Skip to main content

Symantec explains update bug that crashed Windows XP computers

Security firm Symantec has explained the software update that sent PCs crashing into the ‘blue screen of death’ on 11 July.

The bug, which affected some users running Windows XP on their machines, was apparently caused by a compatibility problem between XP, some third-party software, Symantec’s behaviour-centric SONAR tool, and its 11 July update, the company said after carrying out a "full evaluation and root cause analysis of the issue."

The problem “was an incompatibility due to a three-way interaction between some third-party software that implements a file system driver using kernel stack based file objects — typical of encryption drivers, the SONAR signature and the Windows XP Cache manager," wrote Orla Cox, a member of Symantec’s Security Response team, in a blog post. "The SONAR signature update caused new file operations that create the conflict and led to the system crash."

Cox insists that the company has rigorous structures in place for SONAR, but that this particular conflict slipped through the cracks somehow. Symantec has since fixed the issue, but only after inconveniencing - and angering - some customers.

“This has cost us (and others as well obviously) massive amounts of time and money on IT support and employees not being able to work. Symantec, will you compensate us (being your clients) in any way?,” commented one user on Symantec’s blog.

“The support is a joke, the quality control is a joke and the software is not much better. Yes I know these things happen, but any half decent quality control/testing process would surely of [sic] highlighted the issue,” wrote another user.

Symantec has said no new user issues have been reported since the fix was rolled out.