- Monday, 9 November 2009
- INQ Mobile
- RSS
It is much more important to know what sort of patient has a disease than what sort of disease a patient has - Sir William Osler
Symantec update triggers firewall, many wounded
INSECURITY SPECIALIST Symantec confessed that it sent users of Norton Antivirus software into a frenzy by triggering their firewalls with an unsigned security patch.
In what a blogging Symantec Sherlock Holmes called, "a case of human error," a diagnostic patch named PIFTS.exe was sent out "unsigned", causing firewalls to prompt the user for access to the Internet.
Spooked users trying to figure out if they'd been targetted by some kind of hack began bombarding Symantec message boards for information.
"The patch caused understandable concern for users," wrote Symantec's Dave Cole who complained that his message boards were then inundated.
"Within minutes, several dozen user accounts were created commenting on the initial thread, and/or creating new threads on the topic. Over the next few hours, over 200 user accounts were created," he said.
"Some posts contained no text in the body of the message, simply a subject:
O LAWD IM CHOKIN ON PIFTS PLZ HALP
"Within the first hour there were 600 new posts on the subject," said a harrassed Dave.
Things took an even spookier turn when Symantec then went into a frenzy of its own and having realised its cock-up, began deleting all mention of PIFTS.exe from its message boards.
That sent the tabloids into a frenzy.
Dave branded the miffed posters "spammers" although he said "there were no malicious links and it simply resulted in a widespread communications challenge for Symantec."
"Releasing a patch unsigned is an extremely rare occurrence ," he coughed.
Symantec said it released the patch for "approximately" three hours to Norton Internet Security and Antivirus users on March 9, 2009. µ
Share this:
ShareBusiness Intelligence Software
Customer Relationship Management (CRM)
Enterprise Accounting Software
Enterprise Resource Planning (ERP)
Enterprise Systems Management
This comment has been deleted.
Comment removed due to DMCA takedown order #09559293
This comment deleted at the request of Symantec.
To trust any product from Norton after this incident. It highlights there contempt for there users, by keeping them in the dark on the issue. If they obviously can't control themselves, they have little hope in trying to control real malicious exploits when they do arise. If only the heads of IT departments could send Norton a bill for the wasted time and effort in trying to track this issue down. It's time to start a class action lawsuit against them for there incompetence and deceptive business practices.
This content has been deleted.
BTW, my previous post was JK.
If there is one thing we do not need it would be more stupid lawsuits.
@Minotaur
I think most of your 'there' should have been 'their'.
Symantec software frustrates me enough having to deal with it at work. Now this whole censorship and secrecy thing snowballing into conspiracy theories because their genius company reps are too scared to talk about it.
Not a company I desire to do business with for any reason. I hope the whole economic downturn removes this scar on the face of PC security forever.
That doesn't explain why the patch was allegedly in a non-existent directory. Regardless of whether it was a "diagnostic patch", it was still trying to phone home and it was still hidden from the operating system like a rootkit.
If I ever decided to use some anti-virus software, I wouldn't touch Symantec's.
Nice work there, Minotaur!
"If only the heads of IT departments could send Norton a bill for the wasted time and effort in trying to track this issue down. It's time to start a class action lawsuit against them for there incompetence and deceptive business practices."
No, IT depts won't need to send a bill. Because any competent IT dept won't have hit the panic button the way half the clots on forums and assorted blogs did. They'll have seen it through a dispassionate eye, judged it for what it was - hey, an unsubstantiated rumour - and moved along, nothing to see here. Also, you win my personal award for being the first fool to mention a class action lawsuit.
I wish our customers had the sense to post on the Symantec message boards, 99% of our lot will see these error messages and ring us as their ISP.
Do you see Symantec in our branding? No?
Then why ring us for support. You'll be sat in a queue to be politely *usually* to go away.
The first reports, at the INQ and elsewhere, said PIFTS.exe tried to contact an IP address in north Africa. Is this something symantec security patches normally do?
If any of my IT staff had simply dismissed this as an "unsubstantiated rumor" they would no longer be on my staff today.
Even as Symantic finally fesses up, it still needs to brand users asking for help as "spammers". Like they don't even know what spam is, let alone how to issue a proper response to a blown patch attempt.
This forced users to make their own way, and all the bad press that Symantic gets is well deserved. There is NO justification, just mealy mouthed excuses like spam.
"hey, an unsubstantiated rumour"
Exactly lansalot! I mean, it isn't as if unknown apps calling a remote server in africa are a security risk. More over if your AV company is refusing to give you any important information about the subject.
You're exactly right. Just move along, pretend nothing happened, and your network will be secure. AV products have never failed in the past.
I was having trouble with my new computer running slow after I had only had it for a few months. I was upset thinking it was something wrong with my computer until I realized that I needed a good scan to clean out those bugs and viruses that was the real problem. When I started using Search-and-destroy Antispyware it took care of this problem and now my PC is running like new again. The antispyware solution from Search-and-destroy, which you can find at http://www.Search-and-destroy.com, has made a big difference for me and I’m sure you’ll be happy with it too.