SCI: Tech Fears Arise Over Norton and Pifts.exe

reply to post by carole9999


Linux is good if all you do is surf the net. But I'm an artist and it takes me 20 minutes to do the install for my tablet, and it doesn't work correctly even after that.

I do use Linux. I had it on my family's computer for a year because they kept getting viruses.

But if you use Common Sense 2009, you can use Windows without having to pay for an antivirus that includes shady executables in their software. I'm just saying.

reply to post by Ian McLean

Originally posted by golemina
Has anyone posted a binary image of the EXE in question.

Yes, see page one. I have verified that the MD5 checksum in the RAR linked there matches the checksum in Symantec's post.

Sorry, brother for being unclear...

I need a copy of the executable itself. I was inquiring if someone has uploaded somewhere.

I would like to disassemble it myself.



(Looking for a link ).

Thanks.

PS.

Those guys at Symantec had a chance to make this right and it is fairly clearly they think we're all a bunch of chumps.

Guys... It is IMPERATIVE that we deal with facts from here on in.

[edit on 10-3-2009 by golemina]

Originally posted by eonpeon
PIFTS = Personal Information File Transfer System...?

There you go! The clue is in the acronym!

Wow!

It took so long for that?

Good job.

Originally posted by ANNED
Or do i have to worry in the future about some government agency getting a list of all the web sites i go to and knocking at my door.

It seems to me that it is wise to consider all of your online and computer activity as being potentially 'monitored' and 'collected'. Unless proven otherwise, that's a fundamental approach to security.

But it is reasonable to assume that access to any collected information would be tightly controlled, and that one need only 'worry' about it if there were some potential for it being flagged for review. After all, such collection is a highly-evocative subject, as evidenced by this thread!

Consider the situation that intelligence and law enforcement are in, with regard to terrorism. Say, for example, that a suspicious bank transfer and travel pattern emerges, that 'flags' potentially nefarious activity. At that point, a 'reasonable suspicion' is achieved, and is grounds for further investigation. But where to go from there? At that point, one would want to review past activity of that individual, see who they had been in contact with, what activities they were involved in, etc., in an attempt to "connect the dots" and build a larger pattern.

But, if the ability of the intelligence community to gather information begins only after the threshold of 'reasonable suspicion' has been achieved, that allows a vast amount of potentially-invaluable data to 'fall though the cracks'.

The solution to that quandary is the secure automated collection of such information, on a broad scope, with access to archival collections only permitted upon establishment of a valid legal threshold. Such a system, in the minds of government lawyers, could be considered (if 'secure') as protecting and respecting individual privacy and rights and legality, while not hampering law enforcement efforts.

At least, that's the 'conspiracy theory'.

reply to post by grantbeed


Had the same problem with Norton; once the get you they won't let go.

They also introduced a Trojan virus that deleted pictures and made computer slow like dial-up.

Fix-up was $200.00 so I avoid Norton now.

reply to post by golemina

Originally posted by choujeap
Howdy folks,

Somebody over at /g/ managed to finally track down the actual executable and all of its creepy files.

I present to you, Pifts.exe.

www....(nolink)/?mnmh35b9d0k

Scanned by Spybot, MBAM and McAfee-- it's "clean", but I wouldn't go opening that .exe just yet.

Open them up as .txt and look through them-- there's evidence in the .pf that it's doing something with the Internet Temporary Files, the History, and, for some reason, Google.


http:///m1e207a78

All the strings in the .exe for your perusal.


I personally have no idea how they're thinking it's contacting Africa-- the two IP addresses given by the Tech blog don't resolve to it in any way, just Washington Swapdrive and Microsoft Search Companion.

here it is from page 1 of this thread

reply to post by Gemwolf

"ATS has been contacted by Symantec and threatened to sue ATS if we don't delete the topic. I'll delete the thread in a couple of minutes...


...

I'm just kidding. "

YOU DAWG, YOU! Rather 'pugnacious' aren't you?

Hello everyone here at Ats, I've been reading the threads for some time, and thought i might as well sign up and join the discussion! i just joined, like a couple minutes ago...Anyways, while I was registering, and checking my email for verification, confirmation, etc. etc. i had looked at the recent list of emails, and surprisingly enough I had a brand new email from...you guessed it, Symantec or however you spell it. this email occurred at 11:10 PM, i have had no interaction with symantec, besides peeking at the forums, and googling "PIFTS" I have had no symantec program installed in my pc so i was wondering how i would receive an email from symantec, at 11 at night....and the email was about wanting to have me try a new trial version of Norton.

After reading and doing some research I have found a few things.
First Norton says they deleted the post on there site because they where getting spammed!
Well as far as I could see from the first of this people where just posting and asking what this file did. When they did it was erased and they where banned.
Two , when the file accessed the web it sent files and or info to there site. Now this was done without asking the user if it was ok do do so.

There are still a whole lot of unanswered questions on this item and I think that it took them as long as it did to answer because it took Norton this long to come up with a way to cover what they had done and not get them in anymore legal issues. Over the years I have seen company's make a mistake like this and they came out and said with little effort that they did so and where sorry to cause any issues. Not here , Norton did a 180 and did not say a thing and let this issue fester for quite awhile.
I my self still do not trust the answer that they gave and will not use there products till some form of why this was done is stated!

I can almost guarantee you the answer you get wont be the one you want
I like to think of the world as such; everything's a conspiracy, everything is an excuse, nothings a definite answer

PIFTS.exe or Product Information Framework Troubleshooter

finally we know what PIFTS stands for as per a norton employee.

Here is a link with new info



community.norton.com...

[edit on 10-3-2009 by wiredamerican]

[edit on 10-3-2009 by wiredamerican]

Originally posted by Ian McLean
Interesting string from PIFTS.EXE:

d:\perforce\entiredepot\consumer_crt\patchtools\patch021809db\release\PIFTS.pdb

reply to post by Ian McLean


Perforce is a source control management system (SCM)--I used to use it prior to switching to TFS.

If you look on Perforce's website, you'll see their high profile client list, and guess what, Symantec is on it.

Perforce Client List

Hmmm..........

delius

[edit on 10-3-2009 by delius]

Bad Symantec Update Leads to Trouble

Robert McMillan, IDG News Service

Symantec says a buggy diagnostic program spurred a rash of Norton antivirus user complaints late Monday and Tuesday morning.

Problems started around 4:30 p.m. Pacific Time on Monday, when Norton Internet Security and Norton Antivirus 2006 and 2007 users started receiving error messages connected to a Symantec software update that tried to download a program called PIFTS.exe. "In a case of human error, the patch was released by Symantec 'unsigned,' which caused the firewall user prompt for this file to access the Internet," wrote Symantec spokesman Dave Cole in a forum post explaining the problem

Snip~~

"Whether you believe this is something malicious or not, it is worrying the lengths the company will go to stop people from asking questions about PIFTS.exe," wrote one poster to the Abovetopsecret.com Web site. "If you have Norton on your computer, I currently advise you to not allow pifts.exe through your firewall."

[edit on 10/3/2009 by Sauron]

Long time reader but first time as a member here. I have NIS 2009 installed on 2 of my computers and none of my updates had the PIFTS file. Of course when I read my morning rss feeds, which does include Symantecs forums, and saw what was going on, I immediately started checking my updates and logs. But it was not there. I wonder if it was sent out on all versions of Norton? I read earlier on Wilders Security that they were pretty sure it was included in updates for Norton 2006 and 2007 products, but wasn't certain. I am asking because of the posts I have read over the net, the people that are saying that they have gotten the file are also talking about how slow and bloated their Norton is. However, the 2009 versions of Norton are one of the lightest and fastest on the market. So I am assuming that most of the posters that have gotten the file are using older versions of the software. So the possibility that it might have been sent out to only older versions of Norton seems odd to me. Not sure if that has any relevance though.

As for what I saw in my reader on the forums this morning...yes it is pretty fishy as to the reasoning of Symantec to delete posts on the subject. Many of the spamming posts from the 4chan site were rightly deleted. There were some pretty raunchy pictures on some of them. But, as many have stated, that was long after Symantec had already started deleting legit posts. So that in itself is pretty suspicious. I guess we will have to see what comes out of all this to what this thing really is.

Also a little suspicious to me is the claims that it was trying to connect to Swapdrive. Symantec does own Swapdrive Symantec Buys Swapdrive, but as far as I know, it shouldn't be sending out a connection out to it. Can't wait to see how all this plays out!

reply to post by deviantillusionz


It was apparently released to a limited number of users, so it makes sense that you may not have it.

community.norton.com... i don't know if this link has been posted,seems a lot to do about nothing.

Good thing I don't have Norton..

I found this official statement:

Hi everyone, No doubt you've read the Official Statement about PIFTS.EXE and the reasons why many posts were removed from this forum. There was no "conspiracy" or "cover-up" - someone was spamming our forums, and we took action to remove these posts. As it increased over a few hours, many threads were removed, and several users were denied access to post in the forums. We were gathering information to distribute, and I'm sorry it took this long to post the info to everyone.

Symantec Offical Statement

They're supposed to be answering... something...

Webroot is better than Norton anyways....

Originally posted by deviantillusionz
I immediately started checking my updates and logs. But it was not there. I wonder if it was sent out on all versions of Norton? I read earlier on Wilders Security that they were pretty sure it was included in updates for Norton 2006 and 2007 products, but wasn't certain.

I went through the same routine this morning, checked all three boxes that are running NIS2008 and did not find the problem file in any directory or compressed folder. Logs show that I did receive a Norton update overnight. Now it looks like others are confirming this was only pushed to limited 2006/2007 product users. Lends some credibility to the official explanation that Symantec was polling users to see how many would need a forced upgrade as Windows 7 comes around. Doesn't make what they did any more right, and this weekend I will wipe Norton from my net as a result.