SCI: Tech Fears Arise Over Norton and Pifts.exe

reply to post by sadisticwoman

this was sent out unsigned by human error from norton, it's nothing, look;

blogs.howstuffworks.com...

reply to post by sadisticwoman


blogs.howstuffworks.com...

Just a word of advice for those that are considering removing Norton (and if I missed someone else posting this I apologize):

If you want to remove Norton from your system you cannot just use the “uninstall” utility. You must use the Norton Removal Tool, which is available on the Norton site and various tech sites. Simply using the “uninstall” leaves files on your system and may cause the previously mentioned problems: e.g. losing internet access, non functioning e-mail, etc. The removal tool is somewhat difficult to find on the Norton site (surprise!) so the the techie sites may be more convenient.

If you’re comfortable with it, I would also recommend going into and checking MS Config and the registry and deleting any files that may remain. Be careful though if you’re not sure what you are doing. There are various websites that are helpful in guiding you through this process.

Also, if you are signed up for “automatic renewal” pay attention to your credit card statements! Our office cancelled our account over a year ago and we recently received charges for the renewal. I had to contact them again to have it cancelled again. Therefore, they are more than happy to charge you for a service you are not even receiving. I can’t say that this is definitely intentional or malicious – it could have just been a clerical error – but I have heard of this happening to others as well.

Hello,

I did register to comment on this topic, however, I am a long time lurker. I was just vey interested in sharing some information with you, but let me say, glad to behere!

I am surprised no one has wondered who Network Solutions is. I tried to read through almost every reply.

Netcom was bought by Mindspring. Mindspring was bought by Earthlink. Earthlink was banned on the internet by way of UDP's and IDP's because of links to Scientology. It gets better.

This was all due to being accused of being a "Spamhause". This brings us to Sanford Wallace, one of the most hated spammers of all time. Now why Sanford Wallace? I remembered the link between him and Network Solutions when I saw "Marc Wallace" and Network Solutions, LLC.

I do not know if they are connnected to each other, but it struck me as wildly odd when I saw that whois posted in the thread.

So, who is Network Solutions? Hehe, whois, indeed.

It is a government funded company, called InterNIC. (I told you it got better) They held the monopoly on internet domain names until about 1998 or so.

They can hand out domain names like candy, hence why they found themselves blackholed, and eventually sued.

"As of January 2009, Network Solutions managed more than 6.6 million domain names."

"On February 6, 2007, Network Solutions announced that General Atlantic, a private equity firm, entered into a definitive agreement to acquire Network Solutions from Najafi Companies (formerly Pivotal Private Equity). [4] Although terms of the deal were not released, the Wall Street Journal reported in a story on May 30, 2007 that the price tag was "around $800 million."[5]"

"Network Solutions, Inc. (NSI) first operated the domain name registry under a sub-contract with the U.S. Defense Information Systems Agency (DISA) in September 1991. NSI gave out names in .com, .org, .mil, .gov, .edu and .net for free, along with free IP address blocks. This work was performed at the Chantilly offices of GSI, the primary contractor, a corporation formed by Infonet to avoid foreign ownership of U.S. government contracts. The work had previously been performed by incumbent SRI International."

"On January 8, 2008 Domain Name Wire published a story alleging that Network Solutions practices domain name front running."

That is basically where they make domain names, and claim they own them, and then sell them for big bucks. So say you wanted to register jermaindavis.com. Then, your son Jermain Davis becomes a famous footall player or musician. When you go to register the domain, they will give it to you.. for hundreds of thousands, even milions. Ever get a spam about a domain name, and you can register it for just 10 dollars? You can guess who could have sent that to you.
(from wiki, there are better resources, but hey)

This is just the tip of the iceberg, and some research will lead you, after a hundred different directions, back to the fact they are government controlled, funded, and most definitely would be linked to any data mining, information collection, and most certainly target based "advertising".

I can honestly see a possible connection here. I find it extremely intriguing the possible links from Sanford Wallace to Network Solutions, to Symantec, and why that would be a huge secret they would want kept a huge secret.

www.ecofuture.org...
crystalcoasttech.com...
smackdown.blogsblogsblogs.com... google/
www.nk.ca.../categories/56-Network-Solutions-Spam

reply to post by passenger


Have to use the Norton Removal Tool?



I don't think so.

Go to any site that deals with SPYWARE. They WILL help you get rid of it.

It's just another example of the folks at Symantec feeling like they don't have to conform to the standard adhered to by the majority of the industry.

You have to question the nature of the design that the product refuses to TRULY deinstall itself.

Why would you put ANOTHER product on your computer from a company that is demonstrating by its ACTIONS that it can NOT be trusted...

Has flat out LIED about what were in fact VERY clear cut events...

And now paints it's customer, who only had VALID concerns, with a VERY wide brush in, at best , unflattering terms.

I've got an answer for blogs.howstuffworks.com... and the folks at Symantec.

If what you are saying is true... And you were in fact NOT stealing your customers PRIVATE data...

Then PUBLISH THE SOURCE CODE.



We will be more than glad to verify it matches the distributed PIFTS.EXE.



Yeah, like that is going to happen.

Has anyone captured the data file generated by PIFTS.EXE?

That would shed a lot of light on the subject.

Is Symantec telling the truth (and they are just INCOMPETENT )

Or... Did they in fact scrape off some of your PRIVATE data.

The proof is in the pudding...

Pudding anyone?



[English as a 2nd language.]

[edit on 11-3-2009 by golemina]

Originally posted by sadisticwoman

hey /g I was running my dad's computer tonight when a popup from norton asked me if I wanted to allow pifts.exe, I tried googling to see what it was and I am not getting any information. Anyone know what the hell this exe is? Also apparently any thread related to pifts.exe is being deleted on the norton forums.

zip.4chan.org...

Yep, that's right. Something that Norton is saying is just a regular update is requesting internet access. I know 4chan isn't everyone's idea of a good news source, but this is being talked about all over the internet, despite Norton's attempts to delete everything concerning the issue.

www.tech-linkblog.com...#

Hey /x/, /g/ needs your help on something. Some seriously shady # is going doing. The makers of Norton are involved in a coverup of some sort. A part of the program tried to access something in Africa. People asked them what it was.

They are deleting every single message about it on their forum and banning users who post them about PIFTS.EXE. We are trying to figure out what the hell it does, and why they are trying to cover it up. If you search Google for it you will find deleted posts in their forums.

What is pifts.exe and why are they trying to cover it up?

zip.4chan.org...

Whether you believe this is something malicious or not, it is worrying the lengths the company will go to stop people from asking questions about pifts.exe
It's also strange that it's trying to access Africa.

If you have Norton on your computer, I currently advise you to not allow pifts.exe through your firewall. Looking through its .dll, it accesses your IE history, and for some reason accesses Google as well.

the file pifts.exe is a rootkit much terrible, but the Norton had done a patch for this rootkit, going in the Norton website and try to search the correct patch.

Originally posted by Ian McLean

Originally posted by golemina
For those of you who might be a little slow on the draw those last three lines represent the closing of the COOKIES, HISTORY, and CONTENT index files of their respective INTERNET EXPLORER directories...

There's no indication that it's PIFTS.EXE that's directly accessing those; it seems more likely that is a side-effect of the use of the Microsoft WinINet API, specifically the call to InternetConnect().

Yes, but... doesn't it still mean the information is being collected and SENT to a Symantec server or disk farm? Do any of us think that is OK???????

reply to post by mrmrmikee


Right, I totally instantly believe what Norton tells me. We should trust the government, too!

People ARE capable of convenient lying, you know.

[referring to possible access of the COOKIES, HISTORY, and CONTENT index files in INTERNET EXPLORER directories]

Originally posted by DisgustedOne
Yes, but... doesn't it still mean the information is being collected and SENT to a Symantec server or disk farm? Do any of us think that is OK???????

No, I think that when an application uses the WinINet API to open an internet connection, the various subsystems that are part of the Windows OS, that are shared with Internet Explorer, access those files just like they do if you were to open a new copy of IE and go to a web page. It doesn't mean that the application using the WinINet subsystem is accessing that information and consolidating it into some kind of information dump.

I took a quick look at the EXE (I did not reverse engineer it), and the density and compactness of the code, as well as the embedded data, didn't seem sufficient to collect, collate, parse and sent the kind of information that's being alluded to, in the kind of covert manner that wouldn't be immediately obvious.

It seems more plausible that the EXE instead looks at specific registry keys, gathers some generic system information such as CPU type, looks at the version data resources in several Symantec application files, and condenses that information into a single URL request, which is then pinged to the stats server, which presumably logs it in a database of some sorts.

I have not seen any kind of rigorous forensic analysis that proves anything either way, but that's my opinion.

PS: I agree with the many other posters that have the impression that Symantec products are unreliable bloatware, and should be avoided.




[edit on March 11th 2009 by Ian McLean]

Originally posted by hotbakedtater

Third impression, what is the exe called now, why was so vital to get it out but now that it has caused such an outcry, it has been pulled?? Even though it is harmless and beneficial.

It wasn't pulled, it was just signed and reissued so your firewall wouldn't stop it. It's also possible they changed its name, but that's not likely since if they did they'd have to find any mention of pifts.exe in their whole program's code and change it to the new name. That ought to take a while.

Hello, I'm new here but I have been coming to the site for a long time.

Has anyone thought to call Alex Jones? Usually, when Alex gets a hold of problems of cover-up like this, he usually make so much noise that people eventually get answers. I can't because I'm at work. I can get on the internets but can't call.

/b/ and Anon could be a really good ally in this, only if they didn't act so uncivilized...

Why not install Norton on a crappy computer and experiment with pifts.exe a little bit?

My first post

Just wanted to let people know that another good alternative security suite (free at that for now) is COMODO. I used to used AVG and Zone Alarm but became unhappy with the way they worked. They seemed to be updating four or five times a day.

At any rate, I am very happy with COMODO.

Calling the Winint API does parse those files and, as indicated by people running a thread trace, it opens the .dat files for your history etc.

If syamtnec is trying to say they did not know this they are

1- incompetent, in which case they should close right away to avoid other "accidents" like this

2- lying.

Originally posted by golemina

"21:42:39,1065547","PIFTS.exe","3220","CloseFile","C:\Dokumente und Einstellungen\[Benutzer]\Cookies\index.dat","SUCCESS",""
"21:42:39,1065894","PIFTS.exe","3220","CloseFile","C:\Dokumente und Einstellungen\[Benutzer]\Lokale Einstellungen\Verlauf\History.IE5\index.dat","SUCCESS",""
"21:42:39,1066223","PIFTS.exe","3220","CloseFile","C:\Dokumente und Einstellungen\[Benutzer]\Lokale Einstellungen\Temporary Internet Files\Content.IE5\index.dat","SUCCESS",""

As has been mentioned before, if you look at what is done when any Norton or AV product does during update it is pretty straight forward and follows just about every other update or network function

Handshake - Introduction and assignement of Keys
This is when the app IDs itself to the update server in the case of an AV it says what OS it is on what SP revision etc.

Connection - a tunnel is created to protect the update process if the handshake and token phase fails. this cannot procede

Update - The proper update files for the type and version of software you have are installed.

Close and update of tokens.

Now if this was not happening with EVERY update you would get people getting the wrong updates for the wrong OS (Symantec makes Norton for OSX too) and software version.

Can you imagine if the x64 executables and libraries were downloaded and installed on a 32-bit system? Or ViceVersa?

In following this logic it is pretty clear that PIFTS was never needed.

As for the unsigned code part... well I doubt it made it through several layers of testing and preparation and was never signed, but we will have to wait for someone to prove/disprove that.

[edit on 11-3-2009 by Achorwrath]

One more comment, As Live Update covers so many Symantec products.
I find it extremely hard to belive they do not have demographic data on all of this already.

After I am pretty sure they show off this type of data at shareholder meetings and to potential investors/partners.

If there is no ID of the installed product what is to stop a Norton 360 user from getting BackUp exec files?

Originally posted by sp00n1
reply to post by Tripnman

 

You need to go to ¨advanced search options¨ and make sure you include in the search ¨hidden files and folders¨ otherwise you will not see it

Thanks, sp00n1. Yes, I did search using all the appropriate filters including compressed files. This was something I covered back on pages 13 and 14 of this thread when I first posed the question - do we know if this is version specific? We now have confirmation from Norton that this file was pushed to users of the 2006 and 2007 products. I am running 2008 and am unaffected, the file is not on any of my machines.

Regardless, I have now downloaded some free alternatives to Norton's bloatware and will be testing this weekend to do a complete switchover and eradicate Symantec's products from my boxes. For those that are interested, I had to do a complete uninstall and reinstall of NIS08 just last week when a bad update caused one machine to hang at login. Had to start in safe mode, disable all Norton services and restart to get back in. Once that was handled, i used instructions found online that assisted in manually cleaning the registry of all vestiges of the app. Of course, once I finally got the suite re-installed, it wouldn't activate, but that's for another conversation.

In summary, at least I know how to kill it, so as soon as I have a viable alternative, it's dead.

You know what?

Even though this will be swept under the carpet at some point and forgotten about as people get bored of banging their heads against the wall and more and more "credulous" lies come out about what this file does this whole thread is a testament to the lack of trust people put in large corporations - and for damn good reason.

It's likely the truth won't out about this file but just the sheer number of posts in this thread says "hey massive corp inc. we don't trust you, we don't like you and we're watching you like hawks!". It's good to see people on their guard - and intelligent people at that. It's this sort of thinking that is preventing these large companies silently monopolising everything. As always, we have the power not them simply because there are and always will be more of us than them.

Good work everyone!

T

Having watched this thread progress from about the sixth post onward, all I have to say is WOW! This has got to be one of the funniest real life, who done it and why, experiences I have had in a long time. This entire experience went off like a real drama/thriller. We had suspense, secrets, lies, spying, drama, some shady, some funny characters, and the MSM proving once again they are not to be trusted to tell the truth. What a fantastic ride this has turned to be and continues to be.

With regards to Symantec and this PIFTS.EXE file, there is no doubt this executable file could be a harmless program that simply piggybacks some Windows .DLL files to perform its tasks and that is why some of the coded lines appear. However… the mere fact that Symantec did everything they could to prevent this leakage/screw up/discovery from their customers, after the fact mind you, suggests the absolute opposite is absolutely true.
Because it is also a fact this executable file could be used for nefarious reasons. The fact that Symantec came out with a second news release to explain what others had discovered after claiming this file was for upgrade information only, proves beyond a doubt they have been busted. And instead of asking tough questions the MSM is allowing Symantec to get away with LYING! This truth about their lying is going to haunt Symantec and their products for a long time to come. Because it is also a fact that a lot of teenagers and young college students are now aware of the backdoor stealing of personal and private information going on at Symantec for either their sales or government information mining operations, and who in turn are explaining this evil backdoor to their parents, etc. etc...
This is a fact, Symantec is busted, they‘re a bunch of data thieves, period! I do believe once this entire executable has ran its course and we find out all the little secrets, Symantec is going to be sued, sued, sued… And if you have Symantec products you most likely will be contacted within the next couple of years. The chances of you getting any money, instead of a lawyer getting filthy rich, is slim. However, Symantec is going to feel the affects of this for a long time.

To those who claim there are several other ways for Symantec or the government to grab your information, that is true… However, to use a program that already has unlimited access to computers and all the information therein, if you can add just one simple executable, well then it is done on the cheap! Now, for those who claim Symantec doesn’t want grandma's cooking receipts, I agree, they aren’t interested in that at all. However, the websites you frequent, Porn - legal or otherwise, Militia websites, the anarchy cook book searches, ATS websites and all other types of information in between. Now that information is priceless to government agencies that want to know, without you knowing they want to know. Not only that, criminals are usually cheap as hell and the government knows those doing illegal or suspicious activities are usually using old, outdated, everything. Tech savvy people wont be caught, usually, they know this… However, the majority of people on the Internet are completely computer illiterate. If it wasn’t for the fact ATS and other sites like ATS exists, Symantec would have gotten away with this scot-free. Which means ATS, you are now, more then ever, in the crosshairs of those who will seek to destroy this website. Unless you have extremely deep pockets, like asking members to pitch in for your defense, expect to be harassed very soon! And from many, many corners….

(continue below)


[edit on 11-3-2009 by littlebunny]

(continue from above)

Also, the damage this has done to Symantec is going to cost hundreds, if not thousands of Jobs… In the long term Symantec has some serious issues to deal with. Because this information is everywhere. Kids all across America and Europe are talking about this and in turn telling their parents, so even if it wasn’t true, which it absolutely is, Symantec would have to spend major amounts of cash in a PR blitz to help save its reputation. The fact they are still having meetings trying to figure out/discuss how to handle the people, proves they are scared out of their minds. Having been in corporate boardrooms, believe me when I tell you, nothing is being done without it being thought out to death… Which usually means they are completely missing the obvious! I would not be surprised if Symantec uses a single person to be their scapegoat. “Hey Bob, we're gonna give you X amount of cash… then we're going to ruin your name… Don’t worry criminal charges wont be leveled, and you get to keep the cash… Are you down?”

Like I said, this is one heck of a story that is going to have more twists and turns then a tornado by the time this is all said and done. I guarantee people are spending hours researching this executable file because they want Symantec, and they want them bad! To end this tomorrow and deal with the repercussions, on the short term, Symantec would be extremely well advised to admit this executable file does in fact data mine their customer user Internet habits. If not, within a very short amount of time, if its not to late already, Symantec and all NORTON named products will be labeled as a Government snooping software front company. And there aint enough government bailout money in the world to stop that from spreading like a brushfire being pushed by hurricane winds.
Symantec, you’re busted, admit to it… Give us an excuse people can understand… like; “We gather website and history information so we can determine which sites to protect our members from… Even though we gather this information it is not member computer specific thereby keeping our customers personal information secret from all parties, including the government! We might know where people go, but we have zero idea who those people are.”
Anything sort of this Symantec and I can sum up your companies future in two words… You’re Screwed!

Whatever they decide this is going to be a story that will keep on giving for a long time to come!

--Charles Marcello


[edit on 11-3-2009 by littlebunny]

reply to post by Terric

Even though this will be swept under the carpet at some point and forgotten about as people get bored of banging their heads against the wall and more and more "credulous" lies come out about what this file does this whole thread is a testament to the lack of trust people put in large corporations - and for damn good reason.

Though your concern is valid and the underlying fears also based on historical events...

It is important to VERIFY the facts.

I finally have gotten my hands on a copy of the PIFTS.EXE (Thank you Ian! ) and will be analyzing it with a VERY FINE TOOTHED COMB.

A quick persuasal of the binary image doesn't support the notion of a wholesale harvesting of your private information. This is a small EXE and WinBlows executable files have a lot of filler (headers, structures, etc. etc.)... Read: NOT a lot of actual code... Especially this EXE.

This program does in fact call the Winint API (a library I'm not familiar with... yet ), and more specifically InternetConnect. If it is verified that these library functions do IN FACT open up the index files (Anyone remember Microsoft for bundling Explorer as deep into OS as they could? )...

And if no one can actually produce an OUTPUT FILE/DATA PACKET (other than a 'Norton.log' with an URL string supporting Symantecs story! ) that supports the allegations that we are ALL making...

Than MAYBE you guys want to start drafting your APOLOGIES to Symantec.

The PROOF up or down is in the PIFTS executable.


[edit on 11-3-2009 by golemina]

[edit on 11-3-2009 by golemina]

German products guys, how many time need i write it -> Avira free or premium
No made in usa crap please