Symantec apologises for patch havoc

 

Gallery

Posted on 11 Mar 2009 at 08:52

Symantec has apologised after an unsigned security patch caused panic among Norton users.

The diagnostic patch PIFTS.exe was included in the latest update for Norton Internet Security with the purpose of anonymously collecting statistics on the computers using its products, according to Symantec.

Unfortunately, "human error" meant the file was unsigned causing firewalls to flag it when it attempted to dial home. Enterprising users discovered the file was attempting to dial out to Norton servers in Africa, and conspiracy theories quickly began to fill the vacuum of silence left by Symantec.

Once story even suggested PIFTS stood for Public Internet File Tracking system, and was a sinister attempt to covertly watch users. These conspiracy theories were further fanned by Norton's decision to delete threads on its forums related to the update.

Symantec claims it wasn't censoring posts, but rather fighting off a spam attack.

"Within minutes, several dozen user accounts were created commenting on the initial thread, and/or creating new threads on the topic," the company says in a statement.

"Over the next few hours, over 200 user accounts were created. Within the first hour there were 600 new posts on this subject alone."

Though it did admit it may have been overzealous in its fire-fighting efforts: "After reviewing some of the emails we've received, it appears that some posts were removed in error, as well as the access of some users... We apologise for this inconvenience, and thank you for your patience while we deal with this difficult situation."

Author: Stuart Turton