Security

Symantec: VeriSign at fault in Norton glitch

Symantec blames VeriSign, after receiving complaints from Norton AntiVirus users that their PCs became slow and unstable after downloading the latest virus update.

Symantec on Friday blamed VeriSign for problems with its security software products that left users' PCs unresponsive and unstable.

The problems caused a flurry of angry posts to the Symantec area of support forums from users saying they would ditch Symantec's Norton AntiVirus. Some users of the Norton products reported that their PCs locked up or slowed down after downloading the latest virus definitions on Wednesday and Thursday. Symantec itself reported that "after January 7, 2004, your computer slows down, and Microsoft Word and Excel will not start."


Get Up to Speed on...
Enterprise security
Get the latest headlines and
company-specific news in our
expanded GUTS section.


But the glitch is not down to Norton AntiVirus, according to Symantec. The Cupertino, Calif.-based company said in a statement on its Web site that the problem "appears to be related to VeriSign receiving an unusual number of requests by Windows-based clients to download a certificate revocation list (CRL) on January 7-8, 2004. This increase in traffic resulted in intermittent VeriSign CRL server availability."

Norton AntiVirus products routinely verify the integrity of system components that use VeriSign-issued certificates. Neither the Mountain View, Calif.-based company nor Symantec could immediately explain the exact sequence of events, but according to the statement on the security software maker's Web site, copies of Norton AntiVirus installed on PCs were unable to achieve the authentication they required because of the unavailability of VeriSign's server. "Therefore, customers experienced delays and instabilities," Symantec said.

Hinting that it was not the only company whose products were affected, Symantec said it "and other vendors" were "cooperatively working with VeriSign to mitigate this situation."

Symantec issued a quick fix for the problem. The fix involves deselecting the option to check for a publisher's certificate revocation in the Internet Explorer browser.

Despite Symantec's protests that it is not to blame, the episode may have created bad publicity for its Norton AntiVirus product. "I am now strongly tempted to trash Norton AV in favour of something more user-friendly and which doesn't slow down the opening of every damned thing in sight!" one poster wrote. "I have been having 16-plus-second delays if I right-clicked on anything--even after a system reboot," another wrote. "I am not happy and have installed Sophos, instead." This individual also expressed discontent with Sophos, "as updates seem incredibly confusing...I shall now try McAfee."

Late on Friday, VeriSign posted an explanation on its Web site, saying the problem with the Certificate Revocation List, which affected Norton AntiVirus, was not connected to an Intermediate Certificate Authority expiration issue, which caused problems for secure Web sites at about the same time last week.

The company said requests to its server suddenly increased a hundredfold, as a result of Windows clients trying to download the CRL. "We immediately took steps to increase capacity and determine the root cause," VeriSign said. It said that within 24 hours, it had increased capacity on crl.verisign.com tenfold to handle the increased request load.

"VeriSign regrets any inconvenience that may have resulted from this period of increased demand," the company said in its online statement. "In addition to increasing capacity, VeriSign has made certain modifications to the CRL distribution logic to more effectively handle subsequent widescale CRL downloads and continues to work with those that may have experienced response delays as a result of the increased demand. We also continue to work with industry leaders, partners and the technical community to encourage promulgation of the use of alternative validity determination mechanisms, such as the online certificate status protocol, which may be less susceptible to these kinds of periodic events."

ZDNet UK's Matt Loney reported from London.