The internet is abuzz today over a number of rumors concerning a file called PIFTS.EXE that is triggering alarms on many systems. Contributing fuel to the conspiracy-theory fire is that Symantec appears to be rapidly deleting any post mentioning the file from their forums. Here are some sample stories:

What is PIFTS.exe? from HowStuffWorks.
Internet conspiracy theories abound over Symantec Pifts.exe file, from The Telegraph.
From the SANS internet storm center.
One of the non-CT-oriented explanations is that Symantec mistakenly forgot to digitally sign the file, so it gets flagged.

You can find more by googling the phrase, but be aware that some site are now linking the phrase to malware, so be careful of what you click.

Nick

__________________
--
Nick Theodorakis

I saw something about this. I used to be a Norton fan in the old days. Not anymore, and this is yet another reason to keep Symantec products off my system.

They have been deleting messages on their boards about it, even banning persistent posters. I don't know if this is anything "really sinister", but there's something embarassing to Symantec there for certain.

It is some sort of "phoning home" component that they forgot to update in the allowed list of their own programs. It seems to be trying to hit some IP ranges in *Africa*, which is strange.

This is going to be fun.

-Richard

Well, here it is from the horse's mouth:

http://community.norton.com:80/norto...hread.id=39119

They say they were deleting the messages because some group was spamming their boards about it. According to the folks at GRC, PIFTS is just a statistics reporting component.

-Richard

Uh-huh...

On or about January 7, 2009, sin-man-tech installed an update which prevents TrueCrypt from creating encrypted volumes. I have repeatedly uninstalled both 360 and the updates, in all possible combinations, and have confirmed it's the update (not 360 itself) which is stopping TrueCrypt from working properly.

I spent 2 hours working with Symantec on the problem, and three days later they reported it as "fixed."

In a pig's eye.

It'll be fixed when they undo whatever they did in their January 9, 2009 update.

Until then, I'm searching heavily for another antivirus - I'm not amused by an antivirus program that does more to interrupt the way I use my computer than most viruses.

Until now, I didn't want to post this, here. Apparently, however, they have other issues, whether human error, or possible cover-up, the latter of which is commensurate with the way they've been handling their goof with locking out proper TrueCrypt operation.

__________________
"Toward no crimes have men shown themselves so cold- bloodedly cruel as in punishing differences of belief." - James Russell Lowell