Symantec Corp is advising customers to stop using pcAnywhere software because it is at an increased risk for being
hacked. Last week, Symantec confirmed that hackers accessed their source code and as a caution are now advising users to disable their pcAnywhere product. It is highly unusual for an Internet Security company to make such an advisory, but the company said it was necessary until they could patch up the holes.
The source code, for which Symantec had been denying now admits was breached in 2006, is a full disclosure;
Symantec confirmed that hackers stole the source code for the 2006 versions of Norton Antivirus Corporate Edition, Norton Internet Security, Norton System Works and pcAnywhere.
“Our own network was not breached, but rather that of a third party entity,” the company said in the statement on January 6, 2012. “We are still gathering information on the details and are not in a position to provide specifics on the third party
involved. Presently, we have no indication that the code disclosure impacts the functionality or security of Symantec’s solutions,” the statement went on.
Now, the company says that PCs are at increased risk of getting hacked after blueprints of that software were stolen.
Symantec said it was only asking customers to temporarily stop using the product, until it releases an update to
the software that will mitigate the risk of an attack.
“At this time, Symantec recommends disabling the product until we release a final set of software updates that resolve currently known vulnerability risks,” Symantec said in a statement. (http://www.symantec.com/theme.jsp?themeid=anonymous-code-claims)
The statement goes on to read, “For customers that require pcAnywhere for business critical purposes, it is recommended that customers understand the current risks, ensure pcAnywhere 12.5 is installed, apply all relevant patches as they are released, and follow general security best practices.”
In a PDF (http://www.symantec.com/connect/sites/default/files/pcAnywhere%20Security%20Recommendations%20WP_01_23_Final.pdf) Symantec said that “ Malicious users with access to the source code have an increased ability to identify vulnerabilities and build new exploits. Additionally, customers that are not following general security best practices are susceptible to man-in-the-middle attacks which can reveal authentication and session information. General security best practices include endpoint, network, remote access, and physical security, as well as configuring pcAnywhere in a
way that minimizes potential risks.
Then the company said pull the plug – for now.
It was back in early January 2012, a hacker naming himself YamaTough released the source code to its Norton
Utilities PC software and had threatened to publish its widely used anti-virus programs. An Indian hacking group calling itself Lords of Dharmaraja had claimed that it possessed the same source code for Symantec’s Norton AV products. Even Anonymous figured into the equation.
But Symantec countered and said the code was old and outdated.
As of writing this article, Symantec released a hotfix which can be downloaded from here http://clientui-kb.symantec.com/kb/index?page=content&pmv=print&impressions=&viewlocale=&id=TECH179526
I’m a government cleared cybersecurity expert (a Certified Ethical Hacker), and the Vice-President of Cyber at SIRCO, an investigations and protections firm in Montréal, Canada.
I’m also a frequent contributor to National & Global media reportage about cyber-crime, spying, security failures, internet scams, and the real social network dangers that families and individuals face every day.