It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Thank you.
Some features of ATS will be disabled while you continue to use an ad-blocker.
Originally posted by kuhl
Just out of interest Edward A Mueller the chairman of QWest is also linked to these guys Mckessen
According to Forbes he's a director.
Mckesson wiki
previous mckesson ATS mention here 2nd post down.
Dunno if this is all connected...but still interesting.
Originally posted by hadriana
A symantec employee has posted about it here:
community.norton.com...
Originally posted by hadriana
A symantec employee has posted about it here:
community.norton.com...
Originally posted by sir_chancealot
Why would PIFTS.exe send info to Google? I have no idea.
Originally posted by hadriana
A symantec employee has posted about it here:
community.norton.com...
Originally posted by zsrgt
First I need a copy of the file that was installed. None of the norton machines I have access to have this file.
Any verifiable links to the file, that are not viruses / trojans.
Originally posted by Faiol
norton's explanation was solid ... I think it was a mistake ...
"In a case of human error, the patch was released by Symantec "unsigned","
I think you meant to say, "One of our programmers intentionally left this 'patch' unsigned in order to blow the whistle on our collusion with intelligence agencies."
Wow, ok there is definitely something going on here. I just called customer support and after running around for a bit, the operator gained a worried tone in his voice and said he'd put me on hold for a few minutes while he did some research as to what the problem was.
After that, he transfered me to technical support. I spoke to a woman who got my information and didn't seem to know what pifts.exe was. She actually said, "When I searched on google, there are no results for pifts.exe."
This means one of two things.
1) She was lying to cover something up.
2) The company is blocking their own tech support people from viewing anything with pifts on it.
CONSPIRACY!!!!!!
The same thing happened to me. I posted a question that said, "What is PIFTS.EXE? C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\Updt1... I posted it at 10:32pm PST and it was removed within a minute. I am no longer able to post a new message or reply to any others.
I was on the phone with Symantec from 9:00pm PST until 11:00 and got basically no decent answers. They finally admitted it was part of the install process but couldn't tell me what it was for. Every time that I asked why messages were being removed from the Forum, I got transferred to someone else. I started at Tech Support talking to Ella, then got transferred to Sam in the Virus Removal Dept. I asked him the same questions, then finally I asked to speak to a Supervisor, and got Frank the floor supervisor. He said that it was not a virus but a "System File Issue" and he would have to transfer me to Technical Support. I then spoke to Fahed and asked the same questions. After a while he came back and explained that the system puts out updates every hour and this was part of that process. I asked again why messages about this issue were being deleted from the Norton Forum. While I was on hold, I posted myself to the Norton Forum so see what would happen (see above for that information). My question was again ignored and he then wanted to enter my computer remotely and look for viruses. I said that my question has still not been answered and I feel that something very suspicious was going on with Symantec. I told him that I was not going to allow anyone from Symantec to access my computer because I have lost my trust in the company because of the way I am being treated. I told him that I was finished with the call and would just contact the media and hung up. He called right back and told me he wanted to transfer me to his Supervisor since I was obviously not satisfied with my call. I next spoke to Austin, Case Manager. He basically repeated the same crap as everyone else and would not tell me why my post and others were deleted. I told him that I am done with Norton products and will remove them from all of my computers and others that I have installed their product on. This is crazy! Lets get the word out there! Symantec is digging a big hole with this issue and losing customer trust! What exactly are they trying to install on our systems?
Source(s):
forums.zonealarm.org...
13 hours ago
I can only guess that Symantec are using this program to collect some
statistics. What statistics they are trying to collect would be the big
question.
I guess this because my Norton Firewall log says the following
10/03/2009 10:00:34,"This one time, the user has chosen to ""block"" communications.","This one time, the user has chosen to ""block"" communications. Outbound TCP connection. Remote address,service is (stats.norton.com(67.134.208.160),http(8... Process name is ""C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\Updt8...
12 hours ago
Here's an Anubis analysis report of PIFTS.exe:
anubis.iseclab.org...
Looks to be collecting information from cookies, temp files, Internet Explorer, and recording searches in google and google desktop. Norton doesn't need to use these folders to see how many installations there have been, so why it's mining your search data/history and phoning home is anyone's guess.
Message Edited by TheMagicLantern on 03-10-2009 03:17 PM
Originally posted by Gemwolf
Very interesting.
It seems to be true (that they're deleting the topic).
Google search results
All topics deleted.
Time to do some digging...
Originally posted by hadriana
A symantec employee has posted about it here:
community.norton.com...
* O LAWD IM CHOKIN ON PIFTS PLZ HALP
* OH GOD YOU GOT CHOCOLATE IN MY PIFTS
* If you wanna be my NORTON/ you gotta deal with my P ! F T S . E X E
* IF PIFTS.EXE WAS HERE, THEN WHO WAS PHONE?
* PIFTS.EXE PIFTS.EXE PIFTS.EXE PIFTS.EXE PIFTS.EXE PIFTS.EXE PIFTS.EXE
* I LOVE MY PIFTS.EXE
All of that stuff gets pulled in automatically with certain APIs (IIRC wininet is one of them). Basically what happens is that the app creates an IE instance and the IE instance pulls all of that in... I don't know if that is the case here but it has been the answer to why applications that shouldn't be pulling that stuff are loading it.
This question has been asked time and time again throughout the thread, and no answer or response has been given that even remotely addresses the question as to why this file is sending cookies, temp files, recorded searches, to a known and associated data storage site.