One poster on the Zone Alarm forums wrote the following:
According to my ZoneAlarm logs, the "PIFTS.EXE" program attempted to access the Internet twice. The first instance was automatically blocked.
The second attempt, about 5 hours later, is the one that manually prompted me for a response.
The first attempt that was automatically blocked was attempting to access a destination DNS of " stats.norton.com ". So, my professional guess is
that this supposed Norton "Update" was actually being used by Norton for analytical/statistical/demographic information. In other words, Norton was
snooping on its users. Or worse yet, profiling its users.
The "PIFTS.EXE" file is located within the "C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\Updt61"
folder on my hard drive. The "UpdtXXX" folder (where "XXX" may be any 2 or 3 digit number) will most likely be different in your computer. By
default, the "Application Data" folder is hidden. So, you may need to unhide the folder first before viewing its contents. And if searching for the
"PIFTS.EXE" file, you will need to alter the "More Advanced Options" to include "Search Hidden Files and Folders". By default, the Windows
Search utility does NOT search hidden files/folders.
In my case, the "Updt61" folder was created on 3/9/2009 at 7:29 p.m. But, the "PIFTS.EXE" file was created on 3/4/2009 at 6:05 p.m. Clearly
indicating that Norton planned this "update" (a.k.a sniffer) and programmed it to kick of on 3/9/2009. At least, that is my humble, professional
Based on this, my guess is that this is a program that collects information about infections to be sent to norton for analysis. Most mainstream
security software offers an OPT IN button for this but, if norton has not given you the option, it's indicating they're not too interested in your
From what I understand, the information COULD show things like:
spyware you picked up while surfacing the internet.
What site you picked it up
Basic computer configuration
POSSIBLY personally identifiable information depending on the collecting program.
If norton did not give people an option to OPT OUT, that's just crappy.
I've never been a fan of norton as it's always been slow, bloated, and too intrusive into your OS.
I personally prefer Trend Micro Internet Security. It offers Anti-virus, Firewall, anti-spyware, etc... the whole bit and it's competatively
By the way you can download a 30 day trial version of Trend Micro Internet Security 2009 from their website so you can try it out. It will also
perform a pre-install scan to make sure you don't have any virus', etc.. to make sure you get a good install. Just an FYI, I don't work for TM,
and in the past, I've used McAfee, norton, AVG antivirus (free and not bad when combined with free zone alarm).
I also recommend using a stand alone anti-spyware program
My favorites are:
Stopzilla (paid) my favorite
Spyware Doctor (paid)
Spybot search and destroy (free)
webroot spysweeper (paid)
Spyware doctor (paid)
Spyware doctor starter edition (free)
You can download all these at www.download.com which is CNET's download section. Some of these might let tech support help you find out what's
going on with the pift.exe file
I've used all of these and they're all good but they won't all work together so before buying any, make sure they're compatible with your other
[edit on 10-3-2009 by jfj123]