Monday, November 20, 2017
Home / Programming / Users should disable pcAnywhere

Users should disable pcAnywhere

Symantec accepts that the hacker group Anonymous stole source code from the 2006 versions of many Norton security products and the pcAnywhere remote access tool.

Although Symantec alleges the thievery really occurred in 2006, the issue didn’t come to hand until this month once hackers affiliated with Anonymous enounced they owned the source code and would release it publically. Users of the Norton products at issue are not at any amplified danger by attack because of the age of the source code and security measures and improvements have been made in the years since the breach, but the seller admitted on Tuesday night that “clients of Symantec’s pcAnywhere have expanded risk as a effect of this incident.”

Symantec pushed a patch fixing three vulnerabilities in pcAnywhere version 12.5 (the current version) on Monday, and alleged it will carry on coming out with patches “until a new version of pcAnywhere that addresses all currently known vulnerabilities is released.”

Symantec guided customers to a white paper that advocates disabling pcAnywhere, unless it’s required for business-critical use, because malevolent users with access to the source code could discover vulnerabilities and establish fresh exploits. “At this time, Symantec advocates disabling the product until Symantec releases a concluding set of package updates that dissolve presently acknowledged vulnerability risks,” the company said. “For customers that require pcAnywhere for business critical purposes, it is recommended that customers understand the current risks, assure pcAnywhere 12.5 is installed, implement all crucial patches as they’re released, and abide by the general security best practices discussed herein.”

As for Norton, Symantec alleged the source code stolen was from the 2006 versions of Norton Antivirus Corporate Edition, Norton Internet Security, and Norton SystemWorks. Before this month, Symantec articulated no products were at jeopardy, but altered its message regarding pcAnywhere after further investigating.

About FastFlux

Owner of ZeroSecurity, interested in programming, malware analysis and penetration testing. If you would like to write for the ZeroSecurity team, please use the contact form above.

Check Also

Megaupload plan to return after 5 years

The huge file-sharing website, Megaupload is scheduled to relaunch, five years after being raided and …