Symantec Tells Customers to Pull the Plug on pcAnywhere Following Code Theft
The theft of code related to Symantec security products has compelled the vendor to warn customers, urging them to take various measures up to and including disabling the application pcAnywhere. New versions of the application will receive patches, but customers who can't upgrade may need to shut off the software to avoid the risk.
01/26/12 12:13 PM PT
Symantec is sounding the alarm for users of its pcAnywhere remote access software following threats from a hacker. In some cases, said the security software maker, they might want to turn off and disable the application entirely.
The hacker, who goes by the handle "YamaTough," might be a member of the hacker collective Anonymous.
The hacker claimed last week to have released pcAnywhere source code to the wild, where it could be exploited by malicious hackers.
"Customers of Symantec's pcAnywhere product may face a slightly increased security risk as a result of this exposure if they do not follow general best practices," Symantec spokesperson Brian Modena told TechNewsWorld.
YamaTough's claim sparked an investigation by Symantec, which says the code was stolen back in 2006.
The code for that year's versions of Norton Antivirus Corporate Edition, Norton Internet Security, Norton SystemWorks (consisting of Norton Utilities and Norton GoBack) and pcAnywhere were taken by YamaTough, Modena said.
Also in 2006, source code for two other Symantec security applications, Symantec End Point (SEP) 11 and Symantec AntiVirus (SAV) Corporate Edition, were stolen by a local branch of Anonymous calling itself "Lords of Dharmaraja." It was posted on the Web earlier this month.
It's not clear whether the two thefts are indeed related.
Since 2006, Symantec has implemented policies and procedures to prevent a repetition of the theft, Modena remarked.
Who's at Risk?
Symantec contends that, due to the age of the exposed code for SAV and SEP, customers shouldn't be in any increased danger of cyberattacks.
All they have to do is adhere to best practices, according to the company, because current out-of-the-box security settings will suffice to protect them. Those best practices include ensuring the latest patches have been implemented.
However, users of pcAnywhere 12.0, 12.1 and 12.5 or earlier are at increased risk of cyberattacks. So are users of various products in Symantec's Altiris family that are bundled with pcAnywhere. Further, a remote access component of pcAnywhere called the pcAnywhere Thin Host is also bundled with several Symantec backup and security products.
What Symantec's Doing
On Monday, Symantec released a patch that eliminates three known vulnerabilities in pcAnywhere 12.5 running on Windows.
It plans to release patches for pcAnywhere 12.0, 12.1 and 12.5 during the week of Jan. 23, and it will continue to issue patches until it releases a new version of pcAnywhere that addresses all currently known vulnerabilities.
Symantec has also put up a white paper for pcAnywhere users in which it recommends disabling the product until Symantec releases a final set of software updates.
What Users Need to Do
Customers using pcAnywhere should upgrade to pcAnywhere 12.5 and make sure all the updates available are installed, Symantec's Modena said. They should run the application on a secure and protected network. Lastly, customers should make sure that all of the machines that they're communicating with via pcAnywhere have endpoint protection.
If customers can't upgrade to version 12.5 and download the latest patches, they should reach out to Symantec and develop a remediation plan, Modena stated.
However, if customers can't follow any of these recommendations, "we advise [them] to disable the version of pcAnywhere that they're using," Modena remarked.
"In this case, the risk of a problem resulting from not using the tool is far lower than the risk of someone using the tool against you," Rob Enderle, principal analyst at the Enderle Group, told TechNewsWorld.
"Remote access tools are often used in cases where you need to login into a remote administration terminal, and there's a very real risk that, if some of these systems are exploited, the companies that use them could be terminally damaged," Enderle explained.
Life Without pcAnywhere
Enterprises using pcAnywhere should "have a plan B in place," said independent security consultant Randy Abrams said.
Turning off pcAnywhere "can effectively shut down a business," Abrams told TechNewsWorld. On the other hand, "users who log on from hotel business computers or other public computers put a business at far greater risk than some potential product vulnerabilities."