Earlier this morning there was a good bit of rumor circulating about PIFTS.exe and Symantec (Product Information Framework Trouble Shooter). As it turns out, the removal of posts on the Norton Community Forums and the alerts from Symantec products sent conspiracy theorists into overdrive, while at the same time frustrating legitimate customers.
Symantec explains PIFTS and debunks conspiracy theories.(IMG:Symantec)
Symantec spoke to The Tech Herald this afternoon and explained its side of the story. For now, you can remove the tinfoil hats. Big Brother, in this case, is not watching you.
So what is PIFTS.exe and why was it blocked? According to Dave Cole, Senior Director of Product Management at Symantec, it's not all it's cracked up to be.
PIFTS is: “Not nearly as exciting as it’s been made out to be. [It’s] a diagnostic patch that we put out for the older products,” he said.
“We use it for things like determining product state and the advance of migration... like determining how many active customers there are on 2006 and 2007 products, which is who this issue affected. It was restricted to people who [use Symantec’s] 2006 or 2007 products, and who downloaded patch within a three hour period last night, [between] 4:30 – 7:40 PM PST.
“What happened here with PIFTS was we simply forgot to sign it as being from Symantec as is the normal process, which is extremely rare. It was simply human error not to sign it before they put the update out. They pulled [the patch] pretty fast once the mistake was caught, but not before customers with older products got a hold of it, and started seeing the confusing messages from the Firewall,” Cole explained.
PIFTS is not solely used for migration, Cole added, it does call back to Symantec with basic information about older products. The Firewall alerts were essentially saying, “Unsigned, unknown application here, what do you want to do with it?”
When it comes to the censorship issue, Cole explained that Symantec's policy is not to delete. “If we see a negative comment about Symantec or Norton, as long as it is within the fair use policy, nothing offensive in it, they aren’t things we remove,” he said.
“What happened is around the same time we were taking the patch off, a spammer got a hold of it and started spamming it. They created hundreds of new user accounts and [started] spamming the forum. The only reason we deleted these, was because they were not being used by the community, they were being used by a spammer.”
The spammer was not a single person. Norton’s Community Forums were raided by 4Chan, from the online Anonymous community at 4chan.org.
Once the raid from 4Chan started, anyone wanting legitimate information from the Norton Community Forums was out of luck. Cole said that, at one point, there were 200 new accounts created and they were used to create 600 replies to a thread in the Norton Community Forums. Acting to remove the Spam, Cole added that it is possible the legitimate accounts were caught in the crossfire, and he holds out hope that those posts can be restored.
“We deleted everything that was offensive or Spam and so forth... Having said that, I don’t have a lot more details, we’re still in the process of getting more information and getting our post up with an explanation. My sense is that, all the PIFTS posts will be lost, but it would be great if we can restore the good ones. We’re still sorting thought that now.”
For the record:
PIFTS.exe is used as a tool by Symantec to help with migrations and provide statistical data on how many active users are utilising older version of various products. Symantec uses various tools for this; PIFTS is just one of them.
The alerts were mostly on older products, since the Firewalls on them are not as advanced as the current Symantec versions. If they were, they would have known PIFTS was a trusted file. Because PIFTS.exe was unsigned, the Firewalls triggered alerts and asked for permission. This is what they are supposed to do, and the error is that someone forgot to sign the patch.
The moderators on the forum, reacting to the wave of Spam, removed every comment related to PIFTS. This was perhaps the wrong thing for them to do, but it was a self preservation action, not one of censorship for the sake of a cover-up.
Symantec is working on more information and will release that soon.
(Update: Just minutes after this article went live, Symantec posted an official statement and opened a section of the forums for PIFTS-related topics. You can view that here.)
On a related note, there are several sites showing up in Google taking advantage of the PIFTS issue. These sites are leading to Malware and rogue AV applications. If you are searching for related information, do not download any tools that will remove PIFTS, and there is no need for new AV tools such as XP AntiVirus 2009.
Interested in a more interactive TTH? Join our Facebook Group Want regular updates from The Tech Herald? Follow us on Twitter
Advertising
Comment on this Story