Signature Update Kills Computers in China
Anyone who has read my columns knows I’m not a big fan of auto-updates. I’ve even recommended most users wait a week to implement some of the Tuesday security updates for Windows to see what other problems they cause. As a software developer I know how important it is to test the littlest change and that many errors just won’t be found no matter how much it’s tested in the lab.
Last week what should have been a simple data update in Symantecs signature database disabled thousands of their customers in China. Based on information in the new signature Norton AntiVirus software automatically quarantined two Microsoft files necessary for Windows to run. Users who tried to reboot after running one of Nortons scanners were greeted with a fatal system error.
The system files, netapi32.dll and isasrv.dll were a part of the Chinese Windows XP Service Pack 2. Unfortunately, Symantec flagged these files as a Trojan they called Bockdoor.Haxdoor. Ironically, this comes just after Symantec released a study about the growth of criminal hacking in China.
At first I thought this was a case of faulty testing by Symantec. In investigating the entire story I found out how really scary it was. Symantec blamed the error on a flaw in their “Automated threat analysis system”. That sounds like new signatures are being created and distributed with no lab testing at all.
In related news, if your XM radio wasn’t working recently, you can blame software updates for that one too. If you’re a XM Radio subscriber you can call 800.967.2346 and they’ll give you a two day credit. It may only come out to 87 cents but it’s worth letting them know its unacceptable.