Security threats Toolkit

Symantec fixes its church spyware mistake

Tags:
Norton AntiVirus,
Spyware,
Antivirus

Tom Espiner ZDNet.co.uk

Published: 04 Aug 2006 14:50 BST

Antivirus vendor Symantec has now fixed a problem with its Norton Antivirus software which left vicars unable to use software for creating sermons.

Many Church of England vicars use a software tool called Visual Liturgy to plan, create and deliver church services. Four weeks ago, on Saturday 8 July, Symantec issued a new virus definition which had "a significant detrimental effect on Visual Liturgy", according to Church House Publishing (CHP), the publishing arm of the Church of England.

As first reported by ZDNet UK on Thursday, Norton Antivirus wrongly identified a file integral to Visual Liturgy as Sniperspy, a piece of spyware. After receiving the update, users were prompted to accept the Sniperspy threat warning and delete the file, called vlutils.dll. This rendered Visual Liturgy useless.

CHP confirmed that Symantec has now fixed this problem.

"We have spoken to several users and one or two of our beta tester users, who usually are clergy with a background in IT prior to ordination. They have confirmed that Norton and Visual Liturgy are now functioning normally. So it does appear that, yes, Symantec has fixed the issue," said David Green, outgoing new media manager for CHP.

CHP says that it took Symantec nearly four weeks to address the situation. Symantec, though, claims the fix was made available the day after it received a false positive report from CHP, filed on 10 July.

"Having reviewed the query, the issue was addressed and a response was sent to CHP on 11 July, advising them to run Live Update and respond to confirm that this rectified the signature and corrected this issue," a Symantec spokeswoman told ZDNet UK.

However, CHP denied having received this email from Symantec on 11 July.

"We have absolutely no record of any email from [Symantec] in the days that followed the complaint," Green told ZDNet UK. "We recognise that while spam filters may have blocked their response or we may have dropped the ball in the communication process, we have checked our systems and can still find no record."

The wider issue, Green argues, is that Symantec said it would take up to four weeks to fix the problem.

"Either they are getting far too many false positives, or they are very slow at sorting them out. It took four weeks to sort this out. For a software publisher that's a hell of a lot of support calls and reputational damage while they sort out their mistake."

Despite the disruption suffered by CHP and its users, the company is not planning to bring legal action against Symantec.

"We discussed whether it was worth engaging a legal team to recover the damage, but decided it wouldn't be a good use of Church funds, and we didn't feel like a big enough company to take Symantec on.

"We would rather leave it as a decision for Symantec as to whether they make a donation to Church funds," said Green.

ZDNet UK asked Symantec whether it intends to offer any compensation, but the company has not yet offered any comment.

Symantec said its security response team is contacting Church House Publishing directly to ensure that they are not having any further problems.

CHP itself doesn't bear a grudge.

"Ultimately, we are glad to see that they have fixed the issue just within the four week deadline that they set themselves, and we wish Symantec all the best and better insight in successfully identifying malware in the future," said Thomas Allain-Chapman, the head of publishing at CHP.