Symantec tells users to stop using pcAnywhere amid security breach
It's not often when a developer tells you outright not to use its software, but that is exactly what Symantec is forced to do in light of the theft of source code. Last month, Hacktavist group Anonymous bragged that it had possession of code that powers several applications, including Norton Antivirus Corporate Edition, Norton Internet Security; Norton SystemWorks and pcAnywhere.
Symantec says the code theft originally occurred in 2006. While at first security experts believed the theft to only be a black eye for the company's reputation, it now appears that the incident is far more serious. Symantec recommends users of pcAnywhere stop using the software immediately until there is a solution to address any security concerns.
Why didn't Symantec disclose the breach immediately? The security software vendor claims "inconclusive" evidence that hackers had made away with anything valuable at that time. Only when Anonymous showed what it had were investigators able to confirm the hack.
"Malicious users with access to the source code have an increased ability to identify vulnerabilities and build new exploits", Symantec says. "Additionally, customers that are not following general security best practices are susceptible to man-in-the-middle attacks which can reveal authentication and session information".
Symantec did not say when it expects to release an update to the software.
The source of the flaw is unknown, however. It may be due to an oversight on Symantec's part. The company makes reference to encrypted keys in the report. If these are hardcoded in, hackers could easily find the key and use it to launch unauthorized remote sessions. At that point, anything on the user's computer that is not password protected is accessible.
Other software products affected by the code breach are not at risk because the underlying code is considerably different than the 2006 versions, apparently closing any attack vectors. In the case of pcAnywhere, there hasn't been as much change, leading Symantec to take the unusual step of telling customers not to use its product.
"It is recommended that customers understand the current risks, ensure pcAnywhere 12.5 is installed, apply all relevant patches as they are released, and follow the general security best practices discussed herein", Symantec says, referring to the report which can be accessed here.
Symantec's Norton suite of antivirus products have repeatedly been the target of criticism, ranging from accusations that the company's representatives misinform users their computers are infected and require remote assistance for an additional fee, to cooperation with the FBI in whitelisting Trojans aimed at tracking the online activities of suspected criminals.
There is disconnect between the company's statements and actions when it comes to pcAnywhere. While in the report Symantec explicitly says not to use the software, neither on its front page nor the software's own page does it state this as of Thursday afternoon.
The statement currently on Symantec's front page is its old position, where it had claimed there was no risk to users.