RSS Alerts
Users of Symantec’s pcAnywhere are at increased risk as a result of a recent source code theft, the company advised

Share

More services

Related Links

  • Computer Weekly
  • Elsevier Ltd is not responsible for the content of external websites.

Related Stories

  • Symantec pays $115m for LiveOffice email archiving provider
    Security software firm Symantec has acquired LiveOffice, a provider of cloud-based email archiving products, for $115 million.
  • Symantec loses anti-virus source code
    Symantec has confirmed that sample source code provided by the hacker known as YamaTough to Infosec Island is genuine Norton AV source code from the 2006 version of its product. As yet, little else is known.
  • From the Eye of the Storm: 2011 Information Security Predictions
    Last January, Infosecurity magazine published prognostications by the (ISC)² Advisory Board of the Americas (ABA) regarding the information security field in 2010. Unlike many who have attempted to envision the future, the ABA has gone back and reviewed the accuracy of its predictions and provided a letter grade for each. The ABA will then offer new predictions for 2011.
  • Information security in China: A license to print money
    With 200 million internet users in China, and a predicted annual growth rate of 17% for the information security market until 2013, why would security vendors want to go anywhere else? William Knight investigates
  • Interview: EA's Spencer Mott
    From London’s Metropolitan Police to VP and CISO at Electronic Arts, Spencer Mott has had a colorful career with little end in sight. Here, he talks to Eleanor Dallaway about what the information security industry is up against, how the Sony breach impacted the whole industry, and how EA suffered a breach of its own in 2011

Top 5 Stories

News

Businesses should disable pcAnywhere, says Symantec

27 January 2012

Security firm Symantec has warned businesses to stop using its pcAnywhere software until security patches are issued.

The company confirmed that a segment of its source code had been stolen by a hacking group in 2006 that made pcAnywhere vulnerable.

However, Symantec said it had since taken steps to prevent a similar incident from occurring again, and that there were no indications that customer information had been impacted or exposed.

“Our investigation continues to indicate that the theft is limited to only the code for the 2006 versions of Norton Antivirus Corporate Edition; Norton Internet Security; Norton SystemWorks (Norton Utilities and Norton GoBack); and pcAnywhere,” the company said.

News of the source code theft emerged earlier this month when hacking group Lords of Dharmaraja threatened to post it online.

Symantec initially said there was no risk to users as the stolen code was six years old, advising them simply to make sure the most recent version of the products had been downloaded.

The company has reiterated that advice, but has now warned that users of Symantec’s pcAnywhere do have increased risk as a result of the source code theft.

“Our current analysis shows that all pcAnywhere 12.0, 12.1 and 12.5 customers are at increased risk, as well as customers using prior versions of the product,” the company said.

Symantec has published security guidelines, which recommend disabling the product until the firm releases a final set of software updates that resolve currently known vulnerability risks.

For customers that require pcAnywhere for business-critical purposes, it is recommended they understand the current risks, ensure pcAnywhere 12.5 is installed, apply all relevant patches as they are released, and follow the general security best practices in the guidelines.

“Customers that are not following general security best practices are also susceptible to man-in-the-middle attacks which can reveal authentication and session information. General security best practices include endpoint, network, remote access, and physical security, as well as configuring pcAnywhere in a way that minimizes potential risks,” the company said.

This story was first published by Computer Weekly

This article is featured in:
Application Security • Internet and Network Security • Malware and Hardware Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012