Symantec to Customers: Only a Fool Would Use PCAnywhere Now
Symantec released a whitepaper that quickly glosses over that they were pwn3d back in 2006 and lost the source code to their flagship products. Now they are recommending that the software be turned off unless you really, really can’t do without it, but if you get h4x0red don’t blame them.
The whitepaper says:
Upon investigation of the claims made by Anonymous regarding source code disclosure, Symantec believes that the disclosure was the result of a theft of source code that occurred in 2006. We believe that source code for the 2006-era versions of the following products was exposed: Norton Antivirus Corporate Edition; Norton Internet Security; Norton SystemWorks (Norton Utilities and Norton GoBack); and pcAnywhere.
With this incident pcAnywhere customers have increased risk. Malicious users with access to the source code have an
increased ability to identify vulnerabilities and build new exploits. Additionally, customers that are not following general security best practices are susceptible to man-in-the-middle attacks which can reveal authentication and session information. General security best practices include endpoint, network, remote access, and physical security, as well as configuring pcAnywhere in a way that minimizes potential risks.At this time, Symantec recommends disabling the product until Symantec releases a final set of software updates that resolve currently known vulnerability risks. For customers that require pcAnywhere for business critical purposes, it is recommended that customers understand the current risks, ensure pcAnywhere 12.5 is installed, apply all relevant patches as they are released, and follow the general security best practices discussed herein.
I don’t know how much marketshare PCAnywhere maintains nowadays- most Windows desktops and servers ship with a free remote desktop client, and most customers I encounter today use either citrix or desktop sharing services like WebEx. But this whole episode is still an embarrassment to big yellow.
Irresponsible does not even begin to cover this. Greedy corporate bastards!
Welcome back Poppy! I know you lurk and never left! ๐
6 years to close the barn door after the horses ran away is a bit of lag time, right?