Buggy Symantec AV Update Crashed Windows XP

Symantec has confirmed that an update to its Endpoint Protection 12.1 and Norton antivirus software for business products crashed PCs and left users to suffer the infamous “blue screen of death (BSOD)”

The flaw only affected those running Windows XP, who were also subject to the BSOD following a Patch Tuesday update issued by Microsoft in 2010.

The security firm says that it has identified the issue and that it is reviewing it compatibility and quality assurance testing to ensure that it doesn’t happen again.

Compatibility issues

“On July 11th, 2012 Symantec Security Response started receiving reports of customers experiencing blue screens after applying the July 11th revision 18 definitions,” said Orla Cox of Symantec Security Response. “After a full evaluation and root cause analysis of the issue, we have determined that the issue was limited to machines running a combination of Windows XP, the latest version of the SONAR technology, the July 11th rev11 SONAR signature set, and certain third party software.”

“Only customers running this combination of technologies and who downloaded the July 11th rev11 SONAR signature set via LiveUpdate between 6:25PM PT and 2:51AM PT on July 12th were affected,” she added. “The root cause of the issue was an incompatibility due to a three way interaction between some third party software that implements a file system driver using kernel stack based file objects – typical of encryption drivers, the SONAR signature and the Windows XP Cache manager. The SONAR signature update caused new file operations that create the conflict and led to the system crash.”

It said it acknowledged the inconvenience that the issue had caused and has posted updated signatures to the LiveUpdate servers that resolve the issue for Symantec Windows XP users.

The incident is reminiscent of a 2010 incident when rival McAfee issued an update to its VirusScan Enterprise which falsely identified a core Windows file as a threat, causing it to quarantine and reboot the file, meaning many Windows XP users were trapped in an endless reboot cycle.

Symantec suffered embarrassment earlier this year after Anonymous released what it claimed was source code obtained from a 2006 security breach that led to concerns about the vulnerability of Symantec’s PCAnywhere software.

How well do you know Internet security? Try our quiz and find out!