I’ve been wondering lately if Microsoft needs a lesson in Software Development 101…

Over the last few weeks, I’ve been watching the fiasco that is Windows XP SP3 play out.  With so many problem reports hitting Microsoft, their Vendor-Partners, and eventually, the news, you would think that a little preventative medicine would have been applied to the situation. And honestly, it’s really making me wonder – did MS and their V-P’s do enough testing before kicking XP SP3 and Vista SP1 out the door?  With all of the crap that’s been hitting the blogosphere, it’s pretty obvious… Nope.

As a Software Quality Professional with nearly two decades of experience in Quality, the current situation is one I see WAY too often: It’s not a bug, it’s a feature…Quick! Ship it!! While I agree that the physical act of releasing a particular software version is a management decision (they, not QA, accept the risk if things go South, I merely assess the risk and report the information so they can make an informed decision), its time like this that make me wonder if management has accepted too much risk.

I noticed yet another article on Computer World where Symantec, a huge MS Vendor-Partner has decided that all of its users that they must disable their virus protection before installing the XP SP3 upgrade.  They have determined that SymProtect is responsible for crippling many computers by corrupting a computer’s Registry.

What really chaffs my hide with this one is that the problem was readily reproducible; and should have been something that Microsoft should have tested for before releasing the upgrade to manufacturing. Now, I’m pretty certain that many of you are wondering why that’s Microsoft’s problem and not Symantec’s.  Actually, it’s both; but the onus really lies with MS…

Part of a software development shop’s responsibility is to test their application for application dependencies.  That is, you need to test to insure that your application works and plays well with other apps.  In this particular case, Symantec has confirmed that their SymProtect feature, one that monitors your computer for suspicious and/or unauthorized changes, is partially to blame for all of the Registry corruption we’ve been hearing about. Since MS and Symantec are partners, AND because its highly likely that many users will use one of the three major Symantec apps that use SymProtect (Norton Internet Security, Norton Anti-Virus or Norton 360), Microsoft  (as well as Symantec) should have invested a great deal of time and effort into testing the interaction of XP SP3 with these three products.  It may very well be that they DID do this; but since the problem is so very prevalent and so very easy to reproduce, it makes me wonder if either of them did this type of testing.  I think the bigger questions are, if they didn’t, why not; and how could one, let alone both of them, allow this interaction bug to get past they?  How did they miss it? While the “why” of the interaction bug is still being investigated, the discovery (the “what”) of the problem between SP3 and this Symantec component is more of the issue to the everyday user.

If you’re experiencing problems with Windows XP SP3 AND you run a computer with one of these Symantec products, don’t fret.  Symantec is working on a standalone solution that will fix the problem, though; they are still trying to figure out why the problem is happening. Once they nail that down (so they can eliminate the root cause of the problem, and prevent SymProtect from recreating the garbage in your registry even after the upgrade completes…which is still a possibility; even after these entries are removed, if I understand the problem correctly), they’ll get a fix/tool to everyone.

Both Microsoft and Symantec are pointing fingers at the other guy, denying that the problem is their fault. I really don’t care.  The problem is that many users started reporting the problem hours after they had installed the update.  What bugs me the most about this is that the problem was so easy to reproduce, that merely installing the update on a computer should have been able to BOTH of them reproduce the error.  Both partners should have tested for that scenario, and should have communicated findings to the other. They whole act of them pointing fingers at the other guy and saying, “hey…it ain’t me!” really ticks me off.  Play the political blame game later…right now, my PC is down because both of you guys missed this easy, EASY bug find.

Last week, Symantec said it was working on a stand-alone tool that would delete the extraneous registry entries and added that it hoped to have something ready “pretty quickly.” As of Tuesday 27-May-08, Symantec had not released the tool. On Friday, Symantec said they would use their support forum to point customers to the tool when it was finished and available for download. However, I suspect that this one will have enough news coverage that it will be picked up by a number of blogs, including Gear Diary, and be reported.  I know I’ll be looking for it, as I have a PC that is affected and I’ll be watching for and will report its availability here.

However, the major point is that MS needs to communicate with its partners better and test for these kinds of software dependencies/interactions. This is too easy to catch and shouldn’t have been passed on to the end user.  Shame on them for letting this one slip past BOTH companies.

I know there’s a lot more to say with this; but I’d rather it come out in the discussion. Why don’t you join us there and let us know what you think?