop does, I want a professional tool that does everything, and does it equally well.

    The door is open, we're just waiting someone to step through.
    • Re:Woe is Symantec (Score:5, Insightful)

      by whoever57 ( 658626 ) on Saturday May 19, 2007 @12:43PM (#19191733) Journal

      And somewhere along the line I stopped buying their products, installing their products, and recommending their products.
      I went through the same process, although I now recommend Linux when appropriate. The experience that turned me off Symantec was installing a new version that required activation, but would not activate. Support was hopeless -- asking the same question over and over ("do you have a firewall?"). Why the vendor of a security product should suggest that I turn off my firewall to activate their product, I just don't know -- anyway, I could see the queries in my squid logs.

      Since then, I've seen machines crippled by malfunctioning Symantec rootkits. Yes -- I refer to them as rootkits since they have made un-installation impossible in some cases. For example, their uninstall program refuses to run in safe mode.
    • I recently asked the same questions as I decided my system was beginning to age. I wanted to look forward and Windows Vista was not on the... vista.

      The only difference here is that I wasn't concerned that my software be free. I don't mind paying a few bucks here and there if it's good quality software.

      So after spending several weeks trying to pin down a comfortable desktop linux distribution, and learning no such thing exists yet (close, seriously, but linux will need to get over its anti-cooperative atti
      • by jZnat ( 793348 )
        By the sounds of it, you haven't used Linux in several years. Try out Ubuntu [ubuntu.com] for the "Just Works(R)(TM)(SM)(C)" experience. Pretty much any complaint people normally have about Linux (since they haven't used it since the 20th century) have been solved for quite some time in distributions like Ubuntu. There are also some other more proprietary-friendly yet still "Just Works(R)(TM)(SM)(C)" like Linspire, Mandriva, etc.
    • by Dan Ost ( 415913 )
      Linux still isn't there

      What, in your opinion, is missing?

    • by Buran ( 150348 )
      "Is there a company that can step in with a viable replacement for Photoshop or MS Office? Can OpenOffice or GIMP make the final leap to become a reasonable and reliable alternative to those tools? I don't want something that sort of does everything that Photoshop does, I want a professional tool that does everything, and does it equally well.

      The door is open, we're just waiting someone to step through."

      Apple stepped through that door years ago. You can run every one of those applications on a Macintosh. Ph
  • And so has Microsoft updates....

    neither of which had anything to do with piracy issues, but rather doing things to my at work system that broke and even removed other legal software. Adobe is guilty of this too.

    What this really means? Well for symantec to effect pirated systems would mean that symantec software was also pirated (which just happens to run on Windows system). Because this is a symantec problem more then it is a windows problem..... I'd imagine users of symantec will better question the risk o
  • Since most pirated installations don't have the install media either, it's a sure fired way to wipe out thousands of fake installs in one fell swoop.
    • Since most pirated installations don't have the install media either, it's a sure fired way to wipe out thousands of fake installs in one fell swoop.

      I don't think it will hurt the pirates that much to redownload it.

      If they aren't patient enough they can walk down the corner store and pick themselves up a "copy" of Windows XP for $3.
  • by jridley ( 9305 ) on Saturday May 19, 2007 @12:36PM (#19191663)
    NOBODY has original install discs anymore. Go buy a PC and see if you get original install discs. You're screwed.
    The best you can hope for now is that your machine allowed you to make a set of full system restore discs when you got it. Some of those will allow you to restore individual files, but many of these utilities just re-image your system drive, so you lose everything on there that was installed since the machine was new (at least, anything on the boot partition).

    I'd say this is probably MORE destructive to people with legitimate copies, who probably just have such images. The pirates are more likely to have install CDs.
  • Slashdot idiocy (Score:4, Insightful)

    by mattr ( 78516 ) <<mattr> <at> <telebody.com>> on Saturday May 19, 2007 @12:42PM (#19191727) Homepage Journal
    Look people they're just dumb. No company is intentionally going to want to shoot their foot off in China.
  • Only problem is (Score:5, Interesting)

    by Maxo-Texas ( 864189 ) on Saturday May 19, 2007 @01:00PM (#19191867)
    the pirated versions of windows I ran (win2k), I had full install disks.
    the oem versions (win98, winxp, winxp) I bought at best buy and other places, my only option is to wipe everything and reinstall.

    So, I would be screwed on the machines where I am a legitimate paying customer, and hunky dory on the machines where I was pirating.
  • ...for running symantec software.
  • by RelaxedTension ( 914174 ) on Saturday May 19, 2007 @02:00PM (#19192401)
    Or has there been a distinct drop in spam since this happened? :)
  • First - how many viruses cause comparable damage _ever_?

    Second - once I tried testing several known AVs with some fresh dialers and trojans I've had (mostly as email attachments). Not a single one(!) has been detected by AVG, Avast, and Kaspersky.

    All they do is detecting irrelevant (in the age of Internet) old "viruses", wasting your resources, and through occasional fuckups like this one doing real damage. Good thing if your AV is at least free one.
  • Of course, (Score:3, Insightful)

    by digitig ( 1056110 ) on Saturday May 19, 2007 @02:44PM (#19192687)
    The recovery disk shipped with most systems will reset the computer to factory state, deleting all user files. Everybody here does have a recent backup, don't they? And you have all checked recently that it works?
  • by Arancaytar ( 966377 ) <arancaytar.ilyaran@gmail.com> on Saturday May 19, 2007 @07:39PM (#19194595) Homepage
    From: thomson@symantec.com
    To: gates@microsoft.com
    CC: genuine-advantage@microsoft.com
    Subject: Mission Accomplished

    Hi Bill,

    Done as requested. That will be one billion; pleasure doing business with you.

    -John
  • by d_jedi ( 773213 ) on Saturday May 19, 2007 @09:32PM (#19195223)
    First off, let me say I have no sympathy whatsoever for anyone who is unable to recover their PC after this snafu because they were running a pirated version of Windows. No sympathy whatsoever.

    Now, for all of those who were running a legitimate version of Windows and a legitimate version of Norton who were affected by this problem (probably a small percentage of all systems actually affected..) it really does suck.. and there are two sources of fault, here:

    1) MS. Aren't critical OS files supposed to be protected, such that they can't be unwillingly be deleted or modified? Maybe this is part of the reason why MS didn't want AV vendors to have kernel mode access to Vista..

    2) Norton (duh). How they could manage to screw this up so badly boggles the mind.

Put your Nose to the Grindstone! -- Amalgamated Plastic Surgeons and Toolmakers, Ltd.

Working...