back to article Conspiracy theories fly around Norton forum 'Pifts' purge

Conspiracy theories are running rampant in the absence of a clear explanation of why Symantec deleted threads expressing concern about a file called pifts.exe from its Norton support forums. Many users running Norton Internet Protection began seeing a popup warning on Monday that a file called PIFTS.exe on their systems was …


This topic is closed for new posts.
  1. Anonymous Coward
    Thumb Down


    Can't believe people still use that crock of shite! I gave it the elbow over 4 years ago when it started bloating and became a total resource hog. AVG went the same way... pah!

    Disgusted (though not from Tunbridge Wells)

  2. Anonymous Coward

    Not to take this too lightly

    millermia on the zone alarm forum found the file in a hidden folder, not a "non-existent" folder and there are many similar hidden folders used by other apps in "Documents and Settings\All Users\Application Data\" so it isn't the unholy rootkit armageddia you are punting. Journalism these days seems to be based on the the 6 W's What, When, Where, Why, Who and Worry your readers into a state of fear and apoplexy.

  3. David Wilkinson

    Hidden Folder

    From what I read the folder is simply hidden, not rook-kit type tricks. If you have explorer set to show hidden files and folders you can see it.

    What I don't understand is why Norton is deleting all the forum posts. That's a guaranteed way to draw as much attention to the issue as possible.

    I imagine people are also going to monitor changes in privacy statements and EULA's, so see what if anything they were doing that they don't want their customers to know about or discuss.

  4. This post has been deleted by its author

  5. pctechxp
    Thumb Down

    Don't use Symantec products

    They are crap and slow and now hide backdoors.

    There are plenty of alternatives that do a far better job.

  6. Graham Cluley

    And the malware authors are close behind..

    It looks like the bad guys are up to their trick of jumping on the bandwagon again.

    We're seeing evidence that websites containing malware are showing up in search engine results when people hunt for PIFTS. Sophos is picking up some of these sites as Mal/BadRef-A.

    The Mal/BadRef-A script redirects to another malicious script (Troj/Reffor-A) which then itself redirects to a page detected as Mal/FakeAvJs-A.

    That page leads to a fake anti-virus scan (scareware) designed to frighten you out of your hard earned cash.


    Graham Cluley, Sophos

  7. Anonymous Coward
    Anonymous Coward

    Faster than you can say IDAPRO

    people will be reverse engineering that software.

    So, perhaps not a theory conspiratorial or otherwise by the morn.

    It is probably going to be an ET.

  8. James O'Brien

    Yet another reason

    I dont use that bloated piece of crap called Norton. If they cant be honest by atleast saying its part of OUR program and no we wont tell you what it does, but instead delete questions without so much as a comment. Hope this encourages more people to stop using it.

    /Flames cause im sure they will come.

  9. Bill Cumming

    strange file...

    Think the file has been altered or was not intended for commercial release. The file has been "padded" out to size (the last few Bytes of the file is filled with the word "PACKINGPACKINGPACKING" etc... etc... this is usually found in tampered or virus like files...

  10. Jerry Masterson

    But really

    How many people does this really affect? 5? 10? Maybe a dozen at the most. Can't be any more that that still using Norton crapware.

  11. Robert Moore
    Thumb Down


    I thought everyone had deleted that Norton crap off their computers years ago.

    Thumbs down to all Symantec software.

  12. Anonymous Coward

    Jedi Mind Trick

    This is not the file you are looking for...

  13. Kai Lockwood

    Oh LAWD...

    is dat sum exploit?

    Public relations - Symantec fails it

  14. Stefan

    No love for Symantec, but...

    Anyone given thought to the possibility that Symantec do not want this talked about because it potentially reveals an as-yet unused tactic for detecting and removing malware? 'Rootkit-like behaviour' could indeed indicate Symantec moving into using such technology against malware.

    I actively despise Norton product line and campaign (in my own small way) against its use, but I don't let my hatred cloud my judgement. It's a shame so many others do.

  15. Anonymous Coward
    Paris Hilton

    Version numbers

    Norton say it was a program distributed with an update that sent information back to their servers to give them an idea of the number of people needing to be migrated to a newer version. They say the number of people moving up to Windows 7 meant they had to calculate the load this would put on servers to migrate people over to a newer Norton.

  16. Nigel Wright

    If you're using Symantec's shit software....

    ...then don't be surprised if it's up to no good. It's intrusive, hard to uninstall and a resource hog that takes over your machine.

  17. Chris


  18. GottaBeKidding
    Thumb Down


    The file is not in a "non-existent" folder. It's in a hidden folder.

  19. Anonymous Coward
    Paris Hilton

    non-existent file...

    This is obviously down to the new small footprint for Norton that we hear so much about - what could be smaller, datawise, than saving the info in a non-existent file?

    Congrats to Norton, next time they will hope to not be found out........

    Paris, Oh dear, has she been found out.......

    Time for a new sexist icon? How about a homosexualist icon? just for a laugh, obviously, I quite like Paris - at a distance, my dreams

  20. Steve Sherlock


    Anyone else appreciate the irony of not one, not two but THREE adverts for "Symantec Recovery" on this article?

    Mine's the one with tinfoil lining and matching hat...

  21. Anonymous Coward
    Black Helicopters

    RE: meh

    Darn, what a killjoy.

    Had the chopper set up with a new coat of black paint, and all gassed up and ready to go...

  22. BlueGreen

    In small defence of norton

    That was the first AV package I ever used. I hated it so moved on to another... and another... and another... and it was downhill all the way.

    Norton did what it said on the tin, albeit like a lardy pig. All the rest were progressively worse, culminating in the disaster called f-secure, an utter reeking ammoniacal Augean stable.

    Disclaimer: I work for no AV vendor.

  23. Anonymous Coward
    Anonymous Coward

    Any one else

    Have a hard time removing Norton?? Seems to leave its self all over the Reg.

  24. Mark C
    Black Helicopters


    Too late ... looks like others had already taken off

  25. Anonymous Coward
    Anonymous Coward


    Classic. I generally uninstall Norton stuff on sight (alas for the days of Norton Commander...) but it looks like they got the short end of the PIFTS on this one.

  26. steve-C

    I'd rather...........

    ...............have a virus than Norton, the virus does less damage to your system, and is easier to remove with reputable tools. Always good to see a spanner in the works of the MS/Symantec protection racket.

    Amusing to see Symantec talking about scareware isn't it.

    Tux, cos he don't need no stinkin' anti-malware malware.

  27. Anonymous Coward
    Black Helicopters


    I like their comment that they were being abused as multiple new accounts were being created to discuss the problem.

    So all these people who saw the problem and wanted to talk about it were being malicious.

    And if they are deleting such posts, no wonder it was followed by some of the 'spam' they received.

  28. The Fuzzy Wotnot
    Thumb Down

    @AC - Dump Norton

    Damn right! I dumped it about 3-4 years ago, it was such a pig to maintain, always crashed and it was an even bigger pig to remove, it always left small residual traces behind. You either needed to rebuild or go out onto "da web" to pick up the Norton removal kits, written by hackers to get the damn thing out.

    It's crap but like Windows itself, Joe P. is happy to lump the problems and live with it!

  29. Pascal Monett Silver badge

    Haven't they learned yet ?

    No really, how many times have we heard of this kind of nonsense. Vendor's product has issue, questions posted on vendor forum, posts deleted.

    Customer Relations 101 reminder : deleting questions without explanation will invariably bring the issue under greater scrutiny and will, without fail, put the vendor in bad light in the opinion of the public.

    Happens every time. No exceptions.

    Why oh why do these companies still try ?

  30. lansalot

    @alacrity fitzhugh

    Don't worry - there'll be another panic-button to hit soon, so keep the chopper blades spinning. That's the great thing about the internet and forums, it's sooo easy to get a conspiracy theory off the ground :)

  31. Anonymous Coward
    Anonymous Coward




    * If you wanna be my NORTON/ you gotta deal with my P ! F T S . E X E




    ^ I detect anonymous at work.

  32. N

    Re: why people still use that crock of shite!

    Cos its piled high in PC Rip Off Wurld & other commercial outlets sell it by the pallet load to the great unwashed, who dont know better...

  33. Anonymous Coward
    Thumb Down


    I really don't see the point of AV software like Norton and McAfee or even AVG (which the 'IT guy' insists we have to have installed and running (I switch mine off) on our workstations at all times). Others are right to suggest they are nothing but unweildly system hogs.

    On my personal PC at home I don't use any of 'em. If I get a trojan or some such hijack I just use things like Malwarebytes, Windows Washer and CC Cleaner. My PC at home is far more stable, cleaner and reliable than the AV-enabled piece of crap I'm forced to use at work.

    Go figure.

  34. Mark
    IT Angle


    You obviously have no idea how much damage an infection can do to a corporate network, not to mention the various problems you could suffer by breaking various laws (like the DPA) which mean you have to actually take care of the data you hold.

    I could go on, but I have a feeling i'm wasting my breath.....

    Crawl back under your bridge like a good little troll.

  35. Jonathan

    Streisand Effect?

    Have Norton never heard of the Streisand Effect? The only way to guarantee that everyone knows something you dont want them to know is to release it then try to cover it up. Once you do that, the entire internet will gang up against you and make sure everyone knows what it is you were trying to do in the first place.

    had they released a notice saying, "Sorry guys, thats our data collection mechanism. We use it to collect data from your PCs to provide better protection, and it needs to be hidden in case the virii get to it", and not deleted any discussions, no one would give a toss.

  36. Walter Brown

    @Jerry Masterson

    If only your statement was correct, unfortunately its not... One thing Symantec is really good at is making money, they hold 50% + market share, so this little gem is affecting millions upon millions of unenlightened, slow, stupid or otherwise retarded people who fall victim to symantec, whos corporate motto is: We are betting at making money than we are at making useful products, but we dont give a fuck because we've already got your money!

  37. bass daddy
    Thumb Down


    if you're using Symantec products then you've already noobed out and deserve what you get.

    Simply change.

  38. LouisARE

    If You're Looking For Information

    Hello everyone -- I work for Symantec's public relations firm, Edelman. Just wanted to quickly point out that if you want more information on the PIFTS issue, you can go to Symantec's user forum at

    Louis Cheng

    Edelman Public Relations

  39. Anonymous Coward
    Anonymous Coward

    If You're Looking For Information -- further

    And there is a follow up message to the one Louis Cheng links to which really must be read.

    "PIFTS.EXE and User Information Disclosure and System Changes"

    which explains further about PIFTS.EXE and explores the referenced reports on automated analysis of PIFTS.EXE by the Anubis server.

  40. Adam West

    yeah right

    Does it explain why they were banning people for posting on their forums about the issue? Brilliant public relations, that.

This topic is closed for new posts.

Other stories you might like