It looks like you're using an Ad Blocker.

Please white-list or disable AboveTopSecret.com in your ad-blocking tool.

Thank you.

 

Some features of ATS will be disabled while you continue to use an ad-blocker.

 

SCI: Tech Fears Arise Over Norton and Pifts.exe

page: 24
267
<< 21  22  23    25  26  27 >>

log in

join
share:

posted on Mar, 10 2009 @ 07:52 PM
link   



i posted a tracert map with the destiantion route and NONES said anythings

like "oh ok its cool guys , Symantec is f***ing us in the b**t, how fun!"


(ha finally some peoples are wakin up)

[edit on 10-3-2009 by OTTOKARMA]


I am posting stuff put it is not showing up on the board!!! Uncover this everyone, now is the time!!!!!! The are frantically trying to cover this up!!

-Kdial1




posted on Mar, 10 2009 @ 07:54 PM
link   
My post also did not show up correctly. I always have what I write inside a text file so in case any errors happen (or they decide to cut my connection) I still have it.

In this case I was simply able to edit the post and it then showed up correctly.



posted on Mar, 10 2009 @ 07:56 PM
link   

Originally posted by r1c1nb3an
My post also did not show up correctly. I always have what I write inside a text file so in case any errors happen (or they decide to cut my connection) I still have it.

In this case I was simply able to edit the post and it then showed up correctly.


I tried editing it and 50% of it was deleted.....This has the first time this has happened to me on these boards.

-Kdial1



posted on Mar, 10 2009 @ 08:02 PM
link   

Originally posted by RFBurns
...I am behind 5 hardware firewalls and two of those are industrial type routers, so nothing can come in or go out unless I specify it can.
...


Behind 5 firewalls? You are either on a poorly designed corporate network, extremely paranoid, or lying. A router is NOT a firewall. It can perform some of the very basic functions of a firewall (block this traffic, allow that), it cannot do anything "advanced" that even CHEAP firewalls can do.

Here's the simple version for people that do not know: A router is like a traffic cop that ONLY gives directions. He will say "Go down this road", "Go down that road" or "There is no way to get there from here". No other answers are possible. He may be able to say "People with silver cars can't go down this road", but nothing more complicated than that (in our simile)

A firewall is like a cop who is tasked with protecting a person. If you say "I want to go to Fred's house", he will say "Did Fred ask you to come in?" "Where are you coming from?", "What room of Fred's house are you trying to visit?", and the most important one: "Did Fred call YOU to visit him, or does he have no clue you are going to visit him?"

When people (or a corporation) doesn't want to answer a question about what goes on YOUR property, that is most certainly a time to be suspicious.



posted on Mar, 10 2009 @ 08:05 PM
link   
Kdial1 i think you misintepreted my post, and anyway you only took the end of my post so cut off the sarcasm, im just trying to point a fact, i showed that map, another poster showed the logs of the IP analysis and i been a bit confused because nones took any interest in thoses



posted on Mar, 10 2009 @ 08:06 PM
link   
Something still stinks here.

Still no official response on the apparent data mining.

And i'm not too inclined to believe their response to it when it does come. I mean, you know, any answer that takes this long is being "spun"

I predict: response will be little or vague as possible considering this pifts.exe behavior. In time, everyone will forget and go back to sleep. We may think back a few months from now and say, yeah, it was probably something fishy but we'll never know for sure.



posted on Mar, 10 2009 @ 08:11 PM
link   
They admit to an error: "not signing it as symantec"

If it had been digitally signed as symantec it would not have raised the errors...

BUT this does not goto the heart of the fact they are scanning your computer with no permission the sending it to a questionable data mining center.

So, is this legal now? Get all the private user info and send it to big brother? Any way lawsuits could come out of this?

They retract it now but will obviously re-release it digitally signed later
And how often is this going on on our computers without us knowing it because it doesn't get flushed out the other times it happens?

I don't want to become paranoid but how much privacy do we really have left?



posted on Mar, 10 2009 @ 08:12 PM
link   
Swap driver is located near masonic square , FBI HQ and ......international spy museaum


who said one liner ?

[edit on 10-3-2009 by OTTOKARMA]



posted on Mar, 10 2009 @ 08:13 PM
link   

Originally posted by sir_chancealot

Behind 5 firewalls? You are either on a poorly designed corporate network, extremely paranoid, or lying. A router is NOT a firewall. It can perform some of the very basic functions of a firewall (block this traffic, allow that), it cannot do anything "advanced" that even CHEAP firewalls can do.



Obviously you need some networking classes.

The hardware I sit behind is quite effective, customizable and has worked for my purposes for over 10 years. Now I have never had ANY virus attacks, or attempts to get into my networks since installing this system, and it seems to work extremely well.

The two routers, the industrial ones, are not your typical off the shelf wal mart made in china POS's. These are Cisco routers and I control those in real time on seperate pc's running nothing but their control software. The other 3 are typical off the shelf routers to which each are in fact both firewalls and router combinations.

Then there is of course the OS firewalls...useless IMO.

Anyway what works for me is working just fine. And has been for 10 years. Obviously I am doing something right..and everyone else is not with all this cry wolf over some file getting into their systems.




Cheers!!!!



posted on Mar, 10 2009 @ 08:14 PM
link   
While this could be something shady, it's hardly groundbreaking. There has been datamining crap for many years now. People willingly install datamining software. Play WoW? You are mined. Use Google toolbar, weatherbug, etc? Mined. Browser history is the main bit of info dataminers gather, so they can do targeted advertisements.

People sometimes don't even wonder they keep finding helpful ads about local girls in your zip code who really want to spend the night with you for 199.95.

Most computers I work on are so unsecured, it's not even funny.



posted on Mar, 10 2009 @ 08:15 PM
link   
reply to post by OTTOKARMA
 


My post on the previous page I had wrote a reply to your findings. I quoted some important parts. I am not trying to be sacrastic..... I am pointing out to everyone here what happened when I tried replying to your post, something that has never happened to me before on this site. I honestly believe there is a huge cover-up going on right now.... Part of my post was encourageing members to get to the bottom of this since investigative journalism on the Federal government within the MSM is null and will not happen.

I am a professional in my respected field and in am in no way trying to misinterpret your information or be sarcastic.

-Kdial1

[edit on 10-3-2009 by kdial1]



posted on Mar, 10 2009 @ 08:19 PM
link   
reply to post by Hellmutt
 


In case no one read Helmutt's link in the above post, it defines PIFTS as:


PIFTS (Product Information Framework Troubleshooter) is a diagnostic program that Symantec periodically sends out to users to anonymously collect information such as the operating system and version number of the product being used in order to get a snapshot of its user base.


Seems folks were incorrectly speculating on this acronym earlier.

Link again: www.pcworld.com...

Perhaps a bit off topic: After much painstaking deliberation and research, I recently settled on and installed ACRONIS True Image Back up software on my server at work. (It was highly recommended.) It killed my entire network and it took me 3 days to get back up. After hours of research and futile Tech support calls, I finally found the cause on a tech forum.
( It deleted an IRQ stack size value in the registry.) The poster on the tech forum theorized that the company (Acronis) actually knew of the bug but wouldn't admit it. Just sayin.'

Computers can be very frustrating. When I was in school way back when, they explained the purpose of computers was so we would all have more leisure time. ( The computers would do our laundry, cook our meals and mow our yards. etc.) It seems the other way around.

Regards.....KK

[edit on 10-3-2009 by kinda kurious]



posted on Mar, 10 2009 @ 08:28 PM
link   
Citation needed on Wikipedia.

I've only been on ATS for a few days so don't quite feel qualified to place it. But, even though we all know the calibre of Wikipedia it deserves our phenomenological input!

I'd love to see a mod or long-time ATSer add a citation to the following:

en.wikipedia.org...

The forum spam explanation is questionable since posts regarding PIFTS.exe started being deleted before the spamming began, and in fact the spamming attack was in response to the original deletions.[citation needed]



posted on Mar, 10 2009 @ 08:41 PM
link   

Originally posted by Hellmutt

Bad Symantec Update Leads to Trouble


Symantec says a buggy diagnostic program spurred a rash of Norton antivirus user complaints late Monday and Tuesday morning.

Problems started around 4:30 p.m. Pacific Time on Monday, when Norton Internet Security and Norton Antivirus 2006 and 2007 users started receiving error messages connected to a Symantec software update that tried to download a program called PIFTS.exe.


i believe it was a buggy program that norton released.

but from there antivirus360 got a hold of it and started posting to places like 4Chan, all the antivirus forums. and any other place that drew a lot of traffic plus seeded a group of malware sites they control with the pifts.exe so the people would find them and also get a pop-up.+ plus the antivirus360 spam.

This caused even more post about pifts.exe and more people going to the AV360 traps and they rose on the google ratings till just about everyone that was not careful found one of there traps and this just started a major cascade on the Internet.

I believe the only conspiracy about this is how a company like Antivirus360 was able to Social engineer this so out of proportion so fast to sell there product.

Not that there were not other companies that helped.

The one thing i liked was how google started deleting AV360s trap sites when they became a problem.

Now that this is done i can go back to having fun on ATS.



posted on Mar, 10 2009 @ 08:44 PM
link   
reply to post by RFBurns
 



Anyway what works for me is working just fine. And has been for 10 years. Obviously I am doing something right..and everyone else is not with all this cry wolf over some file getting into their systems.


That's something like your third attempt to try to characterize this exploit by Symantec as 'crying wolf'.

What's up with that?



You calling the people that have done the preliminary investigatory work on the so called 'EXE' in question liars?

I'm just curious...

[edit on 10-3-2009 by golemina]



posted on Mar, 10 2009 @ 08:46 PM
link   
I've been following this since this morning, when i saw it on reddit. Just joined to add a couple cents to the discussion.

I work for a software testing lab in my city. I found it interesting that Sym claims that it released an update without a digital signature, because every software build I receive for testing has to be digitally signed, even before us testers get it. I can't imagine something slipping past the testers, project mangers, and the web release team without that signature. Idunno...that seems kind of shady to me.



posted on Mar, 10 2009 @ 08:48 PM
link   
I get back to the pc this morning, to see the 'official' explanation, and to be quite honest, this is suspect. The whole reason 4chan did what they did, was because the initial legitimate questions were removed, 4chan has boards dedicated to technology and another dedicated to the paranormal, and both of these boards were just as confused as the users posting legitimate questions on the norton boards.

Of course, when the posts started being deleted (censorship is something that 4chan despises, judging by past reasoning for attacking everything from Scientology to pet dogs) they fired up their internet hate machine and got to work yelling....

As has been stated in this thread before, a few key points should be remembered;

Legitimate posts were being whitewashed HOURS before spammers/4chan showed up.

It connects to some suspicious places.

The explanation given on the forum, seems to be lacking in hard data and also tries to skapegoat pretty much everyone else.

If I used norton, which I don't, by now, that whole package would be ripped from my harddrive, thrown into a sack, the sack thrown into a river, and the river thrown into the sun.

Take NO chances on things like this.

^__~






[edit on 10-3-2009 by KoraX]



posted on Mar, 10 2009 @ 09:12 PM
link   
Ok, having looked through the exe... it appears to be more or less as they are saying. it collects information about symantec components, builds a URL out of it and pings a symantec server with it and completely ignores any data returned by the server. Everything with history, cookies, temporary internet files,etc is getting pulled in as a side effect of calling InternetOpenUrl.

What looked like (inline) padding at first glance is in fact a bunch of 0xCC bytes, which means its most likely not space for runtime modification... just that it was built in debug mode. I don't see anything that looks self modifying anyway so runtime modification would have to be external(unlikely).

It is still possible that something nefarious is going on, but if so it is the symantec dlls, not in pifts.exe. Dissecting those would take more time than I'm willing to volunteer and would be ethically questionable.

Somone upthread suggested that they are keeping quite about this because of the security implications of the lapse, which are significant and will take a lot of effort to fully address.

@ANNED
more than likely they are using google trends to target the scam at emerging keywords, which would explain the censorship from google and digg.

[edit on 10-3-2009 by baahl]



posted on Mar, 10 2009 @ 09:12 PM
link   
Geesus.

How strange, that is completely a certain set of rules being broken.

How does this play into everything? I know it relates to everything thats going on right now, but I honestly wish that I knew what. Just like everything else.... what the H is going on in this world and how much time do we have?

Augusta



posted on Mar, 10 2009 @ 09:28 PM
link   
I'm glad I run avast for free. I have been attacked by trojans and only 1 time did something actually get past avast I don't remember what it was but it was a trojan and avast was able to remove it thanks to it's VRDB and almost daily updates nothing was damaged.

To me the most frightening thing about this is how it was contained.
The official story is a cop out and cheap cover story that will passify a high percent of the masses. Not me, I do not believe it.

The indescriminant killing of ALL reference to pifts almost immediatly upon posting is evidence of damage control beyond this

Symantec strictly adheres to its Norton Community Terms of Service and does not delete postings unless they are in violation of these guidelines

official statement

In an update to their T&C it adds that they reserve the right to delete posts.

The mass deletion and mysteriously low google counts is conspiracy in itself and should be a red alert to how fragile our means of effectivly communicating with large numbers of people in different locations really is.

Imagine if you will, The U.S. government with all it's resources. aiming the guns at (pick a topic) and literally "deleting" it from the web! This event shows how fully vulnerable we are to this kind of censorship.


As for pifts. If this was really as explained by the official BS story why did it take so long for them to post such a simple explanation?
Why didnt they just post the explanation and put it out there on the front page?
It would have done a LOT to quite the spammers who did show up but only LATER. No, there was an emergency meeting convened and a rush story put out to, like I said placate the masses and alienate those who suspect something more sinister. In the panick they simply killed all reference to try and limit the exposure.

My opinions.



[edit on 3/10/2009 by AlienChaser]



new topics

top topics



 
267
<< 21  22  23    25  26  27 >>

log in

join