Not only did you install it, but you paid for it. Norton has such a bad reputation, why do people install it? You say don't blame the programmer, but why didn't they know this was a bad idea when they wrote it.

My comment wasn't directed to you personally. In fact, your comment wasn't even printed at the time I was composing mine.

Sorry for any confusion.

... Erm... I did read it - that's where I got "the patch was released by Symantec "unsigned", which caused the firewall user prompt for this file to access the Internet" from.... Duh!

FBI MAGIC LANTERN

"lansalot: youve never admined a network have you? Dolt.
posted by : Anonymous Coward, 10 March 2009"

Nice on "Anonymous Coward". Yes I have. That's my day job. What I wouldn't do in that job is to say I'm going to shut off the entire extranet and intranet for the company, because "an executable" (which as of yet, NOBODY knows is even REMOTELY malicious) is on some PCs. You idiot. My "bandwagon" comments stands, and in light of your idiotic comments is even more relevant.

http://community.norton.com/norton/board/message?board.id=nis_feedback&thread.id=39119

Read it.

"the patch was released by Symantec "unsigned", which caused the firewall user prompt for this file to access the Internet"

Now, forgive me for being wrong, but I an not concerned which products are 'signed', or not signed, but I WANT TO CONTROL what goes out through my firewall....

URL update.. http://stats.norton.com/n/p?module=2667&product=NIS&version=10.0.0.86&e=1.4.5.91&f=1.4.5.91&g=0&h=2&i=0&j=1.4.5.91 is a valid string, and while I do not possess any norton product more recent than 2000, I have warped their stats by 2...

... when you go to the URL in the exe file...

http://stats.norton.com/n/p?module=2667

nothing - but

http://stats.norton.com/n/p
gives an error from Apache Tomcat/6.0.18

and

http://stats.norton.com/n/

wants a password....

Playtime, anyone?

Hi, I take all PC with Norton and break in pieces small until Norton fix my internets. Boss hate my CPU rum

Ken: if people are "clogging up the forums" over at symantec, wouldnt the obvious simple answer be to post a sticky? Especially if theyre going to kickban people for even *mentioning* it, wouldnt it be a good idea to warn them that this is going to happen? Or what, are we all on double secret probation over there?

lansalot: youve never admined a network have you? Dolt.

A few of us have emailed one of the tech support people directly and they are giving a canned answer:

I don’t have much detail about this issue. I believe that Symantec will be making a public announcement about this file in the near future. I do believe that it is a legitimate file delivered by live update. Unfortunately, somebody has chosen to abuse our Norton Community forums regarding this issue and the remediation for this abuse is having some unintended collateral damage.

I wish I could tell you more, but this is all that I know at this time.

- Reese

(1) it's a Norton "product research" app of some sort that they tried to sneak into the new version, but someone forgot that their own software would catch it trying to phone home. Now they have egg on their face and are trying to cover it up.

(2) 4chan/Anonymous have decided it is more fun to pick on crappy software companies than it is to pick on the Church of Scientology, and picked a random binary to clog up Symantec's forums with threads about. Symantec has responded in a fairly understandable manner and decided that since almost all people talking about pifts.exe are just annoying troublemakers and bots, they'll just remove the posts and ban the posters.

I have no idea if either of these is correct, anyone have any evidence for/against?

Damn, this is probably bad. Does anyone knows which versions of AV it's affecting? I've got norton av 2007 installed on various setups, I haven't been called yet because nothing wrong has happened, as of now. I hope it's just a CF and not them spying on my users.

This article has disapeared from google news when searching for pifts. it was there 2 hours ago.

The norton forums are now down for maintenence. Coincedence? Hmm...

"We took down our whole intranet and extranet connection for as long as we do not know what this software is doing. I'm on to regret the decision to use Norton..."

Jeez. Get a grip. What saddoes are out there. But on the other hand, I don't want to feel left out. Could someone please advise how I jump on this speculative bandwagon as soon as possible ?

Even if this PIFTS.exe thing is benign, why won't Symantec just come out and tell us what the heck this is, rather than deleting every single post relating to it? I mean, this may be some notification thing that just got out of hand, and the forum managers at Symantec said "Dang it, ten gazillion people are flooding our boards, just delete all the posts that mention it". But they have to know that it looks bad.

This is, of course, assuming that nothing sinister is actually going on...

I also went to the Norton forums to find out what was going on. I posted a thread about pifts.exe and it was removed within one minute of my posting. I was also IP banned from the Norton site.

Oh well, at least there are proxys.

Also, it seems Anonymous are on the case with this one and have been spamming the Norton Forums to keep the mods over there on their toes.

Hi, I'm Greg Mayer from a german Company.
We took down our whole intranet and extranet connection for as long as we do not know what this software is doing.
I'm on to regret the decision to use Norton...

The file itself contacts two IP addresses, North Africa and Washington DC. It goes offshore because there's no law forbidding sending it to foreign governments. If governments want to spy on their own citizens, it is normal for them to have foreigners do it in order to get around normal restrictions about spying on their own people.

It's not African. But the rest is true. Norton banned me entirely from their site for one polite inquiry about PIFTS.