One of the /b/tards over on 4chan stated that P.I.F.T.S. is an acronym for Personal Information File Transfer System. He goes on to suggest that Symantec has been hacked, and someone is using Norton to extract personal data from symantec customers.
True or not, thisdoes make a lot of sense, and would explain why Symantec is going to such great lengths to destroy any mention of "Pifts.exe"

any thoughts?

Originally posted by RFBurns
Whats their problem? How can they sue your site just for talking about some exe file?

What do your attourneys say about it?


Cheers!!!!

I take it this is aimed at me. If you read my post further you would've noticed that I was just joking (adding fuel to the fire). My apologies for causing any confusion.

Originally posted by Gemwolf

Originally posted by RFBurns
Whats their problem? How can they sue your site just for talking about some exe file?

What do your attourneys say about it?


Cheers!!!!

I take it this is aimed at me. If you read my post further you would've noticed that I was just joking (adding fuel to the fire). My apologies for causing any confusion.

Ahh well its cool, no worries.

2nd line

Cheers!!!!

Originally posted by nikmti
One of the /b/tards over on 4chan stated that P.I.F.T.S. is an acronym for Personal Information File Transfer System.

That really sounds like a "backronym". I doubt it would really stand for something like that.

Interesting point to note that there is apparently another file, called "pifsvc.exe", that is involved with Norton "live update". Not to be confused with "pifts.exe". Perhaps the "pif" prefix is some kind of abbreviation used by the Symantic software developers.

Originally posted by staple
Norton is going to get caught with its pants down....
I cannot wait to see how this pans out.

Ha couldnt happen to a worse company!

Symantec has been putting this cruddy software on PC's for years and ripping people off with its exorbitant price.

Maybe its karma catching up with them..

Has anyone posted to Slashdot yet asking about this file? See if they delete the post like everyone else.

I'm downloading a trial of norton's to run on a VM inside of Linux. I want to see for myself.

This looks like a joke, which would explain why Norton is deleting the posts. This would also explain why tech support doesn't know what's going on.

[edit on 10-3-2009 by -Jaguar-]

Interesting string from PIFTS.EXE:

d:\perforce\entiredepot\consumer_crt\patchtools\patch021809db\release\PIFTS.pdb

A PDB, or "Program Database" file, is a separate file that is created when a C/C++ program is compiled by Microsoft Visual C++. It contains debugging information, and is usually not distributed with the EXE file.

This fully-qualified path to the PDB seems to indicate that PIFTS.EXE belongs to a set of 'patch' tools. It's unknown whether the Perforce depot (a source code version control system) that's referred to in the path is Symantic's.

Looking further at the EXE, this is a C++ STL program, console mode, compiled with Microsoft C++. Of interest is the 'imports' section, which allows the program to connect to operating system functions. It seems fairly simple, there's find/load/lock resource, which allows information in the resource segment of the EXE file to be accessed by the program, various file functions such as getting timestamps, creating and writing to files, registry access functions, some OLE automation, and interestingly, access to InternetOpen APIs provided by wininet.dll.

At first, and very brief glance, this would appear to be a program that connects to the internet and downloads files, writing them on the local machine. That's consistent with the depot naming of this as some kind of 'patch' tool. (That's just speculation, without a controlled analysis in a virtual machine.)

Of course, what is downloaded, why, and what that does, is a mystery - and Symantic's response (or lack thereof) to questions in this situation is quite suspicious.




[edit on March 10th 2009 by Ian McLean]

I have Norton and so does a friend, neither of us have had this window popped up.

Does it only pop up on a certain version?

I don't run Norton.

If it actually happened, then either Norton's servers were compromised (unlikely) or this is an update gone wrong.

The reason tech support doesn't know what is going on is because this is something new and it just happened. The people who are knowledgable enough to answer are now being woken up and finding what the problem was or is. After they figure it out, they will update tech support.

Posts on Norton's forums are now being deleted because people are just spamming to be funny. Why the first posts about it were deleted, that's interesting.

Originally posted by -Jaguar-
I don't run Norton.

If it actually happened, then either Norton's servers were compromised (unlikely) or this is an update gone wrong.

The reason tech support doesn't know what is going on is because this is something new and it just happened. The people who are knowledgable enough to answer are now being woken up and finding what the problem was or is. After they figure it out, they will update tech support.

Posts on Norton's forums are now being deleted because people are just spamming to be funny. Why the first posts about it were deleted, that's interesting.

I doubt they're spamming to be funny, they're spamming to get answers!

I'm thinking about posting myself...

Wouldn't be the first time for a corporation to install something covertly the Sony root kit fiasco comes to mind as the worst example I can remember but I don't think everyone should jump to conclusions as yet it could well be something innocent.

The forum posts being deleted and posting bans are suspicious though I admit that immediately made me think of policeware/Gov Spyware although that's a big jump and it's unlikely they would make it so obvious. Another possibility is some type of authorization check but it might just be a change to the updater or something related.

My opinion at the minute is it's probably nothing to worry about but then again I wouldn't personally install a Symantec product I find them bloated, expensive and in my experience anyway worthless at what they are meant to do.

Just made an account on Norton and posted about pifts.exe. I decided my tactic would be to spam there boards with it, so that even if someone only saw it for a few seconds, they would still know what was going on. My message read:


NORTON ARE COVERING UP PIFTS.EXE!!!!!!!


This thread will be deleted shortly, just watch.


There's a conspiracy going on here. They don't want anybody discussing pifts.exe


COVERUP !!!!!!!!!!!!

COVERUP!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!


NORTON IS COVERING SOMETHING UP!!!!!!!!!!!!!!!!!!!!!!!!!!


PS: Hey mod, **bleep** you for deleting this thread, you're a sheep who likes following orders, enjoy your pathetic life.

-------------------------------------------------------------


The post was deleted within minutes.

I decided to stick around and do some more spamming and was glad to see that our "friends" at 4chan are currently raiding the norton forum feedback section. It's nice to see that Anon are sometimes useful, they do enjoy to spam things after all.

Here's a screenshot of some Anon pifts spam.





That ought to keep the Norton mods busy.


Can't wait to find out what the truth is behind this mystery.

[edit on 10-3-2009 by Pompkinini]