A news note of general interest to AV program users.

Microsoft is in the process of downloading WinXP SP3 to all users who accept automatic updates.

A "minor bug" has been discovered that thus far has been reported primarily by Norton AV users.

In classic manner, reminiscent of multiple Windows versions in which Microsoft released backup utilities that make perfect WOM backups (WOM = Write ONLY Memory = you can write it but you can't restore anything from it) beginning at least with Win95 and variably present in other versions including early WinXP, the WinXP SP3 installation creates "temporary registry entries" used during installation which are then intended to be deleted when the installation is completed.

While they apparently present the proper "certifications" to permit the creation of the new registry entries, they neglected to "cert" the subsequent deletion of the same registry keys, resulting in several thousand excess "garbage entries" in the registry - for some users. This essentially "trashes the registry" and causes a number of "performance decrements."

Symantec has identified the specific bit of code in the WinXP SP3 installation (fixccs.exe) that creates the registry entries and is intended to delete them but doesn't. The failure of the deletion can be avoided by turning off AV/Firewall protection against external unauthenticated registry changes prior to installation of SP3.

Symantec is also preparing a self-standing repair utility to delete the garbage from the registry for those who have been afflicted, but no date for release has been published.

News media are reporting this as a "Norton problem" but it would appear to be a likely effect for any AV/Firewall product that requires authentication for registry changes. Any AV/Firewall product that doesn't protect against unauthorized reg changes is a bit too wimpy (IMO) to be considered as providing full protection, so similar problems with other systems should be expected.

Microsoft, characteristically, has no comment.

To date, downloads of WinXP SP3 have added pre-load checks to block installation for users of a variety of CPUs, OS OEM versions, and a few individual programs with which it has been found (by users) to be incompatible. No word from Microsoft as yet whether Norton users will be excluded or even checked, or whether they'll find a competent programmer or two (if they still have any) to take a look at SP3 before continuing distribution.

John