Symantec: Turn Off pcAnywhere

Friday, January 27, 2012 @ 02:01 PM gHale


Symantec is now advising users to take their copies of pcAnywhere offline as the company continues to struggle with a major data breach.

The company issued a whitepaper addressing new vulnerabilities in its remote access tool now out in the open after attackers gained access to the application’s source code.

RELATED STORIES
Symantec Hit with Another Flaw
Symantec Breach: Vulnerability Victims
Symantec Source Code Stolen in ‘06
Motivated Hacker Always Gets In
Steel Giant Hacked; Info Leaked

The 2006 hack came to light by an Indian hacking team seeking to publicly distribute the code.

Symantec has now determined that a major update is necessary to protect users from any flaws revealed in the compromised source code.

The company is advising users of pcAnywhere 12.5 to disable the remote management tool until an update is available.

“At this time, Symantec recommends disabling the product until Symantec releases a final set of software updates that resolve currently known vulnerability risks,” the company said in the whitepaper.

“For customers that require pcAnywhere for business critical purposes, it is recommended that customers understand the current risks, ensure pcAnywhere 12.5 is installed, apply all relevant patches as they are released, and follow the general security best practices discussed herein.”

If users do not take their copies of the tool offline, the company warned that attackers could possibly compromise systems and perform ‘man in the middle’ attacks which could result in the theft of user credentials and other network traffic.

The company has provided further analysis of the issue and best practices for securing pcAnywhere in the whitepaper.



Leave a Reply

You must be logged in to post a comment.