Symantec Update Leaves XP PCs Feeling Blue
Jul 17, 2012 10:22 AM PT
Symantec has determined that combining the newest version of its antivirus software with the decade-old Windows XP operating system can cause users' PCs to freeze up with the dreaded Blue Screen of Death.
After Symantec analyzed the problem, it revealed that the incompatibility hit machines running a combination of the nearly 11-year-old Windows XP operating system, the latest version of the Symantec Online Network for Advanced Response (SONAR) antivirus technology, the June 11 rev11 SONAR signature set, and certain third-party software.
A three-way interaction between the file system driver implementation, the SONAR signature and the Windows XP cache manager created a conflict and crashed the system, according to a company blog post from Symantec Security Response official Orla Cox.
If customers have installed the update already and did not get a blue screen, it is highly unlikely that they are at risk, Cox said. If customers have questions about an uninstalled update, Symantec warns them to make sure that they are running the latest software definitions, in which case they should not run into problems.
To correct the problem in the future, the company said it will work on its testing process and will refrain from releasing additional SONAR signatures until a new process is in place.
"New definitions were rolled out shortly after to correct the issue," Mike Bradshaw, partner at Connect Marketing, told TechNewsWorld. "Since then, no new customer issues have been reported from the field."
When Symantec rolls out an upgrade, it has to be prepared for it to run on a wide variety of systems, no matter how outdated or obscure they might be, said Davi Ottenheimer, security expert and president of flyingpenguin.
"The problem affected numerous other products, so it seems that it could have been prevented with QA," he told TechNewsWorld. "Symantec needs to take a serious look at why PGP was in the list of affected systems. Does Symantec even use in-house their Endpoint product with their PGP product on Windows XP? Since the fix was to remove the bad update and replace it with one that is able to work with the products, it's clear Symantec was at fault."
Part of the problem is that while Symantec was busy creating the newest anti-malware software, Microsoft was counting on customers to upgrade from its XP file system, which is ancient in technology years, said Ottenheimer.
"The confusion could be caused by the fact that Microsoft has not been maintaining the XP file system in the same manner as their newer OS," he said. "That's probably what caught Symantec off-guard."
While Symantec was to blame for the BSOD that hit unsuspecting users, the AV company is not the first to roll out an upgrade with incompatibility issues. If the situation had been handled differently, the company might be facing more customer outrage. But the best thing a company can do when caught in this type of situation is to issue a quick response and acknowledge the complaints of the customers, which Symantec was able to do, said Ottenheimer.
"This incident may prompt some users to consider other vendors, yet Symantec is not the first antivirus company to release an update that causes a major outage," he said. "It also should be said they responded quickly with a fix."