Symantec tells customers to disable pcAnywhere software

Wed Jan 25, 2012 3:30pm EST

Symantec's pcAnywhere software in an image courtesy of the company. REUTERS/

Symantec's pcAnywhere software in an image courtesy of the company.

Credit: Reuters/

Related Topics

(Reuters) - Symantec Corp took the rare step of advising customers to stop using one of its products, saying its pcAnywhere software for accessing remote PCs is at increased risk of getting hacked after blueprints of that software were stolen.

The announcement is the company's most direct acknowledgement to date that a 2006 theft of its source code put customers at risk of attack.

Symantec said it was only asking customers to temporarily stop using the product, until it releases an update to the software that will mitigate the risk of an attack.

It acknowledged that some customers would need to continue using the software for "business critical purposes," saying they should make sure they were using the most recent version of the product and "understand the current risks," which include the possibility that hackers could steal data or credentials.

Still, it is highly unusual for a software maker to advise customers to disable a product completely while engineers develop an update to fix bugs. Companies typically recommend mitigating factors that will reduce the risk of an attack.

"That's crazy. That's pretty much unheard of to just say 'Stop using it.' Especially a vendor as large as Symantec," said H.D. Moore, chief architect of Metasploit, a platform that security experts use to test whether computer systems are vulnerable to attack.

PcAnywhere is a software program that is also bundled with some titles in Symantec's Altiris line of software for managing corporate PCs, Symantec said in a white paper and note to customers released on its website overnight where it disclosed the warning.

Company spokesman Cris Paden said that Symantec has fewer than 50,000 customers using the stand-alone version of pcAnywhere, which was available for sale on its website for $100 and $200 as of early Wednesday afternoon.

The company last week warned customers of the 2006 theft of the source code, or blueprints, to pcAnywhere and several other titles: Norton Antivirus Corporate Edition, Norton Internet Security, Norton Utilities and Norton GoBack.

It made the announcement after a hacker who goes by the name YamaTough released the source code to its Norton Utilities PC software and had threatened to publish its widely used anti-virus programs. Authorities have yet to apprehend that hacker.

At the time, Paden said that the theft of the code posed no threat as long as customers were using the most recent versions of Symantec's software, with one exception: users of pcAnywhere might face "a slightly increased security risk."

In the white paper published early on Wednesday morning, the company indicated the situation was more serious.

"At this time, Symantec recommends disabling the product until Symantec releases a final set of software updates that resolve currently known vulnerability risks," it said in the white paper. (bit.ly/wPzX7v)

The company also reiterated its previous guidance that users of its other software titles were not at heightened risk because of the breach in 2006.

"The code that has been exposed is so old that current out-of-the-box security settings will suffice against any possible threats that might materialize as a result of this incident," it said on its website. (bit.ly/wqtxTI)

(Reporting By Jim Finkle in Boston, editing by Matthew Lewis)

FILED UNDER:
We welcome comments that advance the story through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can flag it to our editors by using the report abuse links. Views expressed in the comments do not represent those of Reuters. For more information on our comment policy, see http://blogs.reuters.com/fulldisclosure/2010/09/27/toward-a-more-thoughtful-conversation-on-stories/
Comments (2)
What a total bunch of incompetents. Symantec, supposedly a security company, apparently was unaware of the breech in their product(s) security. Six years after the fact they are issuing cautions. If they knew about it when it happened then why didn’t they act quickly. Six years of vulnerability, what a joke on us.

Jan 28, 2012 9:49pm EST  --  Report as abuse
BCarlock wrote:
It’s crazy that a company like Symantec would let something like this go for 5 years. Institutional memory or not, it should have been dealt with in 2006.

http://www.bnctechconsulting.com/index.php?id=29

Jan 31, 2012 10:56am EST  --  Report as abuse
This discussion is now closed. We welcome comments on our articles for a limited period after their publication.