By Lu EnJie - Mon, 06/18/2007 - 18:29.

One month after tens of thousands of PCs in China were disabled by a bug in its Norton antivirus software, Symantec has offered to compensate the owners. However, the compensation – more copies of the software that caused the problem – has sparked outrage on some online forums.

Symantec yesterday offered affected users a free year of antivirus protection from Norton AntiVirus – the same program that removed critical system files and left their PCs unable to boot up in May, local press reports say.

Furious reaction to offer



The response to the compensation offer on Chinese online forums today has mostly been one of incredulity and anger.

“They call this compensation! Who will compensate us for our other losses?”, wrote one angry poster on leading news portal, Sina.com (all links in Chinese).

“This is hard to accept. Loads of companies have lost all their data, who is going to compensate them for this?” asked another

As well as the antivirus software, the compensation deal includes a backup program, Norton Save & Restore 2.0. Some users who lost data had been criticized for failing to keep backup copies.

The special website set up by Symantec China to handle compensation claims is currently unavailable, although reporters in China apparently were able to access it earlier.

Dead on the desktop



Reports of the number of PCs put out of action when Symantec's Norton AntiVirus attacked the machines it was meant to protect varied from thousands to millions. No solid evidence has been offered that supports the latter figure, which appears to be based on an estimate of the number of PCs that could be running Norton Antivirus in China - the software is often supplied free with new PCs.

The incident began on the morning of May 18. A routine update of Norton Antivirus identified two critical Windows files as viruses, and deleted or moved them. The affected PCs continued operating normally until they were rebooted, whereupon they crashed with the so-called 'blue screen of death' error message. The PCs proved impossible to restart. Some companies were so badly hit - with hundreds of failed PCs - that they are unable to function, local reporters said.

Windows XP mistaken for virus



The buggy update disabled all Simplified Chinese Windows XP PCs that had been patched with Microsoft's MS06-070 security fix last year. Symantec issued a new update late the same day that fixed PCs if they had not been rebooted, but it could do nothing to revive those already dead. The PCs could not be used until the system files were replaced – a complicated operation beyond the knowledge of ordinary users.

Symantec was criticised for being slow to react, slow to discuss compensation, and for initially offering an 'insincere' apology that some claimed was an attempt to shift the blame to Microsoft.

A week after the incident, Symantec began offering a free bootable CD that could restore most of the injured PCs to health by replacing the missing files.

Legal action taken

Several lawsuits have been filed over the case, with plaintifs seeking sums from hundreds of dollars up to several thousand – Symantec confirmed two of these cases to Computerworld reporter Gregg Keizer, early in June. According to Chinese press reports, one complainant in Beijing has also tried to file a class action suit, which would demand compensation for all victims, but its not clear if this has been accepted by the court.

Under the license agreement for the AntiVirus software, Symantec is liable only for damages up to the value of the software itself, according to some local press reports. Texyt has not been able to confirm this or locate this clause on Symantec's Chinese website.

Incident feeds conspiracy theory

A few imaginative conspiracy theorists in China have suggested that there's more to the case than meets the eye. They argue that the centrally-ordered shutdown of masses of PCs was in fact the inadvertent activation of a secret US National Security Agency (NSA) backdoor in Microsoft's Windows.

According to this version of events, for which no evidence has been provided, the hidden code was either a means of spying on China, or a hidden 'logic bomb' designed to give the US the upper hand in the event of a 'cyberwar'. This theory has been widely repeated and reposted on blogs in China during the past few days.

Update June 19: Symantec has claimed that the compensation claims website seen by journalists was only a test version not intended for public viewing, according to reports in some Chinese publications today.

Update June 25: Recent reports from China confirm that news of the original compensation offer was accurate. Symantec now estimates as many as 50,000 PCs were affected.

Further Reading:

Texyt carried the first English language report of the original Norton AntiVirus incident.

ComputerWorld's report (warning: pop-up ads) on legal action against Symantec in China.