SCI: Tech Fears Arise Over Norton and Pifts.exe

page: 31
267
<< 28  29  30    32  33  34 >>

log in

join

posted on Mar, 12 2009 @ 06:49 AM
link   
Hey all - I have been reading up on this whole pifts.exe thing for the past few hours, and I agree - something strange is going on to warrant such a coordinated effort by Yahoo, Symantec, and Google.

I decided to join up on this forum to share what I've been finding.
This post will hop around a bit, but please bear with me.

I propose that this might also be explained by some kind of anticompetitive financial arrangement. It seems to involve Yahoo, Google, and Microsoft - though who's in bed with whom is up for debate (more on that later).

So....if I'm not mistaken, we have both Symantec AND Yahoo! Answers deleting questions about this pifts.exe early on, CLEARLY BEFORE they were able to (rightfully) claim abuse of the forums via spam.

Apparently, Google was also purging results for pifts.exe, at least early on.



Let's take a look at some recent history between these entities, shall we?


Symantec and Yahoo are partnered:

YAHOO AND SYMANTEC JOIN FORCES TO PROTECT CONSUMERS ONLINE [25 July 2006]

Yahoo! Inc. (Nasdaq: YHOO), a leading global Internet company, and Symantec Corporation (Nasdaq: SYMC), the leading security software company, are partnering to offer Internet security services to hundreds of millions of Yahoo! and Symantec customers worldwide. Launching today, Norton Internet Security provided by Yahoo! is designed to give consumers the confidence to travel the Internet freely by helping to protect from viruses, hackers, spyware and spam.






NOW - let's get into Google and Yahoo, shall we?

Google/Yahoo Search Partnership Announcement [12 June 2008]




But wait - not so fast:


Businessweek: Something's Fishy About this Yahoo-Google Deal [17 April 2008]

Oh, please. An initial test of outsourcing Yahoo’s search to Google showed positive results, according to an account in the Journal. Hold it; didn’t that test just start this week? Wasn’t it supposed to go two weeks? Didn’t we already know that Google ads work better than Yahoo’s? Yes, indeed. That’s why I’m a little suspicious of the “people familiar with the matter” who are saying this could lead to a wider deal between the two companies. It’s certainly in Yahoo’s interest to show Microsoft it has another option, and it’s certainly in Google’s interest to throw a monkeywrench into any Microsoft plan.




ALSO!

Microsoft is Officially Unhappy with the Google-Yahoo Deal [13 June 2008]


"Our position has been clear since April that any deal between these two companies will increase prices for advertisers and start to consolidate more than 90 percent of the search advertising market in Google's hands," Evans said. "Legal and industry experts agree that this would clearly make the market less competitive."



More strangeness about the deal:

Was the Yahoo/Google deal a ploy to weaken Yahoo? [3 October 2008]

In a letter to the Justice Department's antitrust chief yesterday, Sen. Herb Kohl (D - Wisc.), chairman of the Senate Antitrust Committee, advised the Dept. to maintain a close watch over Google and Yahoo as they initiate their search advertising deal, for two reasons: The first is something discussed quite often, that the deal could be used to drive up the price of contextual search advertising.

But the second is something that has been mentioned, but not fully explored: the notion that Google made the deal in bad faith, as an anti-competitive measure to maintain Yahoo's subordinate position in the marketplace.



continued...
(1/2)




posted on Mar, 12 2009 @ 07:00 AM
link   
Sorry for the lag...was busy making the links nice and pretty


Yahoo-Google deal sparks fresh concerns [30 Oct 2008]

JPMorgan analyst Imran Khan issued a research note on Wednesday that re-examines the potential of Yahoo reviving a search-only deal with Microsoft, which the internet search pioneer rejected back in July. Previously, Microsoft had offered to buy all of Yahoo for $33 a share, but then walked away from the table after Yahoo countered with $37 a share.

Khan, noting the unlikelihood the DoJ will sign off on the Yahoo-Google partnership in its current form, said: "We estimate that Yahoo could gain an additional $725m in annual OCF through a Microsoft search deal. In our estimates, outsourcing search to Microsoft could lead to $1.4bn in cost savings which would more than offset our estimated revenue loss of $649m resulting from affiliate revenue loss and the revenue split with Microsoft."







I found the next two bits of info about what the program's doing from the original thread (or a continuation thereof) on 4chan's /g/ :

I looked up the:

G O E C 6 2 ~ 1 . D L L

thing we found before.
Symantec accesses Google Desktop. G O E C 6 2 ~ 1 . D L L is Google Desktop.




These are the IPs to which this .exe is allegedly sending data after it does SOMETHING or other in your browsing history, cookies, etc (emphases added):

>67.134.208.160
>United States Washington SWAPDRIVE
>Qwest Communications Corporation
THAT IS NOT # HELPING ME

>207.46.248.249.80
I'm guessing it meant :80 not .80-- that's Microsoft. It's the search companion. Is this just explorer being retarded per usual or something more? In any case, it's not an African IP. I don't know where they got that part of it.






Symantec owns Swapdrive, as a quick search will tell you.

So, we have Symantec's AV software possibly looking at data from browsing history etc., accessing Google Desktop, and sending this out to Swapdrive (Symantec - who's in bed with Yahoo!) and Microsoft.

Are Microsoft and Yahoo! trying to sabotage Google? Depending on what's being done with the data, perhaps this is a clever method to mine data from Google searches?

Are all 3 of them trying to get in on this anticompetitive arrangement under the public's nose? If a Google-Yahoo deal would possibly drive up prices and be anticompetitive, wouldn't the same be true - to a greater degree - if MS, Yahoo, and Google all got together?


I may very well be reading a lot into all this, but it seems to me as if there may be something here...

By now I'm too exhausted to think about this any more...




posted on Mar, 12 2009 @ 07:06 AM
link   
I forgot to mention that (it's in at least one of the articles I posted above, but I'm too tired to go hunt it down right now) MS was wanting to buy Yahoo for $33/share, and walked away from the deal when Yahoo came back with $37/share.


Also just found this:
Google will derail Yahoo-MIcrosoft deal [17 April 2008]

Hmm the plot thickens...


I think that's all I forgot, going over my 2 posts...




posted on Mar, 12 2009 @ 09:31 AM
link   

Originally posted by sadisticwoman
(original post by sadisticwoman here)


...But if you use Common Sense 2009, you can use Windows without having to pay for an anti-virus that includes shady executables in their software.



I Googled "Common Sense 2009" and "Common Sense 2008." I also checked Sourceforge and Freshmeat. All I can find are torrent downloads.

I don't mind if that is the only way a company/project distributes software, but don't you think it is strange that there isn't an official website that, at least one that can be found? It would be nice if there was some web presence and be able to get md5 and sha1 checksums from the website.



posted on Mar, 12 2009 @ 09:48 AM
link   

Originally posted by BSndsMPBlk47
I Googled "Common Sense 2009" and "Common Sense 2008." I also checked Sourceforge and Freshmeat. All I can find are torrent downloads.

Keep searching, you'll find it!



This discussion has taken an interesting turn. I think the initial issue, the EXE in question, has not yielded any hard evidence of conspiracy or subversion, but the Symantec reaction, and the subsequent investigation by various members here of corporate collusion and such, is very interesting, and should give those who hadn't previously consider such issues pause for thought. The business of maintaining the consumer software ecology is quite an incestuous little symbiosis.



posted on Mar, 12 2009 @ 01:46 PM
link   
reply to post by Ian McLean
 



This discussion has taken an interesting turn. I think the initial issue, the EXE in question, has not yielded any hard evidence of conspiracy or subversion, but the Symantec reaction, and the subsequent investigation by various members here of corporate collusion and such, is very interesting, and should give those who hadn't previously consider such issues pause for thought. The business of maintaining the consumer software ecology is quite an incestuous little symbiosis.


All right... You guys are WEEKS ahead of where I thought we would be with this thing...

But hey... Gotta go with the flow.

I've touched on it once already in this thread, but will bring it up here again.

If you look at the SOPHISTICATION of the new generation of Root Kits/Trojans, you can only come to one conclusion...

And that there is a significant effort to FORCE the WinBlows boxes back to conformity.

Now an inquiring mind might ask why would anyone possibly care about waning technology boxes...

Hmmmm......

The capablities of this technology is EXACTLY what 'we' surreptitiously installed in our (not so cooperative and asking way TOO MANY questions) client base 20 years ago.

We penetrated the client systems via their then mail gateways...

The AV software is a SO MUCH MORE DIRECT a pathway... don't you think?



[edit on 12-3-2009 by golemina]



posted on Mar, 12 2009 @ 02:07 PM
link   

Originally posted by Ian McLean

This discussion has taken an interesting turn. I think the initial issue, the EXE in question, has not yielded any hard evidence of conspiracy or subversion, but the Symantec reaction, and the subsequent investigation by various members here of corporate collusion and such, is very interesting, and should give those who hadn't previously consider such issues pause for thought. The business of maintaining the consumer software ecology is quite an incestuous little symbiosis.




The real issue should be the trust and control issues. More on that later.



A while back I tried a trial copy of Symantec software. If I recall correctly I tried to get a license and the internet connection came to such a crawl I couldn't even do that. I'm sure I at least uninstalled the program (to the extent it would uninstall) if not reinstall Windows.

I noticed at some point something somewhere about "extreme lock." Then I did some digging. Apparently they encrypt there software. It seems they rely on security by obscurity and go to greater extremes than most to maintain that obscurity. I wonder to what extent that is responsible for performance issues.



As for all this ruckus over an executable file -- pifts.exe in this case:

Software vendors routinely include features for downloading and installing updates. Of course new versions of files containing executable code are included. Some old files will be deleted and new files with new names will take their place. What makes pifts.exe so special other than the fact that a glitch made the software ask end (l)users questions?

Unless you have the skills and time to personally review every line of code and compile the code yourself, you ultimately have to trust someone else, even if it is the maintainers of a Linux, or BSD variant distribution.

I have to admit that on balance the availability of source code gives GPL and open-source software a huge advantage security-wise.





Originally posted by goleminaThe AV software is a SO MUCH MORE DIRECT a pathway... don't you think?




The above was talking about exploiting holes in software to compromise systems.

Well exploiting holes in any application with automatic update features would be more direct. Almost everyone has RealPlayer and Java, why not use one of those? How about the ActiveX controls for Windows or Microsoft Update?

I must admit that the more I think about it, the more I like the way Ubuntu and Fedora updates software by using repositories.



posted on Mar, 12 2009 @ 02:40 PM
link   
Just so yous know, Infowars has just posted an article about this on their site.

Peace



posted on Mar, 12 2009 @ 02:44 PM
link   
Ooops, actually InfoWars is giving it attention but the article points to telegraph.co.uk.

Sorry for the mess up.



posted on Mar, 12 2009 @ 04:08 PM
link   

Originally posted by oatie
UGH there seems to be a key logger in the code..odd
I think it may be stealing personal information and sending it to Africa
also the code was written by Mark Russinovich. If anyone cares enough to reasearch him and see his relation to symantec go right ahead.


I dunno if you are joking?

No need to research Mark ... he's brilliant , that's why Microsoft FINALLY bought him out by hiring him and his partner. Him and his partner (what's his name) wrote many hacking windows books etc. They went from master windows hackers to part of the corporate structure. Weird but oh well.

I find it hard to believe that Mark would have anything to do with the paragon of incompetence that Symantec has become. Sym owes their existence to lying marketing teams.

Embedded keyloggers are easier to believe. Stolen from Mark likely.

[edit on 3·12·09 by DrMattMaddix]



posted on Mar, 12 2009 @ 04:20 PM
link   
reply to post by oatie
 




UGH there seems to be a key logger in the code..odd
I think it may be stealing personal information and sending it to Africa
also the code was written by Mark Russinovich. If anyone cares enough to reasearch him and see his relation to symantec go right ahead.


Where are you seeing the key logger?



posted on Mar, 12 2009 @ 04:34 PM
link   
The more I think about it Common Sense 2009 is probably a document telling you not to do stupid things -- like run an attachment that may contain macros such as a Micro$oft Word document, install a fake codec from a fake porn tube 2.0 site, buy anti-virus software from obviously unethical vendors that claim your system is compromised in pop-ups, or try to download a program with P2P without at least finding out if there is a real project or company behind it and the checksum (at least md5sum or sha1, preferably sha2) of the file.



posted on Mar, 12 2009 @ 04:48 PM
link   
I'm listening to Alex Jones right now(must be last nights feed), Shoe on Head, from the internet, called in about PIFTS, and mentioned this thread!!

OK, confess, who got through to Alex as Shoe on Head, rofl! This is why the telegraph link was added to his page. ATS was on top of this one, yet again!

Alex made a comment about the headline of the telegraph story, which included the words conspiracy theory, and I was thinking the same thing, way to paint it as a crackpot theory.

Symantec I believe began the google PIFTS virus links rumor, so people would not search for it. I think they focused so much on SPAM and 4chan to throw the media off the scent. Now this, it is really no coincidence that the telegraph picks up the story, they reference conspiracy theory in the headline, focusing on this instead of the invasion of privacy, and deeper concerns this whole thing raises.



posted on Mar, 12 2009 @ 05:06 PM
link   
I'm going to kick this horse one more time.

Symantec AV runs a kernel mode driver that intercepts everything going to or coming from the drive and I suspect that their firewall software runs a kernel mode network filter... even if not there is basically no protection between drivers so accessing the network or altering the flow of network code (including bypassing winpcap, etc) is trivial from components that they already have deployed and accepted by their user base. By loading a driver from any vendor you are basically saying "I trust you to do whatever you want to my computer".

A (well executed) key logger or data miner running in kernel mode would be invisible from userland and wouldn't show up on a protocol analyzer installed on the machine(an external one would still pick it up).

Driver development is more esoteric and much harder to debug than generic win32 development, which would reduce the number of people who could successfully reverse engineer the software. Further since this software has a much bigger footprint and would be legitimately interacting with all they subsystems required any imaginable form of malware tracking down bad code would be difficult if not impossible...

My point here is that they already have the perfect vector to do whatever malicous thing they want to do. And Magic Lantern, or whatever they are calling it now, is probably also a kernel mode component. So (symantec) sending out user mode malware would be dumb. Of course, everybody knows that the world is full of stupid people so it isn't impossible but it seems extremely unlikely. It is especially unlikely if it is being done in cooperation with the government, because in that case the primary risk is discovery by end users not discovery by other vendors or by law enforcement.

[edit on 12-3-2009 by baahl]



posted on Mar, 12 2009 @ 05:21 PM
link   

Originally posted by baahl
I'm going to kick this horse one more time.

Symantec AV runs a kernel mode driver that intercepts everything going to or coming from the drive and I suspect that their firewall software runs a kernel mode network filter... even if not there is basically no protection between drivers so accessing the network or altering the flow of network code (including bypassing winpcap, etc) is trivial from components that they already have deployed and accepted by their user base. By loading a driver from any vendor you are basically saying "I trust you to do whatever you want to my computer".

A (well executed) key logger or data miner running in kernel mode would be invisible from userland and wouldn't show up on a protocol analyzer installed on the machine(an external one would still pick it up).

Driver development is more esoteric and much harder to debug than generic win32 development, which would reduce the number of people who could successfully reverse engineer the software. Further since this software has a much bigger footprint and would be legitimately interacting with all they subsystems required any imaginable form of malware tracking down bad code would be difficult if not impossible...

My point here is that they already have the perfect vector to do whatever malicous thing they want to do. And Magic Lantern, or whatever they are calling it now, is probably also a kernel mode component. So (symantec) sending out user mode malware would be dumb. Of course, everybody knows that the world is full of stupid people so it isn't impossible but it seems extremely unlikely. It is especially unlikely if it is being done in cooperation with the government, because in that case the primary risk is discovery by end users not discovery by other vendors or by law enforcement.

[edit on 12-3-2009 by baahl]


Yes exactly they also gather system information this way with every update.

So why would they need a seperate .exe to this?

I think there is defintiely more to this than simple user statitical data, what I am note sure but it is no as it appears



posted on Mar, 12 2009 @ 07:19 PM
link   
reply to post by hotbakedtater
 


Shoe on head lol definitely a Btard from 4chan.



posted on Mar, 13 2009 @ 12:08 AM
link   
Every day at work I usually, at least once, check current news stories on all the MSM sites (primarily, starting with CNN and FOXNews respectively) just to see what most other people see when they browse the internet looking for news.

Today, I was reading a story on Fox News about google and saw a link to this CNET story on pifts.exe ..

March 10, 2009 12:43 PM PDT
Symantec creates havoc with unsigned Norton patch
by Elinor Mills

This is proof that we were all over this one.

Earlier today,In the news story on CNET, you would have seen mention of abovetopsecret and an actual link to one of the posts in this very discussion thread!

Awesome!

But at 2:45 PST the news story was edited and that entire part of the news story was completely deleted..... It would have been nice to know why exactly. Oh well.


The company pulled the patch after three hours and then unwittingly laid the groundwork for conspiracy theorists after it started deleting forum posts related to the matter. The company was not censoring the posts, but fighting off a spam attack, according to Kyle.

"At the same time we were pulling down the patch a spammer created a new account on our forum and minutes after that there were 200 new users all targeting the same thread," he said. "Within the first hour there were like 600 posts to that thread. Obviously it was a bot creating this."

The posts were written with poor grammar and broken English and some were vulgar and nonsensical. It is possible, though, that Symantec could have inadvertently deleted some legitimate posts while it was purging the spam, Kyle said.



Sure... A "SPAM ATTACK"

What about the hundreds of people that actually directly called the company demanding answers only to be given the runaround, no explanations, and then left out to dry?

And if they really were being attacked with a bot spamming pifts threads, then

1- Why was that never mentioned here?
2- Why were the only complaints here of threads being deleted only applicable to people with actually legitimate threads, some of them hundreds of posts long of posts by actual members of their discussion forums??

This is the way i see it..
This story is much bigger than people are giving it credit for. They were caught and are trying to publicly explain themselves. Perhaps some threads were being spammed. But you would think we would have heard something about it here considering probably hundreds, if not thousands, of people were monitoring their discussion forums for any updates regarding the mysterious pifts.exe ..At the same time posting here in this thread telling us what they were finding (which was that all the legitimate threads demanding answers on pifts were being deleted for no apparent reason).


The patch for 2006 and 2007 versions of Norton Internet Security and Norton Antivirus, a program dubbed "PFST.exe," (Product Information Framework Trouble Shooter) was distributed to collect anonymous statistics on matters such as how many computers are using the products and what operating system they are running, Jeff Kyle, group product manager for Symantec consumer products, said Tuesday.


For starters, I think even CNET mispelled it (I believe it is "PIFTS.exe" not "PFST.exe"). Interesting, in itself, when you think about it.

And then the only link to conspiracy discussion on the topic was, itself, deleted a couple hours later.

News story started
March 10, 2009 12:43 PM PDT

Updated 2:45 p.m. PDT with link to forum site and explanation, Washington Post reporting that hackers created malicious related sites that appear in Google search.


And no reason given for excluding everything else that was deleted.

-ChriS



posted on Mar, 13 2009 @ 12:36 AM
link   
This is interesting for sure. Why would they need a separate executable to collect or mine data? The current software can do this no problem.

I wonder if this is a terminate and stay resident .exe that is still running on all your pc's?

I'd go into the registry and do a search for it, I don't run NAV or I'd do it myself.

Can someone search the registry for pifts.exe and see if there is anything in there? A simple run>regedit>highlight My Computer and a search should do it.

BTW - I've never trusted Norton and I swear they create virii just so they can be the hero and be the first to find them for you. I know it's the conspiracy nut in me, hehe

[edit on 13-3-2009 by B.A.C.]



posted on Mar, 13 2009 @ 01:25 AM
link   
Very interesting thread. have to admit that I ignored for a few days and only now realize how huge this story is! Use AVG--free gets the viruses--I also use adaware and malwarebytes--cccleaner and diskcleaner...all free and all you ever need.



posted on Mar, 13 2009 @ 12:16 PM
link   
Hello everyone,

I’m one of the administrators for the Norton Community Forums. First off, I would like to apologize for the removal of legitimate posts, and delayed response in acknowledging the PIFTS.exe issue. While the reason for merging like-posts in to a single thread was not intended to silence the voices of the users, we do understand that it ended up causing a lot of suspicions about the topic. We are sorry for the confusion that we have caused, and have developed new strategies to ensure this doesn’t happen again.

We launched the beta of the Norton Community Forums in April 2008. We’ve been very transparent with many issues that have come up on the boards, and utilized this opportunity to have more open discussions with those who use our software. We have also been very lenient with posts. There are threads on the forums that are critical of our products and discuss non-Symantec scanning software recommended by other users, as well as other non-relevant 3rd party software. I'm not saying this to get a pat on the back, but to acknowledge that we encourage open and honest communication on our forums. We strive to be transparent and give our customers the best information as quickly as possible.

We’ve spent the past 2 days compiling all the information regarding PIFTS.exe and detailing what it does. We’ve also included information regarding the timeline of events that happened on the forums. To view this information, please visit this forum thread: community.norton.com...

We also have a discussion thread for all things PIFTS.exe related at the following thread: community.norton.com...

Please read through the above two threads if you have any questions, as many questions have already been addressed (such as rumors that we sent personal information to our servers, rumors regarding sending information to Google, and other rumors that we were involved in a conspiracy or “cover up”).

We welcome you to join in on the discussion if you have any concerns that need to be addressed.

Again, we’re sorry for the mishap and all the confusion that this has caused.

Cheers,
Tim Lopez
Norton Forums Administrator
community.norton.com...





 
267
<< 28  29  30    32  33  34 >>

log in

join