Bad Symantec update leads to trouble

10.03.2009
Symantec says a buggy diagnostic program spurred a rash of Norton antivirus user complaints late Monday and Tuesday morning.

Problems started around 4:30 p.m. Pacific Time on Monday, when Norton Internet Security and Norton Antivirus 2006 and 2007 users started receiving error messages connected to a Symantec software update that tried to download a program called PIFTS.exe. "In a case of human error, the patch was released by Symantec 'unsigned,' which caused the firewall user prompt for this file to access the Internet," wrote Symantec spokesman Dave Cole in a

Users reported that Norton's own firewall software was popping up error messages asking them if they wanted to install the PIFTS.exe file. Norton's firewall would have let it pass, had it been digitally signed.

The update was available for about three hours and was pushed out to a small, "limited number" of Norton users, said Jeff Kyle, a group product manager of consumer products with Symantec.

PIFTS (Product Information Framework Troubleshooter) is a diagnostic program that Symantec periodically sends out to users to anonymously collect information such as the operating system and version number of the product being used in order to get a snapshot of its user base. The troublesome, unsigned PIFTS.exe file is no longer being distributed, but it never represented any kind of security threat, Kyle said. "If a user would have accepted it they should have been fine, and if they declined it they should have been fine."

However, the trouble was only just beginning.