Bull3t’s Blog

RAGE!!!!!!!!!!!!!!!!!

rules 1 and 2

@Brave Agent Pubeit:
You could say that.

@/b/tard:
Calm down, I haven't broken them. You have though.

everyone talking about rules 1+2…
facepalm.jpg

thank fuck i run lunix

I love a good mystery. Norton sure have messed up this time. I wonder how deep this conspiracy goes, why were trying trying to data mine their users?

Thank God for proxies anyway. I'm gonna go post some more pifts.exe threads on the Norton Forums. The bastards already deleted my last post and banned my IP from using their forums. :S

What in the world is PIFTS.exe?

THANK GOD FOR TEH AFRIKENS

it's not trying to contact a server in Africa. that is the webpage that is using the PIFTS.exe keywords to get traffic. it's totally unrelated and is just an adsense spammer. noone really knows what PIFTS.exe is. it's unknown.

PIFTS
Public Internet and File Tracking System

It goes offshore because there's no law forbidding sending it to foreign governments. If governments want to spy on their own citizens, it is normal for them to have foreigners do it in order to get around normal restrictions about spying on their own people.

This is why there have been reports of the file sending data to Africa.

Oh noes.

It's only contacting Africa if we've suddenly moved Microsoft headquarters to a different continent.

The idiot who claimed this saw a report from their firewall with a destination of 207.46.248.249.80, said "That's too many dots" and dropped the first octet. When you don't know how to use the tools, they'll sometimes cut.. that report is for 207.46.248.249, port 80.
Not 46.248.249.80.

Gotta love the conspiracy theorists, though. They're spreading this "africa" story like it's real..

@Pifty-poo.:
Not really sure what to think at the moment. What we need is a report from Symantec.

@Gormless:
That sounds reasonable, but then why is it trying to connect to anything at all? And what the hell is at 207.46.248.249? All I see is an IIS under construction page. It's these theories that make it hard to decide whether or not to believe the whole story.

I have been looking at a lot of blogs about this.
So I went to the norton site and it is confirmed.
If you post anything regarding PIFTS they delete your entry.
Further more, they even disabled my account.

As a maintanance customer of Symantec they can kiss my renewal goodbye!!!

I pay for support and this is what I get for my $$$$????

So the question still remains, why is Symantec deleting these entries.
For me that is the greatest concern!!!!!!!

Sorry to say, but I have lost all respect for the company and what they stand for!!!

@Bull3t….
The IP 207.46.248.249 Is a microsoft owned website.
sc.windows.com

@Vincent:
Most of the story is true, but there are some discrepancies that have derived from the general strangeness of it.

@Connor:
And so the plot thickens. Seriously this is getting weirder by the minute.

This file just collects statistical information about some Symantec registry keys ( values / key existance of serveral UUIDs for \SOFTWARE\Symantec\PIF\{} ), installed version, installed Symantec suite, the file versions of PifEng.dll and PollMgr.dll (both DLLs of Norton according to google), builds a URL out of those ( on stats.norton.com ) and then opens it via the Windows API.
Nothing dangerous, but since I dont have Norton I've got no real idea what these keys stand for. There was one called systemstate but no idea what data it contains. It isnt harmful or a rootkit or whatever.

My guess is that maybe some update or whatever failed and now their versions are compared to the application's version. I don't believe that this is some kind of a conspiracy but I rather think Norton does this because these outdated files cause some kind of security risk etc. which shall not become public before they fixed it.

Re: Symantec's official statement

Partly true. Here's the rest of the info: It was a backdoor program that Symantec haphazardly released without adequate testing. They are working on a replacement backdoor that will slip past detection systems, as they intended.

I quit Norton and here is why. Even though I know I selected "non-recurring" billing which means don't bill me again, they deliberately ignored that and put me on recurring billing anyway so when the year subscription was up, they tried to bill my credit card, thank God that the thing was maxed out. Fuck Norton. Seemed like every 2 weeks, they were putting a new program on my computer. They got so many damn processes going that I would not be surprised to find out that they were up to no good. Now, who is safe to be with? I really don't know. I'm with Avira right now.

Avira isn't really good either, it has weak scan methods (basically it scans only, nothing beyond that) and epic fals alarms.

@ #17
I disassembled the file, and I can tell you that this is certainly no kind of backdoor. (Why would Symantec code such a thing at all). It just posts statistics, but nobody knows why.

I wouldn't use Norton either since simply the fact that they allow themselves to abuse their users for such "statistics" is something completely inacceptable. If they'd have made some kind of survey in front of the users then it would be ok, but they hide it and secondly this statement of symantec shows that they consider it to be normal to send data of their user's pcs (even if it's not personal, not even the windows version is transmitted) to themselves beyond their back shows that Norton is rather a virus than an anti-virus.
If you want something decent -> NOD32 or Kaspersky.

ALL Anti-Virus companies do these kinds of things, only Symantec is such a shitty company that they somehow failed to properly implement it without being discovered.

#19 works for NOD32 or Kaspersky.

You may consider it one of the drop boxes online (honeypot) that collects data. I remember from a training with Symantec that they mentioned they have these all over the world to collect data.

This was an obvious mistake on their side and instead of asmitting to making it in the first place and trying to cover it up afterwards, norton just gives one excuse after another.

I never liked Norton anyways! And this comes out in front of my eyes as proof now. I used to have Norton AV for my older system, now I regret that I purchased it at the first place

The Africa thing is wrong.That's someone messing up that was some torrent scam download they used the keywords in google PIFTS.EXE to get traffic because it was so popular.
The file was connecting to swapdrive.com nortons data storage facility in Washington DC.
The file was used to analyze code conflicts in certain softwares so they could analyze them and stop conflicts with there security software.
Could they use it to spy on you?You bet they could.
But that wasn't what it was for.

This story got really popular really quickly… but it still seems to be like it has gotten sensationalized. The program looks like it was just statistics and error reporting to Symantec's servers. Nothing worth getting really worked up about.

@yanon59:
The interest is no longer with the program itself – it's been proven harmless – but with the great cover-up. Their statement still doesn't explain the whole truth.

It's funny to see a reputable company such as Symantec cover something like this up, even if it's a harmless thing.

But, I still trust my safety and security to them no matter what!

Regards,
Daniel

Maybe, there is nothing dangerous In it?
VirusTotal shows no one detecting it and ThreatExpert shows it calling home. http://www.virustotal.com/analisis/734465e30a6ee6d6c493471d77940f4c http://www.threatexpert.com/report.aspx?md5=91b564d825a3487ae5b5fafe57260810

This is just another reason why the big "pay-for" companies are losing more and more customers to the free versions of AV out there. I'm not so mad about them using the file but the fact that they tried to hide it really burns me.

Norton is lying. People have asked about PIFTS for months and they've always banned everyone who asked. Only after 4chan got involved did this get attention. PIFTS is a rootkit they use to spy on your computer and give your personal data to google, the US government, and some server in Africa.

I have also asked them about PIFTS but I got no reply. I still trust Symantec though even if this thing happened.

Everybody thinks that Norton is a great anti virus but for me it's not, it chunks too many memory on your computer and always annoys you of updating and constant software change.