Symantec tells customers to disable pcAnywhere

Security vendor urges users to temporarily stop using its pcAnywhere offering until update is released, as malicious hackers with access to leaked source code can identify vulnerabilities and build new exploits.
Written by Ellyne Phneah, Contributor

Symantec has advised customers to stop using one of its products, pcAnywhere, advising that the remote access software carries increased securiy risk after its blueprints were recently stolen.

The IT security vendor last week confirmed that a 2006 theft of its product source codes put customers at risk of an attack. Several other products including Norton Antivirus Corporate Edition, Norton Internet Security, Norton Utilities and Norton GoBack also had its blueprints stolen.

In a whitepaper released Wednesday, Symantec asked customers to temporarily discontinue usage of pcAnywhere, until it releases a software update to mitigate the risk of an attack.

Symantec said malicious hackers who have access to the source code have an "increased ability" to identify vulnerabilities and build new exploits, and added that customers that do not follow general security best practices are susceptible to man-in-the-middle attacks which can reveal authentication and session information.

The security vendor also acknowledged that some customers had to continue using the affected software for "business critical purposes", but noted that they should use the most recent version of the product and "understand the current risks", which include the possibility that hackers could steal data or credentials.

The company also reiterated its previous stance that users of other software titles were not at heightened risk due to the breach in 2006. "The code that has been exposed is so old that current out-of-the-box security settings will suffice against any possible threats that might materialize as a result of this incident," Symantec said on its Web site.

Cris Paden, the company's spokesperson, also told Reuters in a Wednesday report that Symantec had fewer than 50,000 customers using the standalone version of pcAnywhere, which was available for sale on its Web site for US$100 and US$200 from Wednesday afternoon.

Editorial standards