Dump Norton Now

This is from Slashdot:



And, I'm not trying to be alarmist and suggest this is some massive conspiracy led by Symantec and our Alien Overlords. It's just One More Thing.

Dump it. Kill it. Destroy it.

Stuff like this burns my hide, so I've become momentarily obsessed with it ...

If you've got this on your system, I would avoid googling much about it unless you pay close attention to where you're going and what you're doing. Bottom feeders are on the case and have set up websites claiming to "cure the PIFTS.exe infection," while they are actually trying to infect your system with malware. One of the first hits you'll get with a certain series of keywords takes you to a site that in turn redirects you to another site that attempts to install a trojan.

ZoneAlarm forums seem to have some good discussion about it. Symantec is, as of this writing, deleting any reference to it on the support forums it controls. Even links to discussions elsewhere are being scrubbed.

Some people have reported that this is an information gathering tool used by Symantec to gather stats about its software. It reports back to stats.norton.com. It seems to have been included with a 3/4/09 update and "switched on" yesterday, 03/09/09. IOW, it doesn't actually *appear* malicious. What's disturbing is Symantec's absolute lack of response and the throwing down the memory hole threads about it.

P.S. Some of the conspiracy theories about this are awesome. :)

Decent, rational discussion on ZoneAlarm's forums:

http://forums.zonealarm.org/zonelabs/board/message?board.id=Off-Topic&message.id=19903

and a giant resource hog, now it wants to do this too. I'm glad I quit using it years ago and advise everyone else not to either.

I find simple explanations tend to be the best for things like this.

Having said that, the fact that Symantec has scrubbed discussion of it and, as of about an hour ago anyway, had their forums down completely raises questions. The latter could be just because they were getting bombarded. 4chan and Slashdot at the same time!? Servers aren't meant to deal with that. :)

Anyway, if it's just part of their software that collects performance data and transmits it back to Norton that some staffer forgot to flag properly before it was released, why don't they just say that? Why the mystery? Why the padding to the end of the executable?

Just weird ...

to head Norton/Symantec.

(not) coincidentally enough, Norton started to go downhill after that.

Norton used to be good, but that was a *long* time ago.


Reasons:
1. Norton is bloatware and hogs as much system time as it can get
2. Norton (at least in 2004) let known viruses right through
3. Removing Norton risks blowing up the system (though quicktime is far worse)

According to the date Wikipedia gives me.
http://en.wikipedia.org/wiki/Peter_Norton

conspiracy theory time.

http://www.telegraph.co.uk/scienceandtechnology/technology/technologynews/4969463/Internet-conspiracy-theories-abound-over-Symantec-Pifts.exe-file.html

Let's see... I have NIS2009 running on 4 systems... no errors, warnings, problems.

It's also running faster than AVG ever did.

Fear... the enemy of truth.

I didn't post comments about this to endorse the conspiracy theories. As also noted, most of the examinations of the file were indicating it seemed innocuous. The conspiracy theories were/are awesome, awesome in that way most whackadoodle stuff has of being awesome. It's just fun to watch it sometimes.

But on that note, there's nothing in that story that wasn't presumed when I did post, information available at the links I gave from the more rational amongst the crowd, i.e. people who were genuinely looking into what the little program does.

The troubling part is that Symantec scrubbed discussion of it and, as of this writing, has still made no official comment on it. I don't care if the file just sits there and counts to 2 once every 24 hours. When your customers pose a legitimate question apparently brought about by a screw-up, you answer them, or, failing that, you let them bleat on about it in your own support forum. Hell, not even Microsoft does that sort of thing. If, as is being guessed, this was just a screw-up with a recent update that failed to flag the file as safe, why allow the mystery to endure? To repeat, all we have are guesses because Symantec, a company that bases its entire reputation on *timely* responses to security issues and has absolutely no trouble at all issuing preemptive warnings about problems that its competitors might have, has said nothing.

Why?

The only conspiracy I see here is the continuation of a business model that runs like a protection racket and an attempt to hide the fact that they screwed up something really simple and don't know how to admit it.

As for relative quality, the corporate version of Symantec isn't bad if you don't factor in cost, but most people don't have that. The various home versions are pure garbage. I've cleaned far too many systems that had various iterations of Norton on their machines, purchased due to a response to advertising methods I consider borderline extortion, to think otherwise.

when Norton 2000 was released, we had a steady little business of fixing the mail server errors.
Norton changed them all. Why? :shrug: I won't use it.

Symantec bought it.