Symantec tells customers to disable pcAnywhere
By Stewart Mitchell
Posted on 26 Jan 2012 at 14:22
Symantec has told customers to disable its remote desktop software pcAnywhere, after source code stolen in 2006 was published online.
Symantec recently admitted the source code had been stolen back in 2006, after threats to publicise details of the code were made by Anonymous hacktivists.
At the time it said there was no security threat, however, the company has now advised users to pull the plug on the program until it is able to secure the software.
“With this incident pcAnywhere customers have increased risk. Malicious users with access to the source code have an increased ability to identify vulnerabilities and build new exploits,” the company said in a white paper.
If the malicious user obtains the cryptographic key they have the capability to launch unauthorised remote control sessions
“Symantec recommends disabling the product until Symantec releases a final set of software updates that resolve currently known vulnerability risks. For customers that require pcAnywhere for business critical purposes, it is recommended that customers understand the current risks, ensure pcAnywhere 12.5 is installed and apply all relevant patches.”
The company said that unpatched consumers were most at risk, but that even up-to-date products were not fully secure.
“It is possible that successful man-in-the-middle attacks may occur depending on the configuration,” the company said.
“There are also secondary risks associated with this situation. If the malicious user obtains the cryptographic key they have the capability to launch unauthorised remote control sessions.”
Symantec also recommended blocking relevant ports and other security measures.
From around the web
So not pcAnywhere...
... but pcEverywhere?
By JohnGray7581 on 26 Jan 2012 
Or for the security conscious...
PCIntheplaceyoukeepit
By dubiou on 26 Jan 2012
No, wait...
PCJustThere
By dubiou on 26 Jan 2012
I've not used pcAnywhere in almost 10 years. I forgot about it completely until I saw this article.
By james016 on 27 Jan 2012
2006!
So Symantec are saying there are vulnerabilities in the code that they still haven't fixed in six years.
Open-source. You know it makes sense.
By stevehayes on 27 Jan 2012
"Open-source. You know it makes sense."
Kinda feels like pcAnywhere IS open-source since 2006!
By AdrianB on 27 Jan 2012
Appalling behaviour by Symantec
So, the code was stolen in 2006 but because it wasn't published online there was no security risk? Unbelievable! Who knows how it might have been shared with other hackers in the meantime. Symantec customers were at risk back in 2006 and should have been warned then. Admitting this now just because it's public knowledge is shameful.
By nickramsden on 2 Feb 2012
advertisement
- Laptop bag reviews: nine tested
- Sony VAIO T Series Ultrabook review: first look
- Revealed: the military standards and robots HP uses to test its laptops
- Windows 8: multi-monitors and double standards?
- Why is TalkTalk's year-old porn filter suddenly big news?
- Why are laptop screens so far behind mobiles?
- HP EliteBook Folio review: first look
- The shoebox-sized all-in-one printer
- Forget the Ultrabook: here comes the HP Sleekbook
- HP Spectre XT review: first look
- Why you have to be left in the dark on OS patches
- Publishing your email address isn't a security disaster
- Why antivirus is fighting a losing battle in your office
- Four year olds used to steal their parents' data
- An acceptable use policy for your kids
- Paying for your crimes with Bitcoin
- Pavement hacking: What it is and how to avoid it
- Google's risky pre-loaded pages
- Mac under attack: how secure is Apple's OS?
- Has your browser been hijacked?
advertisement
