Claudine Beaumont
London Telegraph
March 12, 2009
The file, called Pifts.exe, requests permission to dial out to the internet. But users of Symantec’s Norton Internet Protection software have found it almost impossible to find more information about the file’s origins and purpose, and the situation has led to a rash of rumours on online message boards about the true purpose of the file.
Security experts, however, believe the file is innocuous and does not pose a threat to internet users.
Many users first became aware of the file on Monday, when their internet protection software popped up a warning that Pifts.exe was trying to access the internet. The location of the file pointed to a non-existent folder within the user’s Symantec LiveUpdate library.
Further investigation by some Norton users suggested that the file attempted to dial out to Norton servers in Africa, while others wildly speculated that “Pifts” stood for Public Internet File Tracking system, and was a sinister attempt to monitor users’ online behaviour.
The rumours were further fanned by Symantec’s apparent decision to delete threads related to the issue from its user support forum, leading some web users to suggest a cover-up by the software company.
But security experts have said that early indications show the file is not malicious and is related to Norton’s security products. It has a build date of March 5, suggesting it has only just been created, said Graham Cluley, a security expert with Sophos.
“Pifts attempts to connect to a webserver (stats.norton.com), passing information such as product name, version number and a series of other non-obvious parameters,” he wrote on his blog.
“We feel fairly comfortable in debunking the internet rumours claiming that Pifts might be a rootkit [a tool used by hackers] or a government-sponsored backdoor to spy on the masses.
“We think it’s more likely that Symantec’s programmers simply forgot to properly tag the file as having permissions to perform its functions. Indeed, a private communication from a Symantec employee reassured us that the problem was more likely to be an error by one of their staff, rather than a sinister plot against Norton users.