January 26, 2012
Symantec Reports Security Risk for pcAnywhere Users
In an official announcement on its website, the Internet security giant Symantec advised customers to stop using its pcAnywhere software amid fears related to a recent security breach.
The company explained in a web post that a group of Indian hackers had stolen old source code, exposing the remote access program to increased security risks.A statement on its website recommended that users disable the program “until Symantec releases a final set of software updates that resolve currently known vulnerability risks.”
The note went on to explain how customers who have to use the program for “business-critical purposes” could reduce their exposure, adding that all users should “apply all relevant patches [“¦] and follow the general security best practices” as they become available.
Symantec also ensured its customers that only the pcAnywhere software was affected and all of their other products remained safe to use.
Software engineers for the company explained that the stolen code made the popular program vulnerable to so-called “man in the middle” attacks, a sort of crack in the program´s security that could potentially allow third parties to remotely access sensitive user data.
“Malicious users with access to the source code have an increased ability to identify vulnerabilities and build new exploits,” read the website.
According to a statement by a company spokesman, less than 50,000 people worldwide use the standalone version of pcAnywhere. However, because the software is also included in a number of Symantec product bundles, they say it´s difficult to know the exact total number of users.
Symantec first became aware that the source code had been hacked earlier this year but initially believed that the six-year-old code was outdated and thus could not be used for malicious ends.
A further analysis of the stolen code, however, revealed that it contained the “blueprints” for a variety of products currently on the market, including Norton Antivirus Corporate Edition, Norton Internet Security, Norton SystemWorks (Norton Utilities and Norton GoBack) and pcAnywhere.
The company insists that of these products only the pcAnywhere software is more vulnerable to security breaches.
“The code that has been exposed is so old that current out-of-the-box security settings will suffice against any possible threats that might materialize as a result of this incident,” the website assured its customers.
On the Net: