Symantec cannot handle SHA-2 and breaks Windows 7 and Server 2008 R2
If only Symantec had any sort of forewarning about Microsoft moving to use SHA-2 signed updates, everything might have gone smoother.
It seems that six months is not enough for Symantec to get its ducks in a row, as its anti-virus software is unable to handle SHA-2 signatures, and led to Microsoft withholding updates from certain devices.
In an update note for Windows 7 and Server 2008 R2, Microsoft said that when a device runs any Symantec or Norton antivirus program, and attempts to install an update signed only with SHA-2, the antivirus program blocks or deletes the update during installation, which could make the operating system stop working.
“Microsoft has temporarily placed a safeguard hold on devices with an affected version of Symantec Antivirus or Norton Antivirus installed to prevent them from receiving this type of Windows update until a solution is available,” Microsoft said.
“We recommend that you do not manually install affected updates until a solution is available.”
For its part, Symantec said an “upcoming version” of Symantec Endpoint Protection would support SHA-2.
Earlier in the year, Microsoft said it was moving away from dual-signing its updates with SHA-1 and SHA-2 due to the weakness of SHA-1.
“Unfortunately, the security of the SHA-1 hash algorithm has become less secure over time due to weaknesses found in the algorithm, increased processor performance, and the advent of cloud computing,” Microsoft said at the time.
“Stronger alternatives such as the Secure Hash Algorithm 2 (SHA-2) are now strongly preferred as they do not suffer from the same issues.”
Last week, Broadcom picked up Symantec’s enterprise security business as well as the Symantec brand name for $10.7 billion.
The remaining portion of Symantec will keep its consumer products, such as Norton.
Reporting its first quarter results at the same time, Symantec said it would cut approximately 7% of its workforce, and disclosed revenue of $1.24 billion.