Symantec Code-Signing Mistake Leaves Norton Users PIFTS Off

Coding error leads to speculation and conspiracy theories -- but no data loss

Dark Reading Staff, Dark Reading

March 12, 2009

2 Min Read
Dark Reading logo in a gray background | Dark Reading

A coding error in a recent patch of Symantec's Norton security products has caused a great buzz among security experts -- and a few conspiracy theories -- across the Web.

A file called PIFTS.exe was flagged by security researchers and malware detectors in the most recent patch of Norton Internet Security and Norton Antivirus 2006 and 2007, which was issued just days ago. The file appeared to be collecting data from users' PCs and sending it back to a server at Symantec, causing many security pros to wonder what the company was up to.

A number of users attempted to discuss the problem on the Symantec user forum, but their messages were summarily deleted by Symantec, fueling speculation that something sinister was afoot.

After much user discussion, however, a few hours ago Symantec finally published a blog explaining the PIFTS problem. Apparently, PIFTS stands for Product Information Troubleshooter, and it's a simple tool that helps Symantec collect information about how and when its patches are installed.

The most recent release of PIFTS was left unsigned by Symantec developers, which triggered an alert from malware detectors that the file might not be authentic. Symantec called the problem a "human coding error."

During the discussion of PIFTS on the Symantec user forum, a spammer submitted some 600 new posts to the thread in less than an hour. In an effort to stop the spam attack, the company was forced to delete all of the posts in the thread, the security company explained.

Symantec said the PIFTS error has been fixed and that no private user information was collected by the file. However, Symantec did warn that some phishers have been seen taking advantage of the problem to steer users to malicious code sites; it cautioned users to be wary of Google search results that promise explanations or solutions to the PIFTS problem.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message

About the Author

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights