Something strange is going on across the Internet. Some Norton AntiVirus users are receiving pop-up messages alerting them about an application called PIFTS.exe that is trying to connect to a server. But what is PIFTS.exe? Why does it need to access the Internet? What is it trying to access? What connection does it have to Norton (or Symantec, the company that produces Norton-branded products)?

As of right now, we don’t have many answers to these questions. What we do know is that it appears to be linked to a Norton update cycle. Whether Symantec is responsible for the application or not still isn’t known. Nor do we know what the application’s purpose is. All we know is that the application appears to connect the user’s computer to a remote server.

To make matters more confusing, it appears that inquiries posted by Symantec customers to the official Norton forums have been removed. Other online communities like ZoneAlarm’s forum are now hosting discussion threads about PIFTS.exe. Tech-Linkblog has a post about the application that includes screenshots of posts in the Norton forums before they were removed. It looks like no one is quite sure what is going on, but there are several theories being bandied about.

One theory is that PIFTS.exe is part of an automatic update and is nothing to worry about. Another is that Norton has been compromised by malicious hackers. At least one theory is that the application would connect the user’s computer to a server in Africa. With threads disappearing from Norton’s forums, paranoia is understandably running high. Is Norton trying to cover something up? Or is someone else deleting the posts?

It’s possible that the entire debacle is much ado about nothing, but until Symantec addresses the issue in an honest and informative way we’ll probably see dozens of different theories ranging from an honest blunder to malevolent attacks on customers. My advice is to not allow PIFTS access to the Internet and to watch for an official statement from Symantec regarding the problem.

Update: Posts on Norton’s forum referencing PIFTS.exe continue to disappear. This has prompted some users to create new accounts and flood the forums with PIFTS.exe posts. Some users are including references to PIFTS.exe in other threads. A few users are protesting Symantec’s silence on the issue while others just want to raise a ruckus. I’ve sent an inquiry to Symantec to get to the bottom of this. If I hear back I’ll be sure to update this post.

Update 2: According to the Internet Storm Center, a Symantec employee has said that PIFTS.exe is harmless and is part of the Norton update process. I’ve not heard anything back from my own inquiry to Symantec.

Update 3: I have posted a follow-up story with Symantec’s explanation.

Update 4: We received a comment from a Norton Community Forums administrator. You can read the update here.

You might want to read up on the following articles from HowStuffWorks.com — you never know when they’ll come in handy:

How Computer Viruses Work
How Spyware Works
How Zombie Computers Work