For all who are unaware, a program installed with Norton named PIFTS.exe has been causing major conflict in the past day. Anyone who asks what it is, or even mentions it on the Norton forums, is permanently banned, and the topic is deleted.
Well, we are getting closer to finding what it is - and it IS dangerous.
PIFTS
Public Internet and File Tracking System
It goes offshore because there's no law forbidding sending it to foreign governments. If governments want to spy on their own citizens, it is normal for them to have foreigners do it in order to get around normal restrictions about spying on their own people.
There have been confirmed reports of people who have managed to isolate the executable - Its code messes with your internet history. It also does something with google.
I reckon Norton is fucking finished after this hits mainstream news. I am now laughing at every idiot who ever installed any shitty symantec bullshit.
Interesting way to acquire porn...
Also:
Post has been edited 1 time(s), last time on Mar 10 2009, 6:05 pm by Deathman101.
None.
To be honest, this just sounds like propaganda. I can agree that Norton has become overbloated and ineffective in comparison to other programs, but this just sounds like bull to me. Evidence and sources please?
EDIT: Never mind. This is pretty recent, which is why I couldn't find anything. Things are starting to pop up in Google news just now.
http://www.theregister.co.uk/2009/03/10/norton_pifts_mystery/http://www.tweaktown.com/news/11631/norton_avoiding_all_questions_about_pifts_exe/
ALL PRAISE YOUR SUPREME LORD CORBO
I remember I had symantec back in 1998 on my Win95 computer
My laptop came with some norton internet security but I just deleted it when I saw it.
fuck you all
It isn't that pifts.exe exists that's giving Norton so much grief, its that Norton is doing their damnedest to ignore the problem. The only 'harmful' thing I heard about it is that apparently the .exe has a lot of PADDINGXX in it or something, which is strange for a legit program to have.
That is just something that some compilers add at the end instead of just 0's, but I don't know which one does it. Exe or dll files always have a multiple of a certain number as their size, but I don't remember which at the moment. Because of this, they always have some type of padding at the end. If it is just one byte over, it can't just round down, it has to round up to the next multiple.
None.
I've been following this since last night, kept me up till about 3. Here's what I've learned from everything I've read(which is alot):
The second IP that it tries connecting to is not in Africa. 1 is in Virginia, and I think the other is in Washington.
The paddingXX doesn't mean anything, but is not typical for professionals to do this, which spawned the idea some amateur hacker snuck this into the update and is not from norton.
Symantec says they deleted the posts because someone alerted them of a 4chan /b/ topic that was asking for raids. This is false; people were already discussing PIFTS.exe for a good few pages on their forum, until users started discussing and posting specs as to what the program was actually doing. Then these people went to either zonealarm's forum or 4chan's /g/ and started spreading the news of what is going down. THEN a /b/ topic asking for raids came up, the whole while before this anyone that even mentioned pifts.exe was banned.
The moderation on the norton site deleted every post and banned every user that posted anything about pifts.exe, whether it was a legitimate question or not. I also read that they are just now starting to unban certain people that emailing the admin about their unjust ban.
People experienced in decompiling got their hands on the program via mediafire. They report the program searches through your internet history. Some how in the face this the 'experts' are saying this is probably harmless. Unfortunately they seem to only be thinking in terms of damage to your computer. The truth is this thing seems to be some kind of data mining tool that reports to Symantec everything you've been doing on the internet.
I've also many unconfirmed reports of other places where any mentioning of PIFTS.exe has been censored(ie Google Trends)
Post has been edited 2 time(s), last time on Mar 10 2009, 11:56 pm by ClansAreForGays.
SDE, BWAPI owner, hacker.
So this is part of the big Google privacy conspiracy?
People experienced in decompiling got their hands on the program via mediafire. They report the program searches through your internet history. Some how in the face this the 'experts' are saying this is probably harmless. Unfortunately they seem to only be thinking in terms of damage to your computer. The truth is this thing seems to be some kind of data mining tool that reports to Symantec everything you've been doing on the internet.
That's hardly enough description from "experts" at reverse engineering. A program that just searches through your internet history? They could have integrated that into a module or the main program.
That is just something that some compilers add at the end instead of just 0's, but I don't know which one does it. Exe or dll files always have a multiple of a certain number as their size, but I don't remember which at the moment. Because of this, they always have some type of padding at the end. If it is just one byte over, it can't just round down, it has to round up to the next multiple.
EXE/DLL files can actually be aligned to a single byte. See
Tiny PE for details on a valid 97-byte executable, and a 133-byte executable that downloads a file from the internet and executes the downloaded file.
It is not typical for the alignment, though.
None.
