Bad Symantec update leads to trouble
Symantec says a buggy diagnostic program spurred a rash of Norton antivirus user complaints late Monday and Tuesday morning.
Problems started around 4:30 p.m. Pacific Time on Monday, when Norton Internet Security and Norton Antivirus 2006 and 2007 users started receiving error messages connected to a Symantec software update that tried to download a program called PIFTS.exe. "In a case of human error, the patch was released by Symantec 'unsigned,' which caused the firewall user prompt for this file to access the Internet," wrote Symantec spokesman Dave Cole in a forum post explaining the problem.
Users reported that Norton's own firewall software was popping up error messages asking them if they wanted to install the PIFTS.exe file. Norton's firewall would have let it pass, had it been digitally signed.
The update was available for about three hours and was pushed out to a small, "limited number" of Norton users, said Jeff Kyle, a group product manager of consumer products with Symantec.
PIFTS (Product Information Framework Troubleshooter) is a diagnostic program that Symantec periodically sends out to users to anonymously collect information such as the operating system and version number of the product being used in order to get a snapshot of its user base. The troublesome, unsigned PIFTS.exe file is no longer being distributed, but it never represented any kind of security threat, Kyle said. "If a user would have accepted it they should have been fine, and if they declined it they should have been fine."
However, the trouble was only just beginning.
Around 7:30 p.m. Pacific Time, Symantec noticed that its Norton support forums were being flooded with blank messages that had PIFTS.exe in their subject line. Within three hours there were 600 posts about PIFTS.exe. The posts contained no text, only subjects such as "IF PIFTS.EXE WAS HERE, THEN WHO WAS PHONE?" and "OH GOD YOU GOT CHOCOLATE IN MY PIFTS."
Symantec began deleting the messages, assuming they were from spammers.
Soon the SANS Internet Storm Center had picked up on PIFTS.exe and noted that Symantec discussion-group messages were being deleted. Noting that messages mentioning the mysterious file name were being deleted from Symantec's support forums, SANS said that something "truly bizarre was going on."
By now, Norton users were becoming worried. "Norton Users Worried By PIFTS.exe, Stonewalling By Symantec," read a Slashdot post on the topic.
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
symantec
Powered by Twitter
Esther Schindler
If the comments are ugly, the code is ugly
claird
SVG a graphics format for 21st century
pasmith
Take Chrome OS for a test spin
Sandra Henry-Stocker
Solaris Tip: Have Your Files Changed Since Installation?
jfruh
Android fragments vs. the iPhone monolith
mikelgan
What Gizmodo missed about the Pro WX Wireless USB disk drive
Where Google Chrome security fails: the password
I heard mention that the Chrome OS will have some sort of encryption available a la bitlocker. If it's possible to encrypt personal data using another password or key, then it may have potential for very secure data.... And Ubuntu has an 'encrypt home directory' option, perhaps google should follow suit.
- Dann
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
when you are #1 the only way is down
Unfortunately another example of Symantec losing the edge that made them the leading security vendor for PCs. A few years ago I had no hesitiation in recommending them for anyone wanting an internet security product. But when it takes up 25% of your CPU just for security and the features (such as family filtering) slowly disappear with each new realease you look at better competitors - even free alternatives.