

What is PIFTS.exe? - njrc
http://www.freebase.org/

======
Brushfire
From a slashdot comment on the same topic, way down:

[http://forums.zonealarm.org/zonelabs/board/message?board.id=...](http://forums.zonealarm.org/zonelabs/board/message?board.id=Off-
Topic&message.id=19903)

Looks like a stats tracking part of their update program. Perhaps they wanted
it secret and are employing forum admins with horrible self control.

Lesson: If you setup forums for your customers, dont go through deleting
legitimate negative posts that concern your products. This magnifies the harm,
not reduces it.

This is the internet, once something is posted here, its very hard to get rid
of it.

~~~
pmjordan
_Lesson: If you setup forums for your customers, dont go through deleting
legitimate negative posts that concern your products. This magnifies the harm,
not reduces it._

Particularly true for security software. You're supposed to be able to trust
these guys with deep hooks in your operating system, yet they seem to be
engaging in something resembling a "security by obscurity" strategy.

~~~
tptacek
News flash: virtually all security vendors keep mum on the design and
implementation of their products. Many of the host-based security vendors
actively compete with reverse engineers in vain attempts to prevent malware
from patching around their products. There are even popular data-loss
prevention products that hook the scheduler and interrupt handlers to keep the
kernel itself from inspecting them.

This is just not a news story.

~~~
Zak
_This is just not a news story._

The fact that the implementation details of Symantec's security products are
proprietary is not a news story. The fact that their response to questions
about their product generating suspicious alerts on users' systems is to
_delete forum posts_ asking about it is a news story. The correct answer in
this situation is to tell users that the program is a legitimate part of
Symantec's product.

~~~
tptacek
I agree with you. It is notable that SYMC flubbed the PR on this. I think I'm
trying to say, there's probably no story in the executable itself.

------
cedsav
Official explanation:

[http://community.norton.com/norton/board/message?board.id=ni...](http://community.norton.com/norton/board/message?board.id=nis_feedback&thread.id=39119&jump=true)

a bad software update, and a weird attempt at removing 'spam' from their
forum.

------
tptacek
Hysteria on both sides. I'm pissed at Symantec for amateurish public relations
on this, but also embarassed by the conspiracy theorists; there is no way, in
2009, that Symantec could get away with hiding objectionable code in their
binaries. Part-time security people will dissect this program for sport; large
enterprises already staff teams of people to evaluate the code they're
deploying.

~~~
vinutheraj
_there is no way, in 2009, that Symantec could get away with hiding
objectionable code in their binaries._

Granted. But there is no smoke without fire. I don't think its just a PR
problem. If they could go to such lengths as to delete all those posts, there
must be something in it other than the fact that they could not identify the
problem, or they so stupid ?! I am intrigued to see how this unfolds !

------
Jem
I honestly can't believe that people still use Norton in this day and age, let
alone that it was doing something dodgy.

~~~
mrbuwch
Why do you say that you can't believe that people still use it in this day and
age? Does Norton have a reputation for being absoluately terrible that I'm not
aware of?

~~~
Jem
This is anecdotal evidence, obviously...

Case 1

Background: my partner is an IT technician. He works in the school that I
attended when I was younger. We originally met when I was still in school.

About 9 years ago, before I was in any way IT literate, my mum had a computer
running Norton AV. It was slow, and not just because the hardware of the time
wasn't up to spec - Norton was seriously hogging the resources, and the
computer was loaded down with various viruses. We didn't know this at the
time, and I had my partner - the IT technician - make a personal visit to my
home on a weekend to see if he could fix the problem.

He was working on the computer from around lunch time on the Saturday until
near 11pm, and then had to return again on the Sunday, just to get the
computer back to a safe, useable state. Norton AV was replaced with AVG, and
that computer never had problems again.

Case 2

My partner knows a nice lady called Brenda. She had a laptop, given to her by
her son, that was also running Norton AV. We've been round to fix a few issues
on multiple occasions, but none more 'stunning' than the time my partner
removed Norton and installed AVG and Spybot; the virus/trojan/etc count
totalled over 1000. I have no idea how that machine was even running.

Case 3

My colleagues work machine, also running Norton. I removed it last year and
installed Avast. As well as finding a couple of issues, the overall
performance of the computer improved remarkably.

Apart from those 3 specific incidents, over the past few years I have advised
multiple people online to remove Norton and install something like AVG or
Avast, and the response has always been positive. At the end of the day, even
ignoring my experience, I could never trust a program that has to be released
with a "removal tool", because the uninstall process doesn't remove the
program from the system properly.

~~~
GeneralMaximus
I can confirm that. Long before I started using Linux and OS X, I had an
oldish Windows PC that had Norton on it. Replacing it with AVG not only sped
up my PC, AVG also got rid of several _hundered_ pieces of malware.

------
reconbot
Norton broke their silence. [http://community.norton.com/t5/Norton-Protection-
Blog/Symant...](http://community.norton.com/t5/Norton-Protection-
Blog/Symantec-Comments-on-PIFTS-exe/ba-p/74968#A282)

Apparently it was just part of the update but it went out unsigned so it
tripped the firewall. Some users were causing trouble so they just nuked all
forum posts and accounts with the word PIFTS. It looks like maybe a bit more
then that was going on, but other then some fighting with customers there's
nothing special going on.

------
Raphael
> IF PIFTS.EXE WAS HERE, THEN WHO WAS PHONE?

Gotta be 4chan messing with Norton.

------
samueladam
If someone is looking for a good antivirus product, try F-secure.

Everytime I had to deal with a virus infection, they were always there with a
free patch.

They are also playing nice with linux, and made a freely available Knoppix
based rescue CD and are blogging about their activity.

[http://www.f-secure.com/linux-
weblog/2008/11/25/rescuecd-301...](http://www.f-secure.com/linux-
weblog/2008/11/25/rescuecd-301-released/)

They've always been there in bad times, they've earned my trust and that's the
product I would advise to companies from now on.

