Symantec Code-Signing Mistake Leaves Norton Users PIFTS Off

Dark Reading
3/11/2009

A coding error in a recent patch of Symantec’s Norton security products has caused a great buzz among security experts — and a few conspiracy theories — across the Web.

A file called PIFTS.exe was flagged by security researchers and malware detectors in the most recent patch of Norton Internet Security and Norton Antivirus 2006 and 2007, which was issued just days ago. The file appeared to be collecting data from users’ PCs and sending it back to a server at Symantec, causing many security pros to wonder what the company was up to.

A number of users attempted to discuss the problem on the Symantec user forum, but their messages were summarily deleted by Symantec, fueling speculation that something sinister was afoot. [It’s known as CYA! — Harold]

After much user discussion, however, a few hours ago Symantec finally published a blog explaining the PIFTS problem. Apparently, PIFTS stands for Product Information Troubleshooter, and it’s a simple tool that helps Symantec collect information about how and when its patches are installed.

The most recent release of PIFTS was left unsigned by Symantec developers, which triggered an alert from malware detectors that the file might not be authentic. Symantec called the problem a “human coding error.”

[We report — YOU decide!!

I’m certainly happy with Kaspersky. After all, I’d much rather trust the Russians looking over my shoulder than Obama’s dweebs!!!]