It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Thank you.
Some features of ATS will be disabled while you continue to use an ad-blocker.
SCI: Tech Fears Arise Over Norton and Pifts.exe
page: 24share:
i posted a tracert map with the destiantion route and NONES said anythings
like "oh ok its cool guys , Symantec is f***ing us in the b**t, how fun!"
(ha finally some peoples are wakin up)
[edit on 10-3-2009 by OTTOKARMA]
I am posting stuff put it is not showing up on the board!!! Uncover this everyone, now is the time!!!!!! The are frantically trying to cover this up!!
-Kdial1
My post also did not show up correctly. I always have what I write inside a text file so in case any errors happen (or they decide to cut my
connection) I still have it.
In this case I was simply able to edit the post and it then showed up correctly.
In this case I was simply able to edit the post and it then showed up correctly.
Originally posted by r1c1nb3an
My post also did not show up correctly. I always have what I write inside a text file so in case any errors happen (or they decide to cut my connection) I still have it.
In this case I was simply able to edit the post and it then showed up correctly.
I tried editing it and 50% of it was deleted.....This has the first time this has happened to me on these boards.
-Kdial1
Originally posted by RFBurns
...I am behind 5 hardware firewalls and two of those are industrial type routers, so nothing can come in or go out unless I specify it can.
...
Behind 5 firewalls? You are either on a poorly designed corporate network, extremely paranoid, or lying. A router is NOT a firewall. It can perform some of the very basic functions of a firewall (block this traffic, allow that), it cannot do anything "advanced" that even CHEAP firewalls can do.
Here's the simple version for people that do not know: A router is like a traffic cop that ONLY gives directions. He will say "Go down this road", "Go down that road" or "There is no way to get there from here". No other answers are possible. He may be able to say "People with silver cars can't go down this road", but nothing more complicated than that (in our simile)
A firewall is like a cop who is tasked with protecting a person. If you say "I want to go to Fred's house", he will say "Did Fred ask you to come in?" "Where are you coming from?", "What room of Fred's house are you trying to visit?", and the most important one: "Did Fred call YOU to visit him, or does he have no clue you are going to visit him?"
When people (or a corporation) doesn't want to answer a question about what goes on YOUR property, that is most certainly a time to be suspicious.
Kdial1 i think you misintepreted my post, and anyway you only took the end of my post so cut off the sarcasm, im just trying to point a fact, i
showed that map, another poster showed the logs of the IP analysis and i been a bit confused because nones took any interest in thoses
Something still stinks here.
Still no official response on the apparent data mining.
And i'm not too inclined to believe their response to it when it does come. I mean, you know, any answer that takes this long is being "spun"
I predict: response will be little or vague as possible considering this pifts.exe behavior. In time, everyone will forget and go back to sleep. We may think back a few months from now and say, yeah, it was probably something fishy but we'll never know for sure.
Still no official response on the apparent data mining.
And i'm not too inclined to believe their response to it when it does come. I mean, you know, any answer that takes this long is being "spun"
I predict: response will be little or vague as possible considering this pifts.exe behavior. In time, everyone will forget and go back to sleep. We may think back a few months from now and say, yeah, it was probably something fishy but we'll never know for sure.
They admit to an error: "not signing it as symantec"
If it had been digitally signed as symantec it would not have raised the errors...
BUT this does not goto the heart of the fact they are scanning your computer with no permission the sending it to a questionable data mining center.
So, is this legal now? Get all the private user info and send it to big brother? Any way lawsuits could come out of this?
They retract it now but will obviously re-release it digitally signed later And how often is this going on on our computers without us knowing it because it doesn't get flushed out the other times it happens?
I don't want to become paranoid but how much privacy do we really have left?
If it had been digitally signed as symantec it would not have raised the errors...
BUT this does not goto the heart of the fact they are scanning your computer with no permission the sending it to a questionable data mining center.
So, is this legal now? Get all the private user info and send it to big brother? Any way lawsuits could come out of this?
They retract it now but will obviously re-release it digitally signed later And how often is this going on on our computers without us knowing it because it doesn't get flushed out the other times it happens?
I don't want to become paranoid but how much privacy do we really have left?
Swap driver is located near masonic square , FBI HQ and ......international spy museaum
who said one liner ?
[edit on 10-3-2009 by OTTOKARMA]
who said one liner ?
[edit on 10-3-2009 by OTTOKARMA]
Originally posted by sir_chancealot
Behind 5 firewalls? You are either on a poorly designed corporate network, extremely paranoid, or lying. A router is NOT a firewall. It can perform some of the very basic functions of a firewall (block this traffic, allow that), it cannot do anything "advanced" that even CHEAP firewalls can do.
Obviously you need some networking classes.
The hardware I sit behind is quite effective, customizable and has worked for my purposes for over 10 years. Now I have never had ANY virus attacks, or attempts to get into my networks since installing this system, and it seems to work extremely well.
The two routers, the industrial ones, are not your typical off the shelf wal mart made in china POS's. These are Cisco routers and I control those in real time on seperate pc's running nothing but their control software. The other 3 are typical off the shelf routers to which each are in fact both firewalls and router combinations.
Then there is of course the OS firewalls...useless IMO.
Anyway what works for me is working just fine. And has been for 10 years. Obviously I am doing something right..and everyone else is not with all this cry wolf over some file getting into their systems.
Cheers!!!!
While this could be something shady, it's hardly groundbreaking. There has been datamining crap for many years now. People willingly install
datamining software. Play WoW? You are mined. Use Google toolbar, weatherbug, etc? Mined. Browser history is the main bit of info dataminers
gather, so they can do targeted advertisements.
People sometimes don't even wonder they keep finding helpful ads about local girls in your zip code who really want to spend the night with you for 199.95.
Most computers I work on are so unsecured, it's not even funny.
People sometimes don't even wonder they keep finding helpful ads about local girls in your zip code who really want to spend the night with you for 199.95.
Most computers I work on are so unsecured, it's not even funny.
reply to post by OTTOKARMA
My post on the previous page I had wrote a reply to your findings. I quoted some important parts. I am not trying to be sacrastic..... I am pointing out to everyone here what happened when I tried replying to your post, something that has never happened to me before on this site. I honestly believe there is a huge cover-up going on right now.... Part of my post was encourageing members to get to the bottom of this since investigative journalism on the Federal government within the MSM is null and will not happen.
I am a professional in my respected field and in am in no way trying to misinterpret your information or be sarcastic.
-Kdial1
[edit on 10-3-2009 by kdial1]
My post on the previous page I had wrote a reply to your findings. I quoted some important parts. I am not trying to be sacrastic..... I am pointing out to everyone here what happened when I tried replying to your post, something that has never happened to me before on this site. I honestly believe there is a huge cover-up going on right now.... Part of my post was encourageing members to get to the bottom of this since investigative journalism on the Federal government within the MSM is null and will not happen.
I am a professional in my respected field and in am in no way trying to misinterpret your information or be sarcastic.
-Kdial1
[edit on 10-3-2009 by kdial1]
reply to post by Hellmutt
In case no one read Helmutt's link in the above post, it defines PIFTS as:
Seems folks were incorrectly speculating on this acronym earlier.
Link again: www.pcworld.com...
Perhaps a bit off topic: After much painstaking deliberation and research, I recently settled on and installed ACRONIS True Image Back up software on my server at work. (It was highly recommended.) It killed my entire network and it took me 3 days to get back up. After hours of research and futile Tech support calls, I finally found the cause on a tech forum.
( It deleted an IRQ stack size value in the registry.) The poster on the tech forum theorized that the company (Acronis) actually knew of the bug but wouldn't admit it. Just sayin.'
Computers can be very frustrating. When I was in school way back when, they explained the purpose of computers was so we would all have more leisure time. ( The computers would do our laundry, cook our meals and mow our yards. etc.) It seems the other way around.
Regards.....KK
[edit on 10-3-2009 by kinda kurious]
In case no one read Helmutt's link in the above post, it defines PIFTS as:
PIFTS (Product Information Framework Troubleshooter) is a diagnostic program that Symantec periodically sends out to users to anonymously collect information such as the operating system and version number of the product being used in order to get a snapshot of its user base.
Seems folks were incorrectly speculating on this acronym earlier.
Link again: www.pcworld.com...
Perhaps a bit off topic: After much painstaking deliberation and research, I recently settled on and installed ACRONIS True Image Back up software on my server at work. (It was highly recommended.) It killed my entire network and it took me 3 days to get back up. After hours of research and futile Tech support calls, I finally found the cause on a tech forum.
( It deleted an IRQ stack size value in the registry.) The poster on the tech forum theorized that the company (Acronis) actually knew of the bug but wouldn't admit it. Just sayin.'
Computers can be very frustrating. When I was in school way back when, they explained the purpose of computers was so we would all have more leisure time. ( The computers would do our laundry, cook our meals and mow our yards. etc.) It seems the other way around.
Regards.....KK
[edit on 10-3-2009 by kinda kurious]
Citation needed on Wikipedia.
I've only been on ATS for a few days so don't quite feel qualified to place it. But, even though we all know the calibre of Wikipedia it deserves our phenomenological input!
I'd love to see a mod or long-time ATSer add a citation to the following:
en.wikipedia.org...
The forum spam explanation is questionable since posts regarding PIFTS.exe started being deleted before the spamming began, and in fact the spamming attack was in response to the original deletions.[citation needed]
I've only been on ATS for a few days so don't quite feel qualified to place it. But, even though we all know the calibre of Wikipedia it deserves our phenomenological input!
I'd love to see a mod or long-time ATSer add a citation to the following:
en.wikipedia.org...
The forum spam explanation is questionable since posts regarding PIFTS.exe started being deleted before the spamming began, and in fact the spamming attack was in response to the original deletions.[citation needed]
Originally posted by Hellmutt
Bad Symantec Update Leads to Trouble
Symantec says a buggy diagnostic program spurred a rash of Norton antivirus user complaints late Monday and Tuesday morning.
Problems started around 4:30 p.m. Pacific Time on Monday, when Norton Internet Security and Norton Antivirus 2006 and 2007 users started receiving error messages connected to a Symantec software update that tried to download a program called PIFTS.exe.
i believe it was a buggy program that norton released.
but from there antivirus360 got a hold of it and started posting to places like 4Chan, all the antivirus forums. and any other place that drew a lot of traffic plus seeded a group of malware sites they control with the pifts.exe so the people would find them and also get a pop-up.+ plus the antivirus360 spam.
This caused even more post about pifts.exe and more people going to the AV360 traps and they rose on the google ratings till just about everyone that was not careful found one of there traps and this just started a major cascade on the Internet.
I believe the only conspiracy about this is how a company like Antivirus360 was able to Social engineer this so out of proportion so fast to sell there product.
Not that there were not other companies that helped.
The one thing i liked was how google started deleting AV360s trap sites when they became a problem.
Now that this is done i can go back to having fun on ATS.
reply to post by RFBurns
That's something like your third attempt to try to characterize this exploit by Symantec as 'crying wolf'.
What's up with that?
You calling the people that have done the preliminary investigatory work on the so called 'EXE' in question liars?
I'm just curious...
[edit on 10-3-2009 by golemina]
Anyway what works for me is working just fine. And has been for 10 years. Obviously I am doing something right..and everyone else is not with all this cry wolf over some file getting into their systems.
That's something like your third attempt to try to characterize this exploit by Symantec as 'crying wolf'.
What's up with that?
You calling the people that have done the preliminary investigatory work on the so called 'EXE' in question liars?
I'm just curious...
[edit on 10-3-2009 by golemina]
I've been following this since this morning, when i saw it on reddit. Just joined to add a couple cents to the discussion.
I work for a software testing lab in my city. I found it interesting that Sym claims that it released an update without a digital signature, because every software build I receive for testing has to be digitally signed, even before us testers get it. I can't imagine something slipping past the testers, project mangers, and the web release team without that signature. Idunno...that seems kind of shady to me.
I work for a software testing lab in my city. I found it interesting that Sym claims that it released an update without a digital signature, because every software build I receive for testing has to be digitally signed, even before us testers get it. I can't imagine something slipping past the testers, project mangers, and the web release team without that signature. Idunno...that seems kind of shady to me.
I get back to the pc this morning, to see the 'official' explanation, and to be quite honest, this is suspect. The whole reason 4chan did what they
did, was because the initial legitimate questions were removed, 4chan has boards dedicated to technology and another dedicated to the paranormal, and
both of these boards were just as confused as the users posting legitimate questions on the norton boards.
Of course, when the posts started being deleted (censorship is something that 4chan despises, judging by past reasoning for attacking everything from Scientology to pet dogs) they fired up their internet hate machine and got to work yelling....
As has been stated in this thread before, a few key points should be remembered;
Legitimate posts were being whitewashed HOURS before spammers/4chan showed up.
It connects to some suspicious places.
The explanation given on the forum, seems to be lacking in hard data and also tries to skapegoat pretty much everyone else.
If I used norton, which I don't, by now, that whole package would be ripped from my harddrive, thrown into a sack, the sack thrown into a river, and the river thrown into the sun.
Take NO chances on things like this.
^__~
[edit on 10-3-2009 by KoraX]
Of course, when the posts started being deleted (censorship is something that 4chan despises, judging by past reasoning for attacking everything from Scientology to pet dogs) they fired up their internet hate machine and got to work yelling....
As has been stated in this thread before, a few key points should be remembered;
Legitimate posts were being whitewashed HOURS before spammers/4chan showed up.
It connects to some suspicious places.
The explanation given on the forum, seems to be lacking in hard data and also tries to skapegoat pretty much everyone else.
If I used norton, which I don't, by now, that whole package would be ripped from my harddrive, thrown into a sack, the sack thrown into a river, and the river thrown into the sun.
Take NO chances on things like this.
^__~
[edit on 10-3-2009 by KoraX]
Ok, having looked through the exe... it appears to be more or less as they are saying. it collects information about symantec components, builds a
URL out of it and pings a symantec server with it and completely ignores any data returned by the server. Everything with history, cookies,
temporary internet files,etc is getting pulled in as a side effect of calling InternetOpenUrl.
What looked like (inline) padding at first glance is in fact a bunch of 0xCC bytes, which means its most likely not space for runtime modification... just that it was built in debug mode. I don't see anything that looks self modifying anyway so runtime modification would have to be external(unlikely).
It is still possible that something nefarious is going on, but if so it is the symantec dlls, not in pifts.exe. Dissecting those would take more time than I'm willing to volunteer and would be ethically questionable.
Somone upthread suggested that they are keeping quite about this because of the security implications of the lapse, which are significant and will take a lot of effort to fully address.
@ANNED
more than likely they are using google trends to target the scam at emerging keywords, which would explain the censorship from google and digg.
[edit on 10-3-2009 by baahl]
What looked like (inline) padding at first glance is in fact a bunch of 0xCC bytes, which means its most likely not space for runtime modification... just that it was built in debug mode. I don't see anything that looks self modifying anyway so runtime modification would have to be external(unlikely).
It is still possible that something nefarious is going on, but if so it is the symantec dlls, not in pifts.exe. Dissecting those would take more time than I'm willing to volunteer and would be ethically questionable.
Somone upthread suggested that they are keeping quite about this because of the security implications of the lapse, which are significant and will take a lot of effort to fully address.
@ANNED
more than likely they are using google trends to target the scam at emerging keywords, which would explain the censorship from google and digg.
[edit on 10-3-2009 by baahl]
Geesus.
How strange, that is completely a certain set of rules being broken.
How does this play into everything? I know it relates to everything thats going on right now, but I honestly wish that I knew what. Just like everything else.... what the H is going on in this world and how much time do we have?
Augusta
How strange, that is completely a certain set of rules being broken.
How does this play into everything? I know it relates to everything thats going on right now, but I honestly wish that I knew what. Just like everything else.... what the H is going on in this world and how much time do we have?
Augusta
I'm glad I run avast for free. I have been attacked by trojans and only 1 time did something actually get past avast I don't remember what it was
but it was a trojan and avast was able to remove it thanks to it's VRDB and almost daily updates nothing was damaged.
To me the most frightening thing about this is how it was contained.
The official story is a cop out and cheap cover story that will passify a high percent of the masses. Not me, I do not believe it.
The indescriminant killing of ALL reference to pifts almost immediatly upon posting is evidence of damage control beyond this
official statement
In an update to their T&C it adds that they reserve the right to delete posts.
The mass deletion and mysteriously low google counts is conspiracy in itself and should be a red alert to how fragile our means of effectivly communicating with large numbers of people in different locations really is.
Imagine if you will, The U.S. government with all it's resources. aiming the guns at (pick a topic) and literally "deleting" it from the web! This event shows how fully vulnerable we are to this kind of censorship.
As for pifts. If this was really as explained by the official BS story why did it take so long for them to post such a simple explanation?
Why didnt they just post the explanation and put it out there on the front page?
It would have done a LOT to quite the spammers who did show up but only LATER. No, there was an emergency meeting convened and a rush story put out to, like I said placate the masses and alienate those who suspect something more sinister. In the panick they simply killed all reference to try and limit the exposure.
My opinions.
[edit on 3/10/2009 by AlienChaser]
To me the most frightening thing about this is how it was contained.
The official story is a cop out and cheap cover story that will passify a high percent of the masses. Not me, I do not believe it.
The indescriminant killing of ALL reference to pifts almost immediatly upon posting is evidence of damage control beyond this
Symantec strictly adheres to its Norton Community Terms of Service and does not delete postings unless they are in violation of these guidelines
official statement
In an update to their T&C it adds that they reserve the right to delete posts.
The mass deletion and mysteriously low google counts is conspiracy in itself and should be a red alert to how fragile our means of effectivly communicating with large numbers of people in different locations really is.
Imagine if you will, The U.S. government with all it's resources. aiming the guns at (pick a topic) and literally "deleting" it from the web! This event shows how fully vulnerable we are to this kind of censorship.
As for pifts. If this was really as explained by the official BS story why did it take so long for them to post such a simple explanation?
Why didnt they just post the explanation and put it out there on the front page?
It would have done a LOT to quite the spammers who did show up but only LATER. No, there was an emergency meeting convened and a rush story put out to, like I said placate the masses and alienate those who suspect something more sinister. In the panick they simply killed all reference to try and limit the exposure.
My opinions.
[edit on 3/10/2009 by AlienChaser]
new topics
-
WF Killer Patents & Secret Science Vol. 1 | Free Energy & Anti-Gravity Cover-Ups
General Conspiracies: 1 hours ago -
Hurt my hip; should I go see a Doctor
General Chit Chat: 2 hours ago -
Israel attacking Iran again.
Middle East Issues: 3 hours ago -
Michigan school district cancels lesson on gender identity and pronouns after backlash
Education and Media: 3 hours ago -
When an Angel gets his or her wings
Religion, Faith, And Theology: 4 hours ago -
Comparing the theology of Paul and Hebrews
Religion, Faith, And Theology: 5 hours ago -
Pentagon acknowledges secret UFO project, the Kona Blue program | Vargas Reports
Aliens and UFOs: 6 hours ago -
Boston Dynamics say Farewell to Atlas
Science & Technology: 6 hours ago -
I hate dreaming
Rant: 7 hours ago -
Man sets himself on fire outside Donald Trump trial
Mainstream News: 8 hours ago
top topics
-
The Democrats Take Control the House - Look what happened while you were sleeping
US Political Madness: 9 hours ago, 18 flags -
In an Historic First, In N Out Burger Permanently Closes a Location
Mainstream News: 11 hours ago, 16 flags -
A man of the people
Medical Issues & Conspiracies: 17 hours ago, 11 flags -
Biden says little kids flip him the bird all the time.
Politicians & People: 9 hours ago, 9 flags -
Man sets himself on fire outside Donald Trump trial
Mainstream News: 8 hours ago, 8 flags -
Michigan school district cancels lesson on gender identity and pronouns after backlash
Education and Media: 3 hours ago, 6 flags -
Pentagon acknowledges secret UFO project, the Kona Blue program | Vargas Reports
Aliens and UFOs: 6 hours ago, 6 flags -
Israel attacking Iran again.
Middle East Issues: 3 hours ago, 5 flags -
Boston Dynamics say Farewell to Atlas
Science & Technology: 6 hours ago, 4 flags -
WF Killer Patents & Secret Science Vol. 1 | Free Energy & Anti-Gravity Cover-Ups
General Conspiracies: 1 hours ago, 4 flags
active topics
-
Man sets himself on fire outside Donald Trump trial
Mainstream News • 39 • : TheMisguidedAngel -
When an Angel gets his or her wings
Religion, Faith, And Theology • 5 • : randomuser2034 -
Anyone one else having Youtube problems
Computer Help • 11 • : charlyv -
The Democrats Take Control the House - Look what happened while you were sleeping
US Political Madness • 68 • : Mahogani -
Candidate TRUMP Now Has Crazy Judge JUAN MERCHAN After Him - The Stormy Daniels Hush-Money Case.
Political Conspiracies • 404 • : Zanti Misfit -
In an Historic First, In N Out Burger Permanently Closes a Location
Mainstream News • 10 • : Degradation33 -
SC Jack Smith is Using Subterfuge Tricks with Donald Trumps Upcoming Documents Trial.
Dissecting Disinformation • 100 • : WeMustCare -
Israel attacking Iran again.
Middle East Issues • 23 • : KrustyKrab -
So I saw about 30 UFOs in formation last night.
Aliens and UFOs • 37 • : charlyv -
Hurt my hip; should I go see a Doctor
General Chit Chat • 11 • : TheLieWeLive