Symantec admits to pcAnywhere threat from code leak

The online theft of source code that happened several years ago from the PC security software company Symantec has now caused the company to admit that users of one of its products, the remote PC software pcAnywhere, are now at "increased risk" of having information stolen from them as a result of the code theft. The company made the statement late on Tuesday on its web site.

The issue started when a hacker group claimed to have leaked source code from Symantec earlier this month. The company said that the source code was created several years ago. At first the company said it was stolen from a third party server but later admitted that the source code was taken from Symantec's own servers back in 2006. It's still unknown why it took so long for the stolen source code to resurface.

Earlier, Symantec said that owners of its current software products were not at risk with this source code leak, with the exception that users of the pcAnywhere product were only slightly at risk. Now Symantec claims:

Our current analysis shows that all pcAnywhere 12.0, 12.1 and 12.5 customers are at increased risk, as well as customers using prior versions of the product. pcAnywhere is also bundled with numerous Symantec products.

The company added:

At this time, Symantec recommends disabling the product until Symantec releases a final set of software updates that resolve currently known vulnerability risks.

Report a problem with article
Previous Story

TechSpot: Graphics Card Overclocking, Is It Really Worth It?

Next Story

Nokia gains $250 million from Microsoft WP7 deal in Q4

14 Comments

Commenting is disabled on this article.

Just something to think about...

Source code to PCAnywhere is leaked, this creates a security threat, as people viewing the code that are 'smarter' than the developers could use the 'code' to construct hacks and see potential flaws in their security mechanisms that the developers didn't catch.

Yet, OSS advocates try to get people to believe that the ability to see the source code is safer, because more people can review the code to ensure there are no ways to exploit the software.

However, with OSS, all it takes is one brilliant mind that is smarter than 99.99% of the population that is 'reviewing' the code to sift through the source code and find ways to exploit the saftware and create hacks because they are smarter than the software developers and all the people that had time to review it.

This is why OSS has flaws in security, and when a closed source Application gets viewed, it becomes far less secure. The only difference is the closed source software vendor 'gets' that people viewing the code easily makes it far easier to exploit.

OpenBSD, Linux, and Darwin/OSX are still rather simple to break into because they are or once were open source, and all ya need is a cybergeek with an IQ of 180 to go over the code to obtain a new exploit to gain access to a system.

Remember this is how Anonymous and others punch their exploits, is they bot Linux and OpenBSD servers to do brute attacks against non-open source code points.

thenetavenger said,

...all ya need is a cybergeek with an IQ of 180 to go over the code to obtain a new exploit to gain access to a system.
Remember this is how Anonymous and others punch their exploits, is they bot Linux and OpenBSD servers to do brute attacks against non-open source code points.

Most of Anonymous' 'hacks' have been DDOSs from willing clients and SQL Injection. Neither of which requires an IQ of 180 or relates in any way to OSS.

Let's be frank, pcAnywhere *IS* the leak.. program should have been elminated MANY years ago.. it has no business still active.

The company I work for still uses it, and I wish to got we didn't. It has a nice feature set but hasn't been updated in eons and is in BAD need of a refresh. I use Dameware on the corporate side...anyone else use something that is pretty good?

Wow. For a security firm like this you would think they would have erred on the side of safety and security and plan for an update regardless rather than claim everything was O.K. It doesn't make them look very good.

Nobody should still be using pcAnywhere anyway, it is ancient and I don't think that it has ever really been secure.

Simon- said,
Nobody should still be using pcAnywhere anyway, it is ancient and I don't think that it has ever really been secure.

I laugh when I hear that people use paid antivirus programs.

De.Bug said,

I laugh when I hear that people use paid antivirus programs.

I did too.. however at least when you PAY you can demand (and expect) some level of support. FREE programs there is no guarantee.. so people FEEL safer (even though we know it's false security). Besides which people that pay (which I am one) we contribute and have influence OVER how AV programs should work.

Yes there are free programs out there, but they don't work as well as PAID apps. you may get lucky and not have a problem with free, but for the most part that's not the case.

De.Bug said,

I laugh when I hear that people use paid antivirus programs.

I did too.. however at least when you PAY you can demand (and expect) some level of support. FREE programs there is no guarantee.. so people FEEL safer (even though we know it's false security). Besides which people that pay (which I am one) we contribute and have influence OVER how AV programs should work.

Yes there are free programs out there, but they don't work as well as PAID apps. you may get lucky and not have a problem with free, but for the most part that's not the case.

rijp said,
I did too.. however at least when you PAY you can demand (and expect) some level of support. FREE programs there is no guarantee.. so people FEEL safer (even though we know it's false security). Besides which people that pay (which I am one) we contribute and have influence OVER how AV programs should work.

Yes there are free programs out there, but they don't work as well as PAID apps. you may get lucky and not have a problem with free, but for the most part that's not the case.


Almost all free AVs have the same detection engin as their paid counterparts (Avast, AntiVir, AVG, MSE, ...)

rijp said,

I did too.. however at least when you PAY you can demand (and expect) some level of support. FREE programs there is no guarantee.. so people FEEL safer (even though we know it's false security). Besides which people that pay (which I am one) we contribute and have influence OVER how AV programs should work.

Yes there are free programs out there, but they don't work as well as PAID apps. you may get lucky and not have a problem with free, but for the most part that's not the case.

1. Participate in the Microsoft (MSE) beta...
2. Send feedback to Microsoft

https://support.microsoftsecurityessentials.com

•Free
•Uses Inherent OS API Hooks in process chain
---This means it is fast, doesn't screw with other software, and doesn't 'inject' itself into system services, instead the OS commands it. Virtually all other security products inject themselves in areas that are far more complicated than the designers understand, like embedding the the FS stack or Networking stack... (And NTFS is complicated enough to fill a few books, yet security companies treat it like a simple FS topology as you would find in Linux.)


PS PCAnywhere is remote control software, which again there is no reason to be running it.

Windows has inherent RDP and with Live Essentials, you can also use the fallback remote technology for free. (Going back to LiveMeeting in 1998, there hasn't been a need for a third party Remote software for Windows, especially to pay for one for the average home user.)