As someone who studies sociology on the internet I can tell you that 4chan is not really capable of coming up with ideas like that. NYPA (Not Your Personal Army) rule means that they will not act according to one persons idea to cause hassle but rather must be persuaded to act. In this case through making a convincing scenario where some form of coverup is taking place by someone who would be heavily damaged through such an act. If there was no truth at all behind it, there would have been no damage.
@Voyager10
I think we can ignore this off topic comment, this user seems to be telling staff what to do and seems to be confused on the definition of discussion.
Indeed there are a few bum-kissing users here, but that’s alright. I see maybe 1-2 spam posts in this entire topic, and they’re from people who have basically had their trust exhausted after a day of posting to no avail. I need to make this clear one more time. Last night, as SOON as people started seeing pifts.exe popping up on their firewall prompt, they came here, and started posting legitimate questions on the forums. All these honest inquiries were deleted, and real customers were banned, LONG BEFORE ANY SPAMMING OR RAIDING TOOK PLACE. Get it through your heads. The spamming that took place was a DIRECT RESULT of all the topics being deleted. Had the topics and members not been deleted and banned, there would have been no incentive for 4chan to raid. It was the lack of any response from Symantec, and the obvious coverup, that caused the spam.
Message Edited by Anshar on 03-10-2009 07:47 PM
Voyager10 wrote:@Tony Weiss
i think we can delete this discussion Topic , the most of these Comments are Spam and Spammers, these are not interested in your information and love to make confidence (moods?) against the Nortonproduct
I believe most people posting right now are not in the intention of spamming, the discussion thread is cleam as of now.
The reason this got so much attention was either false intentional banning/deleting or the fact it SEEMED as if they were covering something up.
As far as we know without the design specs, possible ways of tracking the data sent, what data was sent exactly and possibly source code fragments of how the data sent is encrypted and various other things we have no possible idea if norton is telling the truth and how so many people are vouching there was only a small portion of spam when legitimate questions were removed.I think the internet would be glad and be able to rest assured if their personal files were not being snooped by a program that sends data to a remote server.
Message Edited by Deadoon on 03-10-2009 07:58 PM
Here's a post on DSLReports regarding this issue. Not sure how much of this is true, so take this with a grain of salt.
Fascinating, they call it a simple update? It is not.
The program analyzed:
It clearly goes through and scrapes your history, temp files, cookies, etc, and it tries to contact a shady online storage place they recently acquired. Let's do a lookup on swapdrive! 67.134.208.160:80 is where PIFTS.exe asks to connect to.
Domain Name: SWAPDRIVE.COM
Administrative Contact:
Wallace, Marc
Web Data Group, LC
PO BOX 7241
ARLINGTON, VA 22207-0241
US
703-352-1578
www.webdatagroup.com
Click on " Competitive intelligence." Interesting! They talk about military intelligence gathering right on the page. So this "update" is scraping internet history and temp data and trying to contact a company who does online storage with shady ties to intelligence gathering. If it is datamining, Americans need not be surprised, we had AT&T do it on our phones and some act as if our computers are immune. Hey, let's look more into one of the owners of Swapdrive in the Web Data Group! There are more interesting people than Marc Wallace.
www.spoke.com...
"Roland Schumann is a former military intelligence officer, having served both on active duty and in the reserves. Trained in unconventional warfare and electronic intelligence gathering, he also has practical experience in airborne operations, human intelligence (HUMINT), counter-intelligence, and counter-terrorism. He has performed risk analyses in Latin America for the US government and in the United States for commercial and government interests."
It is helped to be run by a former military intelligence officer. So there you have it, you have very shady actions by Symantec regarding the whole thing making people suspicious by deleting any mention of it, they claim it is a simple update, and when we dive into it, we find out it scrapes your internet history and temp files, interfaces with Google Desktop (G O E C 6 2 ~ 1 . D L L ), and then where does it try to go? It tries to jump straight to Swapdrive (we know this because it asked permission to go to 67.134.208.160:80, which is Swapdrive). Who owns swapdrive? The Web Data Group based out of Arlington (wow, the same place the Pentagon is located, what a coincidence) who has a statement about using military intelligence information gathering right on their website and who has owners with shady backgrounds as army intelligence officers, and when Symantec is asked about PIFTS.exe, it immediately tries to cover it up and deletes everything related to it in a very suspicious fashion. Follow the trail, do some research, dig around.
Oh no folks, move along, certainly nothing interesting to see here!
There’s no two ways about it, they were definitely deleting the original posts in an attempt at damage control.
Domain Name: SWAPDRIVE.COM
Administrative Contact:
Wallace, Marc
Web Data Group, LC <----------------- Humint (for Human intelligence)
PO BOX 7241
ARLINGTON, VA 22207-0241
US
703-352-1578
www.webdatagroup.com
As you can see that patch have the bad tasdte to scrap in your temporary internet files and other informations
but not only....
Lets see
the PIFTS is sending your personal infos to 67.134.208.160 (swapdrive in Washighton DC)
near the Swapdrive building you have the FBI HQ and inside Swapdrive building you can find some folks from the Humint
Tell me sweet sweet lies
oh and of course im not talking about the Swapdrive staff and the ability of Symantec to sell your personal infos
Boy what a day this file has made.
- I logged on last night and got the pop up everyone is talking about. This was somewhere around 7:30pm(CST) on 3/9/09.
- I googled the file, my index.dat shows around 8:15:12 pm(CST). It originally only came up with two pages of results.
- I eventually ran across a couple of posts here on the forum. I was watching the posts between 8:37 (CST) and when I finally signed up for my account at 10:09pm (CST).
- The two posts I seen simply asked what the file was and didn't have any comments violating the terms. The second post had 4 responses before it was deleted.
- I only signed up for my account since I searched the forum and found one of the posts in the removed post section, "It said I had to be a member to view this post". By the time I got signed up the post was gone for good.
- These deletions raised a few eyebrows.
My beef isn't with what the file did, but more in how it was handled. It seems simple enough to me a sticky post that is locked could have said "we are aware of the file in question and are looking into it! , ALL POSTS will be deleted" or something that at least gave us a little information. Instead, I'm down to 47 days on my subscription and now have lost trust in what's going on behind the scenes in my so called protection.
As I’ve mentioned in previous posts, it seems unnecessary to gather so much data, and access so many different programs and information sources on your PC, just to check what OS you have, and whether or not you’ll have to update to new versions of NIS later. You would think the necessary information would be in Norton itself, since it KNOWS what version its own programs are, and it knows what OS versions you are running on. The shady relations with Swapdrive don’t surprise me at all.
Because of Symantec’s abysmal handling of this situation, countless customers have lost faith in a company they should have been able to trust. They began deleting posts long before this forum was hit by spammers, the spammers were caused by the deletion of posts, not the other way around. And either way, a post should have been stickied YESTERDAY explaining why everything was getting deleted, and explaining that PIFTS.exe is not harmful.
According to Dave Cole in the Official Statement, “Symantec strictly adheres to its Norton Community Terms Of Service and does not delete postings unless they are in violation of these guidelines. Upon determining that our User Forums were being abused, Symantec began removing the spam posts.” This is, however, false. Symantec removed every post that mentioned or in any way implied PIFTS.exe, even those that were quite obviously legitimate.
I was a customer of yours, Symantec, until I asked you about PIFTS.exe early this morning and had my account banned. My customers (I run an MSP) were customers of yours as well, because your software is what I have always sold. I no longer trust Symantec, however, and I’m forced now to find a new company to do business with.
Hi everyone,
The technical details of PIFTS.EXE have been posted here:
http://community.norton.com/norton/board/message?board.id=nis_feedback&message.id=39302#M39302
I would recommend that your read this post carefully, as it clears up many misconceptions about this program.
Okay, lets not go crazy over conspiracies here ¬_¬
http://anubis.iseclab.org/?action=result&task_id=19d7659347c3ebcd4a5ba7e9faa60fa14&format=html
that is what it does and its sending information to a domain and a company owned by Symantec, not FBI or Africa somewhere...
We haven’t mentioned Africa in this entire discussion, once. Do you even understand the information on that page? What it should be telling you is that it is definitely accessing information on your computer that is not relevant to what the program’s original intent was, to find information about which computers will need upgrades, depending on OS’s, etc etc.
Thanks Tony , we hope that take the spammer conspiracies theories an end. It is intolerable read these comments.
Sorry Voyager, but maybe {removed}. None of the discussion taking place here has been spam, nor has it been "intolerable". Customers deserve to know what's going on when such a massive cover up takes place, and so many suspicious things occur. Unwavering trust in a force larger than 1 person is half the problem with the world. One needs to ask questions, and uncover the truth. Not just sit idly by and be told what to do.
[edit: please be courteous per the Participation Guidelines and Terms of Service.]
Message Edited by Allen_K on 03-10-2009 10:24 PM
baaaaaaaah baaaah keep saying the sheeps
Well it totally desesperating to see how peoples like to stay asleep
Voyager, does dissent count as spam? Or better yet, what do you define “spam” as? You say that this thread is filled with spam, but after reading the entire volume of posts, there are very few posts I would regard as “spam.” If you are implying that all of Anshar’s post are spam, you need to relearn the definition of spam. Just because someone wants answers and for a long period answers are not given does not make it spam
All right, and thank you for the info.
I am still a bit confused, however. First is still my question of why NIS 2009 allowed the unsigned program to automatically run without alert or user confirmation (isn't this potentially an unsafe method?). Beyond that, was it even /supposed to/ run -- meaning, was it intended only for pre-NIS 2008 (again, I'm running '09)?
Anshar wrote:
We haven't mentioned Africa in this entire discussion, once. Do you even understand the information on that page? What it should be telling you is that it is definitely accessing information on your computer that is not relevant to what the program's original intent was, to find information about which computers will need upgrades, depending on OS's, etc etc.
Hi Anshar,
Before you post again, please read this post regarding the technical information about PIFTS.EXE. For one, you will see that it stands for Product Information Framework TroubleShooter and not "Public Internet and File Tracking System", as you stated in this post. I hope this clears up your confusion on this program. Thanks!
This still does not explain or disprove the fact that additional information is being acquired.
Just because a Symantec employee tells us that it's safe, doesn't do us much good. His job is to cover whatever this is up.
Third parties are on the other hand proving that our personal information is being sent to Swapdrive, which while is indeed a part of Symantec, raises the question of "why?"
Their so called purpose for this executable does not match up with what it is doing and that is that.