Hi everyone,

No doubt you've read the Official Statement about PIFTS.EXE and the reasons why many posts were removed from this forum. There was no "conspiracy" or "cover-up" - someone was spamming our forums, and we took action to remove these posts. As it increased over a few hours, many threads were removed, and several users were denied access to post in the forums. We were gathering information to distribute, and I'm sorry it took this long to post the info to everyone.

 

After reviewing some of the emails I've received, it appears that some posts were removed in error, as well as the access of some users. If you feel your access was removed in error, please contact me directly (my email address is listed on my user profile) and I will restore your access to the forums. I apologize for this inconvenience, and thank you for your patience while we deal with this difficult situation. Thank you also to the users who have helped us identify the malicious posts to this forum, it was a big help.

For the sake of keeping the PIFTS.EXE questions consolidated, please feel free to post all your questions/comments about PIFTS.EXE to this thread. Please do not post to a new thread, as we wish to keep all posts in one area. Before you post, please review our official statement for answers to your questions. Thanks again for your understanding with this difficult issue.

 

EDIT: The technical details of PIFTS.EXE have been posted to the official statement. Thanks!

 

Thank you Mr. Cole!

 

I'm glad that everything has been resolved.  I didn't know what was happening.  But now my faith in Symantec has been restored.

 

Why does Symantec hate freedom and privacy?

Sure, this was not a 'conspiracy or cover-up' but it was a major PR ****up you should've handled better.

 

Unfortunately I've started a thread already, please merge it if you can.

 

You let the 4chan-s get the better of you, create a whole hullabaloo, how could you let that happen? It is incompetent, not only on the technical side, but even more on the PR side.

..which was just announced, it is way, waay overdue.

 

This kind of post should've been published hours ago. When you got the likes of Security Fix  interested in your botched info-update, then you should know you PR skills aren't worth much.

 

Seriously, if someone like Krebs hadn't started to inquire about this, would you have even posted that?

 

Get a grip, Jesus Christ, you should be better at this.

There was the official statement, but you still do NOT tell us what this thing does? All you said was it wasn’t signed. So, can you please not stall and tell us exactly what this thing does?

Hi everyone,

No doubt you've read the Official Statement about PIFTS.EXE and the reasons why many posts were removed from this forum. There was no "conspiracy" or "cover-up" - someone was spamming our forums, and we took action to remove these posts. As it increased over a few hours, many threads were removed, and several users were denied access to post in the forums. We were gathering information to distribute, and I'm sorry it took this long to post the info to everyone.

 

After reviewing some of the emails I've received, it appears that some posts were removed in error, as well as the access of some users. If you feel your access was removed in error, please contact me directly (my email address is listed on my user profile) and I will restore your access to the forums. I apologize for this inconvenience, and thank you for your patience while we deal with this difficult situation. Thank you also to the users who have helped us identify the malicious posts to this forum, it was a big help.

For the sake of keeping the PIFTS.EXE questions consolidated, please feel free to post all your questions/comments about PIFTS.EXE to this thread. Please do not post to a new thread, as we wish to keep all posts in one area. Before you post, please review our official statement for answers to your questions. Thanks again for your understanding with this difficult issue.

 

EDIT: The technical details of PIFTS.EXE have been posted to the official statement. Thanks!

The thing tells Symantec how many 2006 and 2007 Norton product line installations remain operational out there, that's what I gathered and it seems logical, because keys are transfered from the old to the new ones..

 

But don't you (Symantec techies) have SKU numbers or some ID numbers for that? 

Anubis analysis of PIFTS.exe

 

 Why does PIFTS.exe access Temporary Internet Files and History of Internet Explorer? Is this "protective" in any sense? Why have we not been told what this "diagnostic patch" actually does?

I see, thank you. If they would have simply made a one line statement in patch notes this could have all been avoided ._.;

 

Lots of people here were asking for patch notes, and waiting until everyone has the patch to release them seems like a very silly idea (I bet even moreso now). Hopefully you guys will take a lesson from this and make a simple patch notes list that details the changes made so people don't freak out.

d:\perforce\entiredepot\consumer_crt\patchtools\patch021809db\release\PIFTS.pdb

 

So why are my things being acessed? would you only need to acess the NORTON folder to find out the running stuff?

then why did it take so long to get an offical response up?

One of the reasons you defended the deletion of posts was due to the spam. The spam was caused by admins DELETING GENUINE POSTS hence forth angering members. So why were those original posts asking about pifts.exe deleted? Further more where are the notes on the patch?

i fully agree. whwy did it take so long for this to be brought out. i am a nis2009 user for both my home and 3 business' as well as most of my family i have recc nis2009 to use. i have used EVERYTHING else out there and finally thought i could be confortable because this ran better for me than just about anything else i have ever used. i was simply stunned shocked and amazed that a norton product would ever find its way onto my system again but ill be the first to admit it did and i liked it. 

 

now everything starts falling apart.

 

first the ask thing which i am in total disgust over and dispise. now this.

 

i dont want speculation. i want to hear it from a symantec employee what this actually does. and why it needs to be done. we are paying for a "security" app not a app that sends data back to somewhere. this looks to be collecting more than just what version of nortons people are using. it is checking the temp files and history from what i can see. why is it doing this.

 

if i dont get a cut and dry answer ill be removing nis2009 from more than a total of 30+ systems and im sure there are many more like myself out there, i am for sure not in any way trying to be rude but this week has been aweful for me and norton's. its been one thing after the other.

 

i will be more than happy to continue to use it if we know 1000000% what this does in full explanation and also you NEED repeat NEED a way to actually opt out of the ask thin or even the whole toolbar if needed during install.

 

i do hope you will respond and explain what this exactly is and why is appears to be collecting data?

 

thank you in advance 

I believe there was oppertunity to give a statement much earlier, you cannot blame spam for that. This was a publicity and trust desaster.

 

Three questions:

 

• Can I now start my Notebook without getting this installed?
• How to detect it already is on my system?
• Will such happen again? Is this right?

Well, Dave Cole was more forthcoming to Brian Krebs than to us, Norton software users.

 

Here's the explanation, as it stands on the Security Fix blog, verbatim:

 

---

Dave Cole, senior director of product management at Symantec, said the PIFTS file was part of a "diagnostics patch" shipped to Norton customers on Monday evening. The purpose of the update, Cole said, was to help determine how many customers would need to be migrated to newer versions of its software as more Windows users upgrade to Windows 7.

"We have to make sure before we migrate users to a new product that we can see what kind of load we can expect on our servers, and which customers are going to have to be moved up to the latest version of our product," Cole said.

---

 

I am extremely angry and horribly disappointed with you. I expected better from a company who's nexus of purpose is defending the people who use your products. This betrayal runs deeply, and will march through all the aware users of Symantec products soon enough. What started as a scratch is becoming a fissure.

 

We hold you, Symantec, for turning your back on us who have been loyal to you for years. To the people who accepted your protection from the ill affections of the world who deigns to undermine innocent people. We knew, believed, and truly accepted the idea that your defense would offer no exceptions and would forgive no trespasser.

 

We feel betrayed! We feel wronged by your collusion with American intelligence agencies! We feel absolutely disgusted that you would have us accept this goverment trojan called PIFTS.EXE and then suppress us unrighteously when we POLITELY ASK what you have intruded our space with!

 

PIFTS - Public Internet and File Tracking System? How will we ever know.

 

The damage has been done. Such a violation of our contracts with you is not redeemable. You have gone from hero to worm. I am IMMEDIATELY cancelling my subscription to Norton products and uninstalling them. I encourage everyone who values their privacy and their freedom to do the same.

 

Norton Products Removal Tool for Vista/XP/2000: ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe 

 

Norton Products Removal Tool for Me/98: ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool_9x.exe 

 

Those removal tools will uninstall Norton products...hopefully.

 

Thanks for nothing but bitter feelings.

 

 

Signed,

 

A Former Customer

can i ask where exaclty on a vista machine is this file found? i have been unable to locate it on the machine i am on. however it was on the machine that was updated to the 16.5 version?

another question if we have not got this as a update yet have you fully pulled it from the updates now. or should everyone still expect to get this thing. i know i for one do not want it and will simply ban it from accessing the internet anyway as im sure almost everyone will so this is kind of pointless for you anyway

As much as I can see, this patch was not deployed to the 2009 product line (I don't know about 2008, but I think it was not targeted at it either).

 

I see no record of it in any of my logs, Windows or Norton.