Conspiracy theories fly around Norton forum 'Pifts' purge
Conspiracy theories are running rampant in the absence of a clear explanation of why Symantec deleted threads expressing concern about a file called pifts.exe from its Norton support forums. Many users running Norton Internet Protection began seeing a popup warning on Monday that a file called PIFTS.exe on their systems was …
Can't believe people still use that crock of shite! I gave it the elbow over 4 years ago when it started bloating and became a total resource hog. AVG went the same way... pah!
Disgusted (though not from Tunbridge Wells)
millermia on the zone alarm forum found the file in a hidden folder, not a "non-existent" folder and there are many similar hidden folders used by other apps in "Documents and Settings\All Users\Application Data\" so it isn't the unholy rootkit armageddia you are punting. Journalism these days seems to be based on the the 6 W's What, When, Where, Why, Who and Worry your readers into a state of fear and apoplexy.
From what I read the folder is simply hidden, not rook-kit type tricks. If you have explorer set to show hidden files and folders you can see it.
What I don't understand is why Norton is deleting all the forum posts. That's a guaranteed way to draw as much attention to the issue as possible.
I imagine people are also going to monitor changes in privacy statements and EULA's, so see what if anything they were doing that they don't want their customers to know about or discuss.
Most likely the file is soething to do with product activation/validation and accesses the norton server to validate the users subscription as part of the update process.
Hence it is a valid file but norton doesn't want to talk about it lest people start fiddling with it and find a way to bypass subscription requirements.
They are crap and slow and now hide backdoors.
There are plenty of alternatives that do a far better job.
It looks like the bad guys are up to their trick of jumping on the bandwagon again.
We're seeing evidence that websites containing malware are showing up in search engine results when people hunt for PIFTS. Sophos is picking up some of these sites as Mal/BadRef-A.
The Mal/BadRef-A script redirects to another malicious script (Troj/Reffor-A) which then itself redirects to a page detected as Mal/FakeAvJs-A.
That page leads to a fake anti-virus scan (scareware) designed to frighten you out of your hard earned cash.
Cheers
Graham Cluley, Sophos
people will be reverse engineering that software.
So, perhaps not a theory conspiratorial or otherwise by the morn.
It is probably going to be an ET.
I dont use that bloated piece of crap called Norton. If they cant be honest by atleast saying its part of OUR program and no we wont tell you what it does, but instead delete questions without so much as a comment. Hope this encourages more people to stop using it.
/Flames cause im sure they will come.
Think the file has been altered or was not intended for commercial release. The file has been "padded" out to size (the last few Bytes of the file is filled with the word "PACKINGPACKINGPACKING" etc... etc... this is usually found in tampered or virus like files...
How many people does this really affect? 5? 10? Maybe a dozen at the most. Can't be any more that that still using Norton crapware.
I thought everyone had deleted that Norton crap off their computers years ago.
Thumbs down to all Symantec software.
This is not the file you are looking for...
is dat sum exploit?
Public relations - Symantec fails it
Anyone given thought to the possibility that Symantec do not want this talked about because it potentially reveals an as-yet unused tactic for detecting and removing malware? 'Rootkit-like behaviour' could indeed indicate Symantec moving into using such technology against malware.
I actively despise Norton product line and campaign (in my own small way) against its use, but I don't let my hatred cloud my judgement. It's a shame so many others do.
Norton say it was a program distributed with an update that sent information back to their servers to give them an idea of the number of people needing to be migrated to a newer version. They say the number of people moving up to Windows 7 meant they had to calculate the load this would put on servers to migrate people over to a newer Norton.
...then don't be surprised if it's up to no good. It's intrusive, hard to uninstall and a resource hog that takes over your machine.
http://community.norton.com/norton/board/message?board.id=nis_feedback&thread.id=39119
The file is not in a "non-existent" folder. It's in a hidden folder.
This is obviously down to the new small footprint for Norton that we hear so much about - what could be smaller, datawise, than saving the info in a non-existent file?
Congrats to Norton, next time they will hope to not be found out........
Paris, Oh dear, has she been found out.......
Time for a new sexist icon? How about a homosexualist icon? just for a laugh, obviously, I quite like Paris - at a distance, .....in my dreams
Anyone else appreciate the irony of not one, not two but THREE adverts for "Symantec Recovery" on this article?
Mine's the one with tinfoil lining and matching hat...
Darn, what a killjoy.
Had the chopper set up with a new coat of black paint, and all gassed up and ready to go...
That was the first AV package I ever used. I hated it so moved on to another... and another... and another... and it was downhill all the way.
Norton did what it said on the tin, albeit like a lardy pig. All the rest were progressively worse, culminating in the disaster called f-secure, an utter reeking ammoniacal Augean stable.
Disclaimer: I work for no AV vendor.
Have a hard time removing Norton?? Seems to leave its self all over the Reg.
Too late ... looks like others had already taken off
Classic. I generally uninstall Norton stuff on sight (alas for the days of Norton Commander...) but it looks like they got the short end of the PIFTS on this one.
...............have a virus than Norton, the virus does less damage to your system, and is easier to remove with reputable tools. Always good to see a spanner in the works of the MS/Symantec protection racket.
Amusing to see Symantec talking about scareware isn't it.
Tux, cos he don't need no stinkin' anti-malware malware.
I like their comment that they were being abused as multiple new accounts were being created to discuss the problem.
So all these people who saw the problem and wanted to talk about it were being malicious.
And if they are deleting such posts, no wonder it was followed by some of the 'spam' they received.
Damn right! I dumped it about 3-4 years ago, it was such a pig to maintain, always crashed and it was an even bigger pig to remove, it always left small residual traces behind. You either needed to rebuild or go out onto "da web" to pick up the Norton removal kits, written by hackers to get the damn thing out.
It's crap but like Windows itself, Joe P. is happy to lump the problems and live with it!
No really, how many times have we heard of this kind of nonsense. Vendor's product has issue, questions posted on vendor forum, posts deleted.
Customer Relations 101 reminder : deleting questions without explanation will invariably bring the issue under greater scrutiny and will, without fail, put the vendor in bad light in the opinion of the public.
Happens every time. No exceptions.
Why oh why do these companies still try ?
Don't worry - there'll be another panic-button to hit soon, so keep the chopper blades spinning. That's the great thing about the internet and forums, it's sooo easy to get a conspiracy theory off the ground :)
* O LAWD IM CHOKIN ON PIFTS PLZ HALP
* OH GOD YOU GOT CHOCOLATE IN MY PIFTS
* If you wanna be my NORTON/ you gotta deal with my P ! F T S . E X E
* IF PIFTS.EXE WAS HERE, THEN WHO WAS PHONE?
* PIFTS.EXE PIFTS.EXE PIFTS.EXE PIFTS.EXE PIFTS.EXE PIFTS.EXE PIFTS.EXE
* I LOVE MY PIFTS.EXE
^ I detect anonymous at work.
Cos its piled high in PC Rip Off Wurld & other commercial outlets sell it by the pallet load to the great unwashed, who dont know better...
I really don't see the point of AV software like Norton and McAfee or even AVG (which the 'IT guy' insists we have to have installed and running (I switch mine off) on our workstations at all times). Others are right to suggest they are nothing but unweildly system hogs.
On my personal PC at home I don't use any of 'em. If I get a trojan or some such hijack I just use things like Malwarebytes, Windows Washer and CC Cleaner. My PC at home is far more stable, cleaner and reliable than the AV-enabled piece of crap I'm forced to use at work.
Go figure.
You obviously have no idea how much damage an infection can do to a corporate network, not to mention the various problems you could suffer by breaking various laws (like the DPA) which mean you have to actually take care of the data you hold.
I could go on, but I have a feeling i'm wasting my breath.....
Crawl back under your bridge like a good little troll.
Have Norton never heard of the Streisand Effect? The only way to guarantee that everyone knows something you dont want them to know is to release it then try to cover it up. Once you do that, the entire internet will gang up against you and make sure everyone knows what it is you were trying to do in the first place.
had they released a notice saying, "Sorry guys, thats our data collection mechanism. We use it to collect data from your PCs to provide better protection, and it needs to be hidden in case the virii get to it", and not deleted any discussions, no one would give a toss.
If only your statement was correct, unfortunately its not... One thing Symantec is really good at is making money, they hold 50% + market share, so this little gem is affecting millions upon millions of unenlightened, slow, stupid or otherwise retarded people who fall victim to symantec, whos corporate motto is: We are betting at making money than we are at making useful products, but we dont give a fuck because we've already got your money!
if you're using Symantec products then you've already noobed out and deserve what you get.
Simply change.
Hello everyone -- I work for Symantec's public relations firm, Edelman. Just wanted to quickly point out that if you want more information on the PIFTS issue, you can go to Symantec's user forum at http://community.norton.com/norton/board/message?board.id=nis_feedback&message.id=39119&query.id=286857
Louis Cheng
Edelman Public Relations
And there is a follow up message to the one Louis Cheng links to which really must be read.
"PIFTS.EXE and User Information Disclosure and System Changes"
http://community.norton.com/norton/board/message?board.id=nis_feedback&message.id=39665
which explains further about PIFTS.EXE and explores the referenced reports on automated analysis of PIFTS.EXE by the Anubis server.
Does it explain why they were banning people for posting on their forums about the issue? Brilliant public relations, that.
Sign up, sign up for The Register's weekly IT security newsletter - click here
