It looks like you're using an Ad Blocker.

Please white-list or disable AboveTopSecret.com in your ad-blocking tool.

Thank you.

 

Some features of ATS will be disabled while you continue to use an ad-blocker.

 

SCI: Tech Fears Arise Over Norton and Pifts.exe

page: 25
267
<< 22  23  24    26  27  28 >>

log in

join
share:

posted on Mar, 10 2009 @ 09:36 PM
link   
Excellent news everyone!

community.norton.com...

They have opened up a thread about it and MAN THEY ARE GETTING DRILLED.

community.norton.com...
p;message.id=39282#M39282

They have admitted data has been sent to swap drive!

Keep on this everyone, excellent work!




posted on Mar, 10 2009 @ 09:44 PM
link   


I am extremely angry and horribly disappointed with you. I expected better from a company who's nexus of purpose is defending the people who use your products. This betrayal runs deeply, and will march through all the aware users of Symantec products soon enough. What started as a scratch is becoming a fissure. We hold you, Symantec, for turning your back on us who have been loyal to you for years. To the people who accepted your protection from the ill affections of the world who deigns to undermine innocent people. We knew, believed, and truly accepted the idea that your defense would offer no exceptions and would forgive no trespasser. We feel betrayed! We feel wronged by your collusion with American intelligence agencies! We feel absolutely disgusted that you would have us accept this goverment trojan called PIFTS.EXE and then suppress us unrighteously when we POLITELY ASK what you have intruded our space with! PIFTS - Public Internet and File Tracking System? How will we ever know. The damage has been done. Such a violation of our contracts with you is not redeemable. You have gone from hero to worm. I am IMMEDIATELY cancelling my subscription to Norton products and uninstalling them. I encourage everyone who values their privacy and their freedom to do the same. Norton Products Removal Tool for Vista/XP/2000: ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe Norton Products Removal Tool for Me/98: ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool_9x.exe Those removal tools will uninstall Norton products...hopefully. Thanks for nothing but bitter feelings. Signed, A Former Customer



Symantec getting stabbed in the back by his own customers ???



posted on Mar, 10 2009 @ 09:56 PM
link   

Originally posted by tommyboy1981
i bet the owner of symantic does not use norton!!!


LOL..best response ever


Im sure he doesnt.



posted on Mar, 10 2009 @ 09:57 PM
link   
reply to post by Nonchalant
 


Could we please stay on topic in trying to find out what this .exe really does?

I don't think commenting on posts from that thread does much for the discussion unless it was posted by someone who knows something about pifts.exe



posted on Mar, 10 2009 @ 10:00 PM
link   
reply to post by sadisticwoman
 


Read above posts about PIFTS.EXE , we explained what it do and where it send informations



posted on Mar, 10 2009 @ 10:01 PM
link   
reply to post by OTTOKARMA
 


Are you sure that's exactly what it does? Because if you decompiled its code and found that out, you should probably take it to the news.

If you're saying the only thing left to do here is discuss what's being said on another forum, I think I'll be asking a mod to close this thread.

[edit on 10-3-2009 by sadisticwoman]



posted on Mar, 10 2009 @ 10:06 PM
link   
i dissected the code myself too and found what other programmers found.

i saw tons of peoples saying "hurrrr durrrr its way too much difficult to do it"

but as i said , when dissected , the code show commands requesting for your temp internet files and brower history, and many more infos

and most important , after sniffing the request done by the program itself , i determined and found the targeted IP



posted on Mar, 10 2009 @ 10:11 PM
link   

Here's a post on DSLReports regarding this issue. Not sure how much of this is true, so take this with a grain of salt.



Fascinating, they call it a simple update? It is not.

The program analyzed:

It clearly goes through and scrapes your history, temp files, cookies, etc, and it tries to contact a shady online storage place they recently acquired. Let's do a lookup on swapdrive! 67.134.208.160:80 is where PIFTS.exe asks to connect to.

Domain Name: SWAPDRIVE.COM

Administrative Contact:
Wallace, Marc
Web Data Group, LC
PO BOX 7241
ARLINGTON, VA 22207-0241
US
703-352-1578

www.webdatagroup.com

Click on " Competitive intelligence." Interesting! They talk about military intelligence gathering right on the page. So this "update" is scraping internet history and temp data and trying to contact a company who does online storage with shady ties to intelligence gathering. If it is datamining, Americans need not be surprised, we had AT&T do it on our phones and some act as if our computers are immune. Hey, let's look more into one of the owners of Swapdrive in the Web Data Group! There are more interesting people than Marc Wallace.

www.spoke.com...

"Roland Schumann is a former military intelligence officer, having served both on active duty and in the reserves. Trained in unconventional warfare and electronic intelligence gathering, he also has practical experience in airborne operations, human intelligence (HUMINT), counter-intelligence, and counter-terrorism. He has performed risk analyses in Latin America for the US government and in the United States for commercial and government interests."

It is helped to be run by a former military intelligence officer. So there you have it, you have very shady actions by Symantec regarding the whole thing making people suspicious by deleting any mention of it, they claim it is a simple update, and when we dive into it, we find out it scrapes your internet history and temp files, interfaces with Google Desktop (G O E C 6 2 ~ 1 . D L L ), and then where does it try to go? It tries to jump straight to Swapdrive (we know this because it asked permission to go to 67.134.208.160:80, which is Swapdrive). Who owns swapdrive? The Web Data Group based out of Arlington (wow, the same place the Pentagon is located, what a coincidence) who has a statement about using military intelligence information gathering right on their website and who has owners with shady backgrounds as army intelligence officers, and when Symantec is asked about PIFTS.exe, it immediately tries to cover it up and deletes everything related to it in a very suspicious fashion. Follow the trail, do some research, dig around.

Oh no folks, move along, certainly nothing interesting to see here!


This guy just exposed the truth!! pifts.exe is a fraud and Norton knows it. Why don't they just tell the truth? Norton will be the next major company to fall. I'm so glad I never trusted Norton. I always felt in my heart that the company was shady to begin with.



posted on Mar, 10 2009 @ 10:17 PM
link   


if you're saying the only thing left to do here is discuss what's being said on another forum, I think I'll be asking a mod to close this thread


1/ we're not discussing only about things said on other forums.

2/ oh sorry i forgot you was almighty about wich threads have to exist or not.

3/learn a bit about talking nicely with peoples.

4/ oh well..

Goin back to the main subject after that intermezzo.

the amusing part is the Symantenc keep repeating "blah blah, the program dot modify anythings, blah blah dont access any informations" but still didnt explained why and what is the purpose of that program and why it was detected with such weird errors



posted on Mar, 10 2009 @ 10:20 PM
link   
I hope this is not a repost. I got a tweet a bit earlier, I was watching a movie and just got it.
Graham Cluley via Twitter
to me

show details 6:22 PM (4 hours ago)


Reply


Symantec has now issued a statement: /cyjppx

Graham Cluley / gcluley



posted on Mar, 10 2009 @ 10:25 PM
link   

but as i said , when dissected , the code show commands requesting for your temp internet files and brower history, and many more infos
I see one call into wininet (InternetOpenUrlW) that, as far as I can tell, has pretty innocuous data in it and one call to CreateFile for logging. So where are you seeing the application (not wininet) pulling in those things. An offset, ASM fragment, or API should be sufficient.



posted on Mar, 10 2009 @ 10:26 PM
link   
All right... I wadded thru that thread referenced above.

Symantec is sticking to their story.

Unfortunately, the accounts being served up in NO WAY synch with what has unfolded in front of our eyes here at good ole ATS.

They are also still CENSORING posts in the so called thread.

They have posted a 'technical' description of the activity of the so called EXE.

It is in STARK disagreement with assessments we have had posted in this forum.

It's time to get some heavyweight people involved in this process.

Has anyone posted a binary image of the EXE in question.

I want to take a look at it.



Also, if we expose this 'technical' evaluation by the Symantec staff as just more BS...

It would be nice if we could start the ball rolling on getting the Norton products reclassified as SPYWARE...

Let's rock.



posted on Mar, 10 2009 @ 10:27 PM
link   
So they are basically saying it does NOT go to Africa...it goes to NA. They are standing pretty firm in the latest 6PM addition to the earlier statement.
(I hope this automerges.)
"PIFTS.EXE does the following:


- Determines what product is installed, NIS, NAV, N360, NCO, or NSW, by looking under the HKLM\Software\Symantec\InstalledApps registry key.
- Determines the version of the installed product by looking at the file version information of a key product file.
- Determines if PIF is installed by looking under the HKLM\Software\Symantec\InstalledApps registry key.
- Determines the version of PIF by looking at the file version information of two key PIF files.
- Determines if PIF is enabled, and what the PIF state is, by looking at the PIF registry under HKLM\Software\Symantec.
- Determines the version of PIF that LiveUpdate believes is installed, by reading the LU catalog.
- The collected information, as described above, is reported to a Symantec server, called stats.norton.com, using an HTTP GET request. This server is located at a Symantec datacenter located on the East Coast of the United States.


No additional information is collected, no personal information is collected, and no system modifications are made."



posted on Mar, 10 2009 @ 10:28 PM
link   
wow, all this just because they forgot to "sign" a patch, that's why it was blocked by the firewall. just imaged all the files that were signed and got through all this years of using the program behind your back. hmm hmm.

now i remember why i stopped using such programs a long while ago




posted on Mar, 10 2009 @ 10:38 PM
link   
From the most recent Symantec announcement:


File name: PIFTS.EXE
File size: 102400 bytes
MD5 hash: 91b564d825a3487ae5b5fafe57260810

The PIFTS.EXE binary was released through LiveUpdate targeting 2006 and 2007 products. After downloading the LU package, LU executes PIFTS.EXE, and PIFTS.EXE collects product state information, and reports this information to Symantec.

PIFTS.EXE does the following:
- Determines what product is installed, NIS, NAV, N360, NCO, or NSW, by looking under the HKLM\Software\Symantec\InstalledApps registry key.
- Determines the version of the installed product by looking at the file version information of a key product file.
- Determines if PIF is installed by looking under the HKLM\Software\Symantec\InstalledApps registry key.
- Determines the version of PIF by looking at the file version information of two key PIF files.
- Determines if PIF is enabled, and what the PIF state is, by looking at the PIF registry under HKLM\Software\Symantec.
- Determines the version of PIF that LiveUpdate believes is installed, by reading the LU catalog.
- The collected information, as described above, is reported to a Symantec server, called stats.norton.com, using an HTTP GET request. This server is located at a Symantec datacenter located on the East Coast of the United States.

No additional information is collected, no personal information is collected, and no system modifications are made.


Now, I see there being two almost-separate issues here. 1) explanation of the extreme forum censorship response, and speculation as to what might be implied by that, and 2) technical analysis of the actual .exe component, and what it's really doing.


Originally posted by golemina
Has anyone posted a binary image of the EXE in question.

Yes, see page one. I have verified that the MD5 checksum in the RAR linked there matches the checksum in Symantec's post.


Originally posted by golemina
They have posted a 'technical' description of the activity of the so called EXE.

It is in STARK disagreement with assessments we have had posted in this forum.

Not true; their explanation is in agreement with my (brief) review of the EXE, that I posted on page 3 of this thread. Of course, that doesn't mean that either of us are completely accurate in our analyses. However, as much as I don't trust them, I find their technical explanation reasonable and consistent with what I've observed.

Symantec products are inefficient bloatware, and no doubt contain backdoors to allow law-enforcement access when deemed necessary, overriding users' security and privacy concerns. But, the technical evidence I've seen so far is no 'smoking gun'.



posted on Mar, 10 2009 @ 10:44 PM
link   
I've been following this thread all day. Great work, everyone. I too am with the crowd who is saying:

1. Bit of an extreme over-reaction to innocuous questions, wasn't it? They are flat-out lying when they say they began deleting posts DUE to abuse. They were deleting posts HOURS before the abuse began. Someone else in the thread says he's only seen that kind of censorship on a forum when an administrator was discovered to be a registered sex offender.

2. What's with the topic being censored other places like Digg, Yahoo, etc? Does Symantec really have the power/authority to get OTHER sites to censor their stuff?

3. Is this program scraping personal data and sending it to some shady-sounding front-company that deals with government intelligence agencies? I'm not a genius or anything but the evidence posted in this thread seems fairly easy to follow.



posted on Mar, 10 2009 @ 10:46 PM
link   
reply to post by Malynn
 


About Yahoo: Yahoo owns Symantec. So it's simple for them to censor Yahoo.



posted on Mar, 10 2009 @ 10:46 PM
link   
reply to post by sadisticwoman
 


I partition my hard drive on every computer I own, and while I keep Windows for certain software I primarily use Linux operating systems. I completely avoid most of the negative problems which are inherent with Microsoft OS, and have the advantage of being able to use command lines (similar to DOS, which they've eliminated access to). It then becomes an OS which I have more control over (since I notice that Microsoft has taken so much control it feels like they're loaning you YOUR operating system). There are a number of Linux OS which are so user friendly they are as simple as Windows (even more so for some functions). Please consider doing this--you will avoid the headaches, and the firewalls for Linux are generally far superior. This is because Linux is open source, many of these can be obtained free as well as a large amount of software, and it has been refined and contributed to by some very good 'hackers' over the years. There is a negative connotation to the hacker term, but many of them are actually very ethical people.



posted on Mar, 10 2009 @ 10:50 PM
link   
My only question now are other companies(i use AVG) doing this data mining too and if my proxy is hiding this from them.

Or do i have to worry in the future about some government agency getting a list of all the web sites i go to and knocking at my door.

Yes things might look incriminating as i keep up with new thing in one of my old trades (blasting)
And go to mining and prospecting forums that most of the membership is very anti US forest service and BLM.

Plus i am here on ATS
a conspiracy site.



posted on Mar, 10 2009 @ 10:51 PM
link   
PIFTS = Personal Information File Transfer System...?

There you go! The clue is in the acronym!



new topics

top topics



 
267
<< 22  23  24    26  27  28 >>

log in

join