The problems caused a flurry of angry posts to the Symantec area of support forums from users saying they would ditch Symantec's Norton AntiVirus. Users of the Norton products reported that their PCs locked up or slowed down after downloading the latest virus definitions on Wednesday and Thursday. Symantec itself reported that "after January 7th your computer slows down and Microsoft Word and Excel will not start."
But rather than Norton AntiVirus, Symantec said in a statement on its site that the problem "appears to be related to VeriSign receiving an unusual number of requests by Windows-based clients to download a certificate revocation list (CRL) on January 7-8, 2004. This increase in traffic resulted in intermittent VeriSign CRL server availability."
Norton AntiVirus products routinely verify the integrity of system components using certificates issued by VeriSign. Neither Verisign nor Symantec could immediately explain the exact sequence of events, but according to the statement on Symantec's site copies of Norton AntiVirus installed on PCs were unable to achieve the authentication they required due to the unavailability of VeriSign's server. "Therefore customers experienced delays and instabilities," said Symantec.
Hinting that it was not the only company whose products were affected, Symantec said it "and other vendors" were "cooperatively working with VeriSign to mitigate this situation."
Symantec issued a quick fix for the problem, which involves deselecting the option in Internet Explorer to check for publisher's certificate revocation.
Despite Symantec's protests that it is not to blame, the episode has created bad publicity for its Norton AntiVirus product. "I am now strongly tempted to trash Norton AV in favour of something more user-friendly and which doesn't slow down the opening of every damned thing in sight!" said one poster. "I have been having 16-plus second delays if I right-clicked on anything - even after a system reboot," wrote another. "I am not happy and have installed Sophos instead." This individual then went on to say they were not happy with that either "as updates seem incredibly confusing... I shall now try McAfee."
Update: Late on Friday, Verisign posted an explanation on its site, and said that the problem with the Certificate Revocation List, which affected Norton AntiVirus, was not connected to the Intermediate CA expiration issue, which caused problems for secure Web sites at about the same time last week.
The company said that requests to its server at crl.versiign.com suddenly increased one hundred-fold due to Windows clients trying to download the CRL. "We immediately took steps to increase capacity and determine the root cause," said VeriSign, and "within 24 hours, had increased capacity on crl.verisign.com ten-fold to handle this increased request load."
"VeriSign regrets any inconvenience that may have resulted from this period of increased demand," said the company in its statement. "In addition to increasing capacity, VeriSign has made certain modifications to the CRL distribution logic to more effectively handle subsequent wide-scale CRL downloads and continues to work with those that may have experienced response delays as a result of the increased demand. We also continue to work with industry leaders, partners, and the technical community to encourage promulgation the use of alternative validity determination mechanisms, such as the online certificate status protocol, which may be less susceptible to these kinds of periodic events."
Talkback
i think it has help as i having problem with internet explorer over thr past few weeks
While I understand that Symantec and Verisign are looking into the solution and have offered a new certificate, which I have downloaded and installed, it does not solve the problem. I had to uncheck the "check the certificate" box to get my computer back to speed.
I think it is unbelievable that Symantec who is supposed to provide protection has downloaded the problem onto my PC.
Any attempts to contact them are in vain. They cause a problem and then want to charge you to call them for the solution.
I think I will try McAfee as well.
You will see more of these events affecting all software using security.
The failure of one affects the whole chain.
You want more secure software, that takes more than one company, unless you want a megamonopoly. And even though one company is affected by errors of another, it doesn't make the first company responsible or liable for the faults of another.
Ok, so you want to change software. Alright, which is better? The one with the interface you can't use? How about the one with no security? Perhaps the one that can't find half the viruses?
Sorry about ranting, but this isn't an issue of Norton (or whomever) Sucks. It's an issue of the interelated web of software 'security and trust' failing, and the end users whining at their lightly scalded hand rather that the fire that did it.
The problem is that Norton Anti-Virus is automatically dialing up to crl.verisign.com when it didn't before (even when this is unticked in the options). It is clearlry Nortons problem and they should resolve it immediately.
Now that's interesting. Since that AV download which also included a program update my PC has been trying to dial out when first booted up *and* when closing down. I checked to see what was behind it and it was SYMPROXY and NAV32, both to do with Norton AV. I couldn't get any feedback to or from Norton due to running Norton SW 2002. I've now had to select to not allow any applications to dial automatically.
Well, I didn't notice any slow-down in my system, but regardless, I think I'll be staying with Norton - I have to look at their track record on my system over the past 4 years and I've been very impressed with their frequent updates and quick responses to security threats. It's worth sticking with it - would you ditch windows because it crashes on you? You can't ditch what is a very user friendly and well built av program due to one problem - just my opinion.
Both Symantec and McAfee products are extremely poorly developed, and especially as related to their "live updating" features. Not only do their products miss substantial numbers of events and viruses etc, the live update features continually bog down the processors killing services at the host, which requires numerous unecessary reboots. That and the fact that the products do the same downloads between 10 and 50 times per day(tracked and verified), of the same exact updates is completely ridiculous.
Another apparent design flaw is the ability to turn off the live update feature, in Norton products specifically, to set to manual "notify me when updates are available" does not work, except that the cute little update icon goes away, but the product continues to update, causing the above problems with host processors
I, for one, will not renew my subscriptions when time, nor will Symantec products ever run on my corporate servers in the future.
I recently downloaded NAV2004 and I regret it. It slowed my computer down dramatically and I keep getting error messages when using the internet. I want to get in touch with Symantec but their website is user unfriendly. The email service I used only one month ago just returns my emails so I have to plough through their standard pages of advice- a very poor service. HOW CAN I GET IN TOUCH WITH THEM? Also I have been advised that NAV is incompatible with AOLis there any truth in that? Brian Fall
I recently downloaded NAV2004 and it has left me with no e-mail protection and trashed Word- after 12 spam and virus free months witrh NAV2003 my computer is now riddled with problems and the so called customer support, from 9.30 to 4.30 weekdays only, is pathetic for any-one not working from home. Three weeks later problems still not solved despite umpteen attempts.
I e-mail the following to symantec and have still had no response from them:
' I purchased Norton systemworks 2005 just before the new year, I already had Norton internet security 2004 installed,
the program installed fine but when I ran the full system scan it completed the scan then came up with the error 3019,6,
I went to the website and followed the instructions online but the problem remained. I contacted telephone support and was given
various instructions but to no avail, I was sent a link and told to follow the instructions, I did so to no avail, I contacted support
again and was given various instructions including going into the registry and removing various folders, systemworks failed to install,
I was yet again instructed to go to a link on the symantec website and follow the instructions, I have done this, the result being that now I am left hanging with both Norton systemworks 2005 and Norton internet security 2004 uninstalled from my system and I cannot reinstall either.
I can only get through to customer services during working hours which means I have to take time off work to deal with this situation and I have lost faith that they can actually help me. I have spent a lot of money and time both on the products and on the phone to customer sevices , I am now worse off than when I started.
My call reference number was: 002856517
Is there anyone at symantec who can help or is this just another faceless company who don't really care for their customers? '.
It's a shame that symantec support is not as good as its products, up to now I have always found norton very good.
I am an IT consultant and usually recommend software products to my clients, If this is the level of support symantec provides then I'm afraid they will have to be ticked off of my list.
I have the same problem with Norton Internet Security 2006. After renewing subscription an downloading the program I have had to download another 6 times, still not installed. Used their on line fix it tool which removed all and now cannot reinstall,have sent e-mails to their "Tech-Support" which I consider a big joke, using every step given (which had already been done at least 2 times) still not able to install. I have been attempting this installation for over 5 1/2 months. GoodBye to Norton and their crap.