Security threats Toolkit

Symantec error gets vicars in a twist

Tags:
Norton AntiVirus

Tom Espiner ZDNet.co.uk

Published: 03 Aug 2006 14:35 BST

The Church of England's publishing arm has advised clergy to ignore Symantec threat warnings, after its Norton Antivirus product wrongly identified church software as spyware.

Many Church of England vicars use a software tool called Visual Liturgy to plan, create and deliver church services. Four weeks ago, on Saturday, 8 July, Symantec issued a new virus definition which has had "a significant detrimental effect on Visual Liturgy," according to Church House Publishing (CHP), the publishing arm of the Church of England.

Norton's auto-update wrongly identified a file integral to Visual Liturgy as Sniperspy, a piece of spyware. After receiving the update, users were prompted to accept the Sniperspy threat warning and delete the file, called vlutils.dll. This rendered Visual Liturgy useless.

"Up to 4,500 churches with approximately half a million churchgoers have been badly affected by this," said David Green, outgoing new media manager for CHP. "Usually it takes a lot to get a clergyman upset, but we have had a fair few on the phone. There's been no talk of smiting yet, but we'll wait and see," Green added.

Visual Liturgy contains all of the authorised liturgy for the Church of England. Vicars use the software to choose services, plan Bible readings and create booklets.

CHP was deluged with complaints from vicars on 10 July, the Monday after the update was pushed out. Some vicars said that their Sunday service planning had been disupted.

According to CHP, Symantec has compounded its sin by not responding to repeated requests to put the situation right.

"We spoke to Symantec on Monday morning, and were told to fill in an online false positive form. We were told Symantec would respond within four weeks. From our point of view, this was not good enough," said Green.

Green and CHP staff contacted Symantec in London, Dublin and the US, trying to get them to action the complaint quickly, and asking for escalation at each point. They contacted Dublin in the morning and the US in the afternoon, every day for a week.

"We were told we needed to speak to the Security Response Team, but apparently the Security Response Team doesn't take phone calls," said Green.

"We ended up speaking to consumer services, who according to Symantec were the best people to speak to. Consumer services were also getting it in the neck from vicars," Green said.

"Unfortunately Symantec aren't responding to our requests. We haven't heard anything from Norton."

However, Symantec claims it responded to CHP's 10 July request a day later but received no further communication from the organisation.

"Having reviewed the query, the issue was addressed and a response was sent to CHP on 11th July, advising them to run Live Update and respond to confirm that this rectified the signature and corrected this issue," a Symantec spokeswoman told ZDNet UK. "No response was received so two weeks after this initial request, it was concluded that there were no further issues and the case was closed."

Thomas Allain-Chapman, head of publishing for CHP, claimed CHP had been forced to advise vicars to ignore Norton antivirus threat warnings, creating a potential security risk.

Green said: "It's obviously frustrating. Ultimately we don't want to advise our customers to ignore threat warnings, because that's not a good idea, but Norton isn't responding."

Andrew Sweeney, who will become CHP's new media manager on Friday, said it was "hard or impossible for a business to find a way into Symantec" to report incidents like this.

One vicar in Northumberland thought he had been infected with spyware, and promptly cancelled all of his credit cards because he thought someone had all of his data, said Green. It took the vicar ten hours to cancel cards and rectify his online banking situation.