SCI: Tech Fears Arise Over Norton and Pifts.exe

reply to post by Cadbury

---

Very true.

It is the reply that I got to after directly emailing.

The employee does say there will be an announcement. Email for yourself if you like, I did include the details in a link to symnatecs website.

I am not defending them, I just think asking them directly mght get an answer instead of listening to rumours etc.

If they do not say anything by the end of today I will be suspect to say the least.

They are still tearing any legitimate questions down and spam regarding this.

[edit on 10-3-2009 by XXXN3O]

*waves a Hello to all the symantec people perusing this thread

and wow, like this is a Huge story, and yet, lol, the most common page clicked to so far is them 404 pages....

might this have to do with this 'March 11' whatever...???

luckily i am not into norton anymore, not since they scrwd me over back in '99

starred and flagged

*waves goodbye to the symantec folks

From the Qwest website




here

but Wiki says




Well they don't seem to be doing to bad.

Sorry, XXXN3O. I wasn't entirely clear there. I know you weren't defending them. I was replying more to the content of the mail you received, not yourself. I was just throwing the question out there as that was how I understood events to have taken place.

reply to post by Cadbury

---

I emailed - Dear **********,

as a concerned customer I would like to know if there are any truths to any and all rumours surrounding this file included in the latest Norton Update.

I am aware that posting about this issue is resulting in an immediate ip block from the boards therefore I have resorted to asking directly.

I would appreciate a prompt reply with an explanation of exactly what this file does.

I received the reply - ********, I don’t have much detail about this issue. I believe that Symantec will be making a public announcement about this file in near future. I do believe that it is a legitimate file delivered by live update. Unfortunately, somebody has chosen to about our Norton Community forums regarding this issue and the remediation for this abuse is having some unintended collateral damage.



I wish I could tell you more, but this is all that I know at this time.

---------------------------------------------------------------------------------

I have taken names out to protect the innocent in case you are wondering

Hope that clears the questions asked etc



[edit on 10-3-2009 by XXXN3O]

reply to post by daenris

---

Thanks for the quick response. Yes, I searched compressed files and still no joy. Wondering if this is relegated to 2009 Norton products or just the anti-virus program rather than the full suite? I'm running NIS2008.

Norton hosed one machine last week with a bad update and I spent hours uninstalling every tiny little tendril of it from the box. When I re-installed, it would not activate claiming I had too many activations on the account. I callled tech support and they wanted to remote in to fix the problem. That went over well. After a brief discussion they finally made a change in the registration server and my product re-activated. I mention this to point out that this is a fresh install with all current updates, but no pifts.exe file.

Once the current subscription expires (or when I find time, whichever comes first!), this product is gone from my network.

Where do you search in America, for company details?
Here we search, ASIC.
Can someone search Web Data Group LLC in America?
I can find no details on SEC site or other sites.

Norton Community

The Forums Are Closed For Maintenance

The forums are currently undergoing maintenance. We apologize for any inconvenience this may cause. Please try again later.
------------------

Now thats just crazy!

reply to post by CaptainCaveMan

---

Very, very interesting information.
Thanks for the find.

My work laptop is running NIS2006, and it's present there.



The problem I have with this explanation from them is that the thread deleting started well before any spam or 4chan raiding. There was a completely legitimate thread last night for several hours that just contained questions from people asking what the file was. It was removed. A second similar thread with more queries was removed as well. The spam/raiding started many hours later and was most likely prompted by the fact that Norton was deleting threads.

[edit on 10-3-2009 by daenris]

reply to post by daenris

---

I agree with that but it is pretty obvious that if I email back im just going to get the runaround.

The reply I have gotten is pretty much the same thing.

It is going to be interesting when the statement about this file pops out and an explanation is given. In my opinion it should have been way sooner as the damage is done now in terms of reputation.


[edit on 10-3-2009 by XXXN3O]

I have a run a normal windows trace to the Qwest ip. The last hops are interesting:



From there i get time-outs.

But the weird thing is:

IAD = International Airport Dulles
DCA =Ronald Reagan Washington National Airport

Yep, I work at ****** and I'm in the PC section now, and at this point I have had to recommend just about everyone to get the Advanced Security set up we have in the store, if for no other reason than to have us wipe Norton completely off the system and install Kapersky anti-virus.

Norton, even the trial, is a big pain, and practically impossible to get rid of if you are just some no nothing computer user.

I dont trust Norton at all. Chances are, they are doing something shady.


edit: I decided it might not be a good idea to tie my company to anti *insert product here*

[edit on 10-3-2009 by grimreaper797]

Just a little thing I noticed...

NetName: QWEST-IAD-SWAPDRIVE4

IAD is the airport code for Washington-Dulles airport, located in Arligton, VA.

I just looked at this thread here in norton boards

community.norton.com...

It contained an ip address with a log in that the user was saying is linked to this file ""http://67.134.208.160/n/""
It asks for a username and password.

I did a look up on that ip address

www.ip-adress.com...

Shady stuff?

Is this complete nonsense or is there any accuracy in this?

Edit: removed now lol

[edit on 10-3-2009 by XXXN3O]

reply to post by XXXN3O

---

Our friends from Qwest again.

QWEST fed gov overview

reply to post by kuhl

---

Well if this is all adding up correctly.

It looks like somebody has made a mistake.

A few more people might be adding to the unemployment figures?



[edit on 10-3-2009 by XXXN3O]

How is that Norton is able to get all these deals with the OEM computer companies to come preinstalled I know some places will let you pick what software you want between a choice or 2 or have it come with none, but I just don't get how Norton is able to coerce all these computer manufacturers to preinstall it? I'm sure they pay em off, give them a cut of subscription renewals etc and the money is what does it.

This is a great benchmark that shows just how bloated and crappy Norton is! a 2300+% increase in file I/O is just unbelievable! and as others have pointed out it's very very hard to completely uninstall unless you know what you're doing

www.thepcspy.com...

You would think if nothing else computer companies wouldn't want to load up their product with software that slows it down more than any other software available for fear it would give their product a bad name.


I've also read some stuff about how Norton is all buddy'd up to the credit card companies and it's very difficult if not impossible to get a charge from them removed or dispute it And people speculate it's because they've negotiated some deal where the pay a higher percentage cut for protection so the credit company is on their side!



Another thing I came across the other day while browsing this site

homepage.ntlworld.com...

Symantec operates security operation centers from hardened underground bunkers and provides computer security services to governments

www.pcworld.com...

I did find this that says they've outgrown the place

www.infoworld.com...

[edit on 10-3-2009 by warpboost]

A LITTLE SYNOPSIS OF EVENTS SO FAR

Scenario 1:

Norton/Symantec was hacked. Google, Norton, Symantic are deleting posts in order to try to prevent the spread of pifts.exe; deleting was an attempt to protect us. Hopefully they will be able to make some statements soon - imagine the embarrassment and frustration.


Scenario 2

Norton/Symantec planted a data-gathering file in their LiveUpdate, pifts.exe, and got caught. They are trying to delete everything but ATS and others are WAY too fast for them!


Why would I say this?

* Several technical posts in here show the data collection aspect
* Norton apparently suggested against loading pifts.exe
* if a search for pifts causes the virus to be spread a responsible company would delete threads causing harm until the bigwigs are woken up to make a decision

* Did Symantec really confirm this is theirs? It was within Norton first - with no other information how/why would they confirm this one fact, seen on ATS as a post about a phonecall.
* Can we get a second source for information/letters/phone calls from Symantec?

* Currently people are looking at IP destinations - see last two pages.

Please forgive the lack of quotes and citations, this is a synopsis from what I have seen in this thread and have derived with my own thought process
This thread is going too fast for people to read everything so here's my contribution

i bet the owner of symantic does not use norton!!!