Security firm Symantec released malware signature updates for it antivirus software that caused some Windows XP machines to crash into a Blue Screen Of Death — BSOD.
The update was sent out to users of Symantec’s security products over about an eight hour period between July 11th and 12th. “The root cause of the issue,” writes Symantec’s Orla Cox, “was an incompatibility due to a three way interaction between some third party software that implements a file system driver using kernel stack based file objects – typical of encryption drivers, the SONAR signature and the Windows XP Cache manager. The SONAR signature update caused new file operations that create the conflict and led to the system crash”.
SONAR stands for “Symantec Online Network for Advanced Response” and is technology that is used to identify potentially malicious behavior exhibited by software. According to Symantec, the problem the following products:
- Symantec Endpoint Protection Small Business Edition (SEP SBE) 12.1
- Symantec Endpoint Protection (SEP) 12.1
- Symantec Endpoint Protection.cloud (SEP.cloud).
- Norton 2010, 2011, or 2012 consumer security product
- Norton 360 versions 4, 5 6
The “certain third-party software” have been identified by Symantec to include the following products:
- Novell ZenWorks
- PGP Whole Disk Encryption
- Sophos LanCrypt
- SlySoft Virtual CloneDrive
For systems that refuse to run following the installation of this update Symantec has published a workaround to help get people’s XP machines back up and running. Most of the time, antivirus programs protect us from hassles, but this is one in a long line of examples where faulty signature updates can render a PC inoperable. Over the years almost every major antivirus vendor has shipped dodgy updates that have caused problems on the PC they end up being installed on.