This is a follow up from yesterday’s blog post. Yesterday afternoon, Symantec’s Norton Protection Blog broke silence and addressed the concerns of Norton Antivirus customers regarding the recent PIFTS.exe incident. According to the blog post, the PIFTS.exe application was part of a diagnostic patch for customers using Norton Antivirus 2006 and 2007. The blog post explains that the patch went out unsigned due to human error, which caused customer firewall applications to send alerts to users.

According to the post, there’s no danger to any Norton Antivirus customer. As for the disappearing posts on Norton’s community forum, the blog  explains that some forum members were creating new accounts and posting multiple threads on the forum about PIFTS.exe. While some of these threads were certainly on the childish side, others appeared to be sincere requests for information. It appears that Norton forum administrators nuked any and all messages that included “PIFTS.exe.”

This action prompted certain individuals and groups to double their efforts and post even more messages about PIFTS.exe to the forum. I can’t say whether this was a form of protest, an honest attempt at getting information or simply sabotage. It certainly caused more confusion.

Some enterprising ne’er-do-wells used the PIFTS.exe uproar to try and spread some actual malware around. A search on Google for PIFTS.exe brought up several blogs and forums, but it also brought up search results that led to pages claiming to scan the visitor’s hard drive. These sites would redirect the visitor to a page that included a supposed antivirus program. Never follow links like that — they’re almost always a cover for spyware or other malware.

What could Symantec have done to avoid the frenzy yesterday? Deleting the forum posts was probably a mistake. At the very least, deleting absolutely everything containing “PIFTS.exe” wasn’t the best tactic. Addressing the problem earlier and in clear language might have defused a lot of the anger and confusion as well. A locked post on the forums explaining the situation might have prevented the rampant speculation across the Internet. Responding to reporter requests for information might have been a good idea too.

Now Symantec is going to have to deal with customers who may not fully trust the company. Some people will still claim that there was something underhanded going on and that’s why Symantec didn’t respond more quickly. I think the lesson here is that it’s important to keep lines of communication open with your customers and the public in general.

I owe thanks to people who posted comments to yesterday’s blog, particularly Bill Bodge and Graham Cluley. Your contributions to the discussion were insightful and interesting.

Update: We received a comment from a Norton Community Forums administrator. You can read the update here.

Here are some articles from HowStuffWorks.com that can help you stay vigilant while you use the Internet:

How Computer Viruses Work
How Spyware Works
How Firewalls Work
How Trojan Horses Work