VeriSign's dead certificates 'knocked out Norton'

Symantec has blamed VeriSign after support forums were flooded with Norton AntiVirus users complaining of slow and unstable computers after the latest virus updates.

Symantec has blamed VeriSign after support forums were flooded with Norton AntiVirus users complaining of slow and unstable computers after the latest virus updates.

Symantec has laid the blame on VeriSign after Norton AntiVirus users complained of slow and unstable computers after downloading the antivirus updates

The expiration of some of VeriSign's certificate-authority certificates this week appears to have caused problems beyond harmless error messages generated when users tried to access secure areas of Web sites. Security-software firm Symantec on Friday blamed VeriSign for problems with its security products that left users' PCs unresponsive and unstable.

The problems caused a flurry of angry posts to the Symantec area of support forums from users saying they would ditch Symantec's Norton AntiVirus. Users of the Norton products reported that their PCs locked up or slowed down after downloading the latest virus definitions on Wednesday and Thursday. Symantec itself reported that "after January 7th your computer slows down and Microsoft Word and Excel will not start."

But rather than Norton AntiVirus, Symantec said in a statement on its site that the problem "appears to be related to VeriSign receiving an unusual number of requests by Windows-based clients to download a certificate revocation list (CRL) on January 7-8, 2004. This increase in traffic resulted in intermittent VeriSign CRL server availability."

A number of VeriSign's certificates that verified it as a certificate issuing authority expired on these dates. Norton AntiVirus products routinely verify the integrity of system components using certificates issued by VeriSign. Neither Verisign nor Symantec could immediately explain the exact sequence of events, but according to the statement on Symantec's site copies of Norton AntiVirus installed on PCs were unable to achieve the authentication they required due to the unavailability of VeriSign's server. "Therefore customers experienced delays and instabilities," said Symantec.

Hinting that it was not the only company whose products were affected, Symantec said it "and other vendors" were "cooperatively working with VeriSign to mitigate this situation."

Symantec issued a quick fix for the problem, which involves deselecting the option in Internet Explorer to check for publisher's certificate revocation.

Despite Symantec's protests that it is not to blame, the episode has created bad publicity for its Norton AntiVirus product. "I am now strongly tempted to trash Norton AV in favour of something more user-friendly and which doesn't slow down the opening of every damned thing in sight!" said one poster. "I have been having 16-plus second delays if I right-clicked on anything - even after a system reboot," wrote another. "I am not happy and have installed Sophos instead." This individual then went on to say they were not happy with that either "as updates seem incredibly confusing... I shall now try McAfee."

In a statement issued to address the certificate revocation problem, VeriSign said that since 2001 it had taken steps to notify customers of the situation and, with each communication, alert them to the expiration date and steps necessary to obtain a new Intermediate CA.

ZDNet U.K.'s Matt Loney reported from London.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All