Symantec labels church software as spyware

Many Church of England vicars use a software tool called Visual Liturgy to plan, create and deliver church services. On July 8, Symantec issued a warning saying that a new virus had "a significant detrimental effect on Visual Liturgy," according to Church House Publishing (CHP), the publishing arm of the Church of England.

Norton's auto-update wrongly identified a file integral to Visual Liturgy as "Sniperspy," a piece of spyware. After receiving the update, users were prompted to accept the Sniperspy threat warning and delete the file, called vlutils.dll. This rendered Visual Liturgy useless.

"Up to 4,500 churches with approximately half-a-million churchgoers have been badly affected by this," said David Green, the outgoing new media manager for CHP. "Usually, it takes a lot to get a clergyman upset, but we have had a fair few on the phone. There's been no talk of smiting yet, but we'll wait and see."

Visual Liturgy contains all of the authorized liturgy for the Church of England. Vicars use the software to choose services, plan Bible readings and create booklets.

CHP was deluged with complaints from vicars on July 10, the Monday after the update was pushed out. Some vicars said that their Sunday service planning had been disrupted.

According to CHP, Symantec has compounded its sin by not responding to repeated requests to put the situation right.

"We spoke to Symantec on Monday morning, and were told to fill in an online false positive form. We were told Symantec would respond within four weeks. From our point of view, this was not good enough," Green said.

Green said he and other CHP staff contacted Symantec in London, Dublin and the U.S., trying to get the company to respond to the complaint quickly.

"We were told we needed to speak to the security response team, but apparently the security response team doesn't take phone calls," Green said. "We ended up speaking to consumer services, who according to Symantec were the best people to speak to. Consumer services were also getting it in the neck from vicars...Unfortunately Symantec isn't responding to our requests. We haven't heard anything from Norton."

However, Symantec claims it responded to CHP's July 10 request a day later but received no further communication from the organization.

"Having reviewed the query, the issue was addressed and a response was sent to CHP on July 11, advising them to run Live Update and respond to confirm that this rectified the signature and corrected this issue," a Symantec representative told ZDNet UK. "No response was received so two weeks after this initial request, it was concluded that there were no further issues and the case was closed."

Thomas Allain-Chapman, head of publishing for CHP, claimed CHP had been forced to advise vicars to ignore Norton antivirus threat warnings, creating a potential security risk.

Green said: "It's obviously frustrating. Ultimately, we don't want to advise our customers to ignore threat warnings, because that's not a good idea. But Norton isn't responding."

Andrew Sweeney, who will become CHP's new media manager on Friday, said it was "hard or impossible for a business to find a way into Symantec" to report incidents like this.

One vicar in Northumberland thought he had been infected with spyware, and promptly canceled all of his credit cards because he thought someone had all of his data, Green said. It took the vicar 10 hours to cancel cards and rectify his online banking situation.

Tom Espiner of ZDNet UK reported from London.