The file appears to be entirely non-malicious, and related to Norton's security product. It's build date of Thursday March 5th, suggests it has only just been created.
PIFTS attempts to connect to a webserver (stats.norton.com), passing information such as installed product information, version number, and a series of other non-obvious parameters. Some of this information it extracts from the Windows registry.
The file PIFTS.EXE is about 100k in size, so it would take some time to analyse in detail. However, we feel fairly comfortable in debunking the internet rumours claiming that PIFTS might be a rootkit or government-sponsored backdoor to spy on the masses. We think it's more likely that Symantec's programmers simply forgot to properly tag the file as having permissions to perform its functions.
Indeed, a private communication from a Symantec employee reassured us that the problem was more likely to be an error by one of their staff than a sinister plot against its users. We understand that an official statement from Symantec will be available soon.
Our guess is that PIFTS is some kind of feedback component designed to gather statistics about Symantec's products, or an auto-update component.
If we find out any more we'll let you know.
Slashdot Mirror
The file appears to be entirely non-malicious, and related to Norton's security product. It's build date of Thursday March 5th, suggests it has only just been created. PIFTS attempts to connect to a webserver (stats.norton.com), passing information such as installed product information, version number, and a series of other non-obvious parameters. Some of this information it extracts from the Windows registry. The file PIFTS.EXE is about 100k in size, so it would take some time to analyse in detail. However, we feel fairly comfortable in debunking the internet rumours claiming that PIFTS might be a rootkit or government-sponsored backdoor to spy on the masses. We think it's more likely that Symantec's programmers simply forgot to properly tag the file as having permissions to perform its functions. Indeed, a private communication from a Symantec employee reassured us that the problem was more likely to be an error by one of their staff than a sinister plot against its users. We understand that an official statement from Symantec will be available soon. Our guess is that PIFTS is some kind of feedback component designed to gather statistics about Symantec's products, or an auto-update component. If we find out any more we'll let you know.