/>
X

Symantec explains Windows XP 'blue screen of death' outbreak

The security firm is 'restructuring' its SONAR signature quality assurance process after an incompatibility took down a number of Symantec-protected Windows XP machines last week
david-meyer.jpg
Written by David Meyer, Freelance reporter on

Symantec has explained a compatibility problem that saw some of its Windows XP-using customers experience the 'blue screen of death' last week.

The company said on the weekend that a "full evaluation and root cause analysis of the issue" showed that the only customers to be affected were those running XP, certain third-party software, the latest version of Symantec's behaviour-based SONAR technology, and the 11 July rev11 SONAR signature set.

"The root cause of the issue was an incompatibility due to a three-way interaction between some third-party software that implements a file system driver using kernel stack based file objects — typical of encryption drivers, the SONAR signature and the Windows XP Cache manager," Symantec Security Response team member Orla Cox said in a blog post. "The SONAR signature update caused new file operations that create the conflict and led to the system crash."

Cox detailed the many elements of Symantec's quality assurance process for SONAR signatures, but conceded that it failed to catch this problem before the affected signature set was rolled out. She added that the company was tweaking its testing process to make sure it didn't happen again, and no new SONAR signatures would be released until that "restructuring" has taken place.

After the problem manifested itself on 11 July, Symantec rolled back the rev11 signature set — it was only being pushed out by the company's LiveUpdate servers for just over eight hours.

Soon afterwards, Symantec posted updated — and less crash-prone — 'r12' signatures to the public LiveUpdate production servers.

"Once the signature was rolled back, no new issues were reported from the field," the security firm said in a summary of the incident.

Related

FBI and NSA say: Stop doing these 10 things that let the hackers in
getty-a-stressed-man-at-a-computer-in-a-dark-office.jpg

FBI and NSA say: Stop doing these 10 things that let the hackers in

Security
Why you should install iOS 15.5 now
ios-15.png

Why you should install iOS 15.5 now

iOS
Microsoft starts rolling out new 'One Outlook' Windows email client to testers
newoutlookclienthitsbeta.jpg

Microsoft starts rolling out new 'One Outlook' Windows email client to testers

Productivity