What is going on with Norton's forum?

Discussion in 'other security issues & news' started by Ade 1, Mar 10, 2009.

Thread Status:
Not open for further replies.
  1. Ade 1

    Ade 1 Registered Member

    Joined:
    Jun 21, 2006
    Posts:
    471
    Location:
    In The Bath
    Just thought I'd go on there to see what's happening and it seems some idiots have been starting threads about PIFTS.exe or something like that.

    You'd have thought they'd have had moderators on there to stop crap like this - spoils it for the rest of us!

    Check the link here.....http://community.norton.com/norton/board?board.id=nis_feedback
     
  2. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,069
    I presume there was no money left for moderators, just like insufficient funding for support, and the ASK deal with IAC which was apparently also necessary.

    Symantec must be heading for bankruptcy, or maybe the executives want a higher bonus. :D
     
  3. Ade 1

    Ade 1 Registered Member

    Joined:
    Jun 21, 2006
    Posts:
    471
    Location:
    In The Bath
    Good response! Seems that whole forum has just been spammed big time.....feel sorry for those who actually go there to get support/post problems....they'll just be swallowed up by the growing number of those spam threads and ignored.

    Love to get hold of these wasters and line 'em up and....you know the rest!
     
  4. Saraceno

    Saraceno Registered Member

    Joined:
    Mar 24, 2008
    Posts:
    2,404
    Whoever is doing it will be bored soon.

    Notice how the mac forum is untouched. Total spamming would cover all forums. It's a bunch of kids who have registered 10 usernames or so, spent a couple of hours posting.

    No matter how annoyed someone might be at a company, you never ruin something (forum) that's for others.
     
  5. vijayind

    vijayind Registered Member

    Joined:
    Aug 9, 2008
    Posts:
    1,413
    As per Niel's article in PCMag ( see thread ), the forum was the only refuge for sane Norton Support.

    Guess, Symantec actually read that article and decided to take corrective action ......
    By degrading the level of Norton Community Forum, thereby forcing everyone to pay $99.99 for support via their devilish agents. :D
     
  6. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    1,957
    Location:
    DC Metro Area
    Apparently there is something larger at issue. More here than meets the eye.

    A mysterious program known as pifts.exe seems to be associated with Symantec's anti-virus system, Norton.

    http://www.abovetopsecret.com/forum/thread444230/pg1


    PIFTS.exe appears to be related to a Norton update since it has a has a component in it that leverages the user's Internet connection to contact a Web page at norton.com, which is owned and operated by Symantec.

    http://voices.washingtonpost.com/securityfix/2009/03/symantec_users_complain_of_mys.html


    Symantec has been removing ALL posts discussing PIFT's from it's forums.

    http://www.google.co.za/search?hl=en&safe=off&q= site:community.norton.com "PIFTS.EXE"


    At this time 10:27 AM EST The Norton Forum is shut - down.


    More here:


    http://www.tech-linkblog.com/2009/03/conspiracy-theories-run-rampant-due-to-piftsexe.html/


    Zone Alram Forum thread about PIFTS:


    http://forums.zonealarm.org/zonelabs/board/message?message.uid=443981#U443981
     
    Last edited: Mar 10, 2009
  7. Saraceno

    Saraceno Registered Member

    Joined:
    Mar 24, 2008
    Posts:
    2,404
    So the moderators were deleting any reference to PIFTS.exe trying to connect out through users' firewalls?

    http://forums.zonealarm.org/zonelab...Off-Topic&message.id=19880&page=1&format=page

    Noone knows what the file is, but people are even more frustrated that their posts asking about it, are being deleted?

    That's some strange stuff going on. Read the comments in hawki's first link. Nothing might be out of the ordinary, but surely the support staff/moderators could be helpful and shed some light on what is happening.

    This one has a few more comments: http://answers.yahoo.com/question/index?qid=20090309204126AAGTEsK
     
    Last edited: Mar 10, 2009
  8. Ade 1

    Ade 1 Registered Member

    Joined:
    Jun 21, 2006
    Posts:
    471
    Location:
    In The Bath
    Has this PIFTS.exe problem just been added through a "normal" update or has it been added in the new version 16.5? Anyone know? I know some ppl who are using NIS2009 but they're still on version 16.2.0.7 - I understand Symantec are gradually rolling out the new version.
     
  9. nomarjr3

    nomarjr3 Registered Member

    Joined:
    Jul 31, 2007
    Posts:
    502
    Hmm..
    They've removed every post with regards to this PIFTS.EXE file in the Norton Community Forums.

    I smell something fishy...
     
  10. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    1,957
    Location:
    DC Metro Area
    There is at least one report on the net it came through the normal update:



    "I'm starting to wonder if Norton might actually be in on this thing. If you look for a directory similar to C:\WINNT\Temp (or similar depending on your OS) you may find a .txt file which contains a line of information starting with: "the ping url is http://stats.norton.com/n/p?module=..." this smells fishy to me. The text file will have a name similiar to Norton_PIFTS [Date] [Time my machine was apparently last rebooted].log

    PIFTS.exe appears to have been pulled in via LiveUpdate back on 3/4 on my machine. On 3/9 Live Update brought in another ZIP file with a long name ending in jtun_pifts.zip.full. Hovering over it from a search screen indicates that it is" No Zip file, bad Zip file, or part of a spanned ZIP file." In the least case, it seems like Norton is trying to get information sent back to itself. This information disappearing from blogs on their own site....hmmmmm. Until they come clean on this, I'll be denying access to this program and probably uninstalling Norton - at least until this is cleared up.You want to be able to trust the company that we're paying for to keep us protected, yes?"

    http://answers.yahoo.com/question/index?qid=20090309204126AAGTEsK
     
  11. Baserk

    Baserk Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    1,317
    Location:
    AmstelodamUM
    When checking the IP some posters have reported, PIFTS.exe is connecting to an IP belonging to the company SWAPDRIVE which has been purchased by Symantec last year.
    SWAPDRIVE offered online backup services.
    However, those posters mentioned PIFTS.exe connecting to stats.norton.com.
    Not sure what to make of this.
    Funny things going on at Symantec nowadays; folks paying $100 for superduper tech support that uses MBAM and tells users it's a Norton product.
    Bleh, finally some proper consumer products and now this...
     
  12. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    1,957
    Location:
    DC Metro Area
    An incident handler with the SANS Internet Storm Center, has updated his former post on the matter:

    "I just had a phone call from a Symantec employee confirming the program is theirs, part of the update process and not intended to do harm, more to follow, stay tuned."

    http://isc.sans.org/diary.html?storyid=5992
     
  13. vijayind

    vijayind Registered Member

    Joined:
    Aug 9, 2008
    Posts:
    1,413
    Here is my best guess:
    https://www.wilderssecurity.com/showthread.php?t=222367

    Symantec has been conjuring grand dreams of in-the-cloud-bull-sh*t as stated clearly in the article.
    337, your theory may be true. o_O
     
    Last edited: Mar 10, 2009
  14. Baserk

    Baserk Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    1,317
    Location:
    AmstelodamUM
    Thanks for the link Vijayind. A supposedly benevolent Eye of Sauron? ;)
     
  15. vijayind

    vijayind Registered Member

    Joined:
    Aug 9, 2008
    Posts:
    1,413
  16. Ade 1

    Ade 1 Registered Member

    Joined:
    Jun 21, 2006
    Posts:
    471
    Location:
    In The Bath
    Thought this was interesting from the link in a previous post.....

    "WARNING:

    We've been sent an example of a web page targeting the term "PIFTS.exe" along with other popular search terms that lead to obfuscated javascript that leads in turn to actual malware.

    Take care if you search for this: you might find the bad guys out there taking advantage of our interest in PIFTS.exe already.

    At the time of writing the page we were notified about was not (anymore?) indexed in google, but YMMV".

    I actually did a google search for PIFTS.exe before I started this thread and clicked on the first result found. As soon as I did, it went to a page and started downloading "something" - I use NIS2009 on my laptop which I was using at the time and it informed me it had blocked trojan JS.Downloader. First time I've been fooled like that!

    Perhaps thats what the intention was of all those dodgy posts on their forum - they knew the first thing most ppl would do was to go and google the file name!
     
  17. vijayind

    vijayind Registered Member

    Joined:
    Aug 9, 2008
    Posts:
    1,413
    :D
    Or it could be a anomaly in THE MATRIX due to which sentient "Agent" program accidentally revealed the location of Machine City and Deus Ex Machina.

    ( I hope that was witty at some level ... :ouch: )
     
  18. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    http://voices.washingtonpost.com/securityfix/2009/03/symantec_users_complain_of_mys.html

    It is always critical if forum starts with rough censorship, the same @sysinternals if you talk about "S" Phantom.
    S is also a hidden driver in procexp if you start procexp within a windows boot cd environment furthermore microsoft
    used S for Messenger user information some times ago in HKCR\S. Try to talk about @sysinternals, they erase everything.
     
  19. Zeena

    Zeena Registered Member

    Joined:
    Apr 25, 2008
    Posts:
    409
    Location:
    UK
    Hi :)

    Call Me Crazy, Paranoid.. Whatever You Like!

    But I Swear To God...
    Even though I uninstalled NIS 09 a month ago - Uninstalled, NRT, Left Over Folders Deleted etc.
    I'm sure NIS 09 still tries to connect to my laptop every day :(

    Once I had uninstalled NIS 09 a month ago... My laptop has been starting up completely differently.
    No dodgy Start Ups every other day .. No Black Screens .. Happy! :D

    However!
    I've still been noticing strange little habits that I always associated with NIS 09 :doubt:
    Things like my Wireless dropping from 99% to 80% just once a day for approx 1 minute.
    Thinking to myself... " Get a grip girl "
    Then came one day last week
    I think it was the 3rd or 4th of March :doubt:
    I Turned On My Laptop - & - :eek:
    For the first time in a month ( Since Killing - NIS 09 ) .. It was having a really dodgy Start Up.
    Finally Got The Laptop On.
    I decided to use CCleaner to clean my Windows Temp Files.
    But then my laptop wouldn't Start Up at all :argh:

    3rd Time Lucky ... I got the laptop Started Up .. & .. Was back to normal :D

    But what did I find out later that day?
    It was the day all the NIS 09 people had been updated with the Ask Toolbar.

    Paranoid I Know! :rolleyes: ... OR ... Am I? :doubt:
     
  20. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    Keep in mind that security software is always a risk if the company is not sincere or work together with government!

    Also think about that most security companies use the weapons of malware to fight malware, they fight fire with fire.
    In the end you are not more able to see the difference between black or white hats.
     
  21. Cloudcroft

    Cloudcroft Registered Member

    Joined:
    Feb 29, 2004
    Posts:
    433
    Location:
    The Hill Country of Texas
    I just checked out the Norton forums, and was surprised to see a post asking what pifts.exe is. But after refreshing the page, it was gone. Deleting posts is not going to make this go away. It looks like by now they'd come up with some sort of explanation. The longer this goes on, the more I'm considering whether or not I want to keep NIS 2009 installed on my machines. :doubt:
     
  22. zfactor

    zfactor Registered Member

    Joined:
    Mar 10, 2005
    Posts:
    6,012
    Location:
    on my zx10-r
    lol keep posting the question over and over again. we should all post it. for days even till they respond.. i want answers.
     
  23. crofttk

    crofttk Registered Member

    Joined:
    May 15, 2004
    Posts:
    1,976
    Location:
    Eastern PA, USA
  24. vijayind

    vijayind Registered Member

    Joined:
    Aug 9, 2008
    Posts:
    1,413
    IMO, a much better option would be to mail bomb this guy with all your questions and feedback.

    John Thompson (CEO, Symantec)
    jwthompson@symantec.com
     
  25. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    And here I was defending Norton for awhile when they were being blasted over the ASK thing. If this thing isn't meant to cause trouble or can't cause trouble, as the Symantec employee told SANS, then why the hell are they deleting forum posts about it left and right, unless they are curse-filled insulting posts? I swear, between the chat issue and now this, Norton has a gas leak somewhere and have no idea their IQs have dropped 100 points, or they are TRYING to get attention.

    Unless I get some straight-shooting answers soon, and fixes if there are problems, I'm not going near them and will tell others to stay away also. I hate doing that when I don't have any TRUE proof of bad intentions, but hey, they are really handling this badly. If they screwed up someplace and this causes security issues, the absolute best thing they could do is admit to it and get to work, not delete all mentions and work quietly in the background while users wonder what in Gods name is wrong.
     
Loading...
Thread Status:
Not open for further replies.