Astounding news about Symentec
This morning I heard (1) an astounding news about Symantec. It released a faulty virus definition that deleted (or quarantined) two (2) vital files on Windows XP (Simplified Chinese Version). The result was that around three (3) millions computers were unable to start and must restore the deleted files from (4) Microsoft original install CD. SANS and Sina confirmed this news. (5) From Symantec China webpage, they claimed that only people who downloaded the updates on May 18th between 01:00 a.m. and 02:30 p.m. and have MS06-070 installed on their computers were affected.
This incident has (6) lots of implications (7) and the one most worried about is that people will try to download these files on the web in order to repair their (8) computer. The integrity of these files is in (9) questions (if they do not come from an authenticated source). A malicious hacker may plant a virus or backdoor in these system files and offer the files in discussion groups.
As an auditor, I always think of process control. There (10) were actually two control points within the release process of a virus definition. The first one is the approval and verification process for adding a (11) system files (12) into their blacklist. System files are high-risk files since they impact the whole system, instead of a single application. The second control point is the testing of the definition before publishing to the public. Does Symantec test all their definitions with all versions of OS? It is an extremely challenging and costly task to release timely virus definitions and, at the same time, to have all OS versions tested (different languages, times, services packs). Although it is a costly testing process, the risk is too great to ignore.
There is always a lesson to learn from mistakes. Hopefully, the whole anti-virus industry will benefit from Symantec's mistakes.
Footnotesenglish writing practice
(1) Correction: Delete "an" ("news" is plural).
(2) Suggestion only "vital files" is acceptable, but little used, except in medical matters. "Essential" is more commonly used for your purpose.
(3) Correction: Use "million" instead of "millions."
(4) Correction: Instead of "Microsoft original install CD," use "the original Microsoft installation CD."
(5) Suggestion only: Use "The" instead of "From" and change "they claimed" for "announced."
(6) Suggestion only: Use "many." It is nicer than "lots of."
(7) Suggestion only: Begin a new sentence after "implications." Begin it with "What worries me most is that people will try to download…"
(8) Correction: Use "computers" instead of "computer."
(9) Correction: Use "question" instead of "questions."
(10) Correction: Use "are" instead of "were."
(11) Correction: Use "system's."
(12) Correction: Use "to its" instead of "into their."
English Proofreading Main Page
English Proofreading Site Map
© G.A. Robinson 2007-2013