Symantec’s latest update to its Symantec Endpoint Protection (SEP) 12.1 antivirus software has caused complete failure of some users’ machines. The press release from Symantec listed the combination of software programs susceptible to this problem.
According to Symantec Security Response only customers that match these criteria who downloaded the July 11th rev11 SONAR signature set will have been affected. It is thought that a three-way interaction between third-party software, not yet named, SONAR signature and Windows XP Cache manager is the cause of the issue.
Symantec claims to have an extensive testing protocol, including compatibility testing, that it follows before releasing updates to its software. However, in the same release, Symantec effectively admitted to not having a compatibility testing procedure that was rigorous enough by stating it will be improved before any further SONAR updates are released.
This is an embarrassing episode for Symantec, as until now its SEP 12.1 software has received excellent reviews, as well as being the first antivirus developer to offer an enterprise level cloud-based technology. The 12.1 software recognises malicious behaviour of malware rather than the signatures of malware, as older systems would. Therefore, the 12.1 version is able to recognise thousands of malware signatures derived from the same point without having seen them before. The older method is becoming increasingly redundant as approximately 55,000 new malware signatures are developed each day, something which no traditional antivirus software can keep up with.
Customers’ responses to the catastrophe have been mixed; with some simply asking for the solution where as others have vented their frustration on the message thread of the associated press release.
There had been reports that Symantec were looking into compensation for customers over time lost fixing the problem. This was refuted by a spokesperson for Symantec, who said there would be no compensation packages paid out; however, they would be “reaching out to customers directly to offer technical assistance”. Judging by the angry response of some customers, I’m not sure this will go far enough.