Expired VeriSign Files Create Computer Slowdowns

A large number of PCs slowed to a crawl this week when Microsoft Word and other Windows programs were unable to find updates to an expired security file.
NEW YORK (AP) -- When hidden files designed to protect the integrity of online transactions suddenly fail, computers can get awfully confused and slow to a crawl.

That happened to a large but unknown number of personal computers this week when Microsoft Word and other Windows programs kept checking a VeriSign Inc. Web site, overloading the company's servers.

The programs were trying to find updates to a security file that expired Wednesday. As they repeatedly made the checks, the programs often couldn't function as well as normal.

VeriSign, which also runs the domain name servers that are key to finding Web sites and routing E-mail, was caught off guard and later increased capacity on the update Web site, VeriSign spokesman Brendan P. Lewis said Friday.

The security file lists Internet digital certificates that have been called into question, serving to warn users who rely on the certificates to authenticate Web sites and other services, Lewis said.

The file expires regularly, requiring programs that use it to automatically obtain updates from VeriSign.

Some security patches distributed by Microsoft Corp. happened to include a file that expired Wednesday, and because that version was distributed more widely than others, more computers than expected were seeking updates at once. The effect is analogous to a busy signal common when phone lines open for selling concert tickets.

"It really strictly was a bandwidth problem," Lewis said. "We've increased the capacity tenfold to deal with the situation."

By coincidence, digital certificates used by some E-commerce sites also expired that day, prompting users to get error messages while conducting secure transactions, Lewis said.

That expired file, known as the intermediate certificate authority, works with certificates held by VeriSign and on the user's Web browser to authenticate secure transactions.

VeriSign said it has been warning merchants for two years to update their authority file, but some didn't. These files typically expire once every several years, and many occurred Wednesday. The updated file will be good until 2011.

Lewis said he did not know how many users were affected by the twin expirations. Applications that had problems included Word and antivirus programs from Symantec Corp.

Editor's Choice
Brandon Taylor, Digital Editorial Program Manager
Jessica Davis, Senior Editor
Cynthia Harvey, Freelance Journalist, InformationWeek
Terry White, Associate Chief Analyst, Omdia
John Abel, Technical Director, Google Cloud
Richard Pallardy, Freelance Writer
Cynthia Harvey, Freelance Journalist, InformationWeek
Pam Baker, Contributing Writer