Symantec tells customers to disable pcAnywhere software

Reuters News
|
Posted: Jan 25, 2012 12:38 PM
Symantec tells customers to disable pcAnywhere software

By Jim Finkle

(Reuters) - Symantec Corp advised customers to stop using its pcAnywhere software for accessing remote PCs, saying they are at increased risk of getting hacked because the blueprints to that software have been stolen.

The announcement is the company's most direct acknowledgement to date that a 2006 theft of its source code put customers at risk of attack.

PcAnywhere is a software program that is also bundled with some titles in Symantec's Altiris line of software for managing corporate PCs, Symantec said in a white paper and note to customers released on its website overnight.

The company last week warned customers of the 2006 theft of the source code, or blueprints, to pcAnywhere and several other titles: Norton Antivirus Corporate Edition, Norton Internet Security, Norton Utilities and Norton GoBack.

It made the announcement after a hacker who goes by the name YamaTough released the source code to its Norton Utilities PC software and had threatened to publish its widely used anti-virus programs. Authorities have yet to apprehend that hacker.

At the time, company spokesman Cris Paden said that customers of the products faced no threat if they were using the most recent versions of those titles, with one exception: users of pcAnywhere might face "a slightly increased security risk" as a result of the exposure, he said.

In a white paper published early on Wednesday morning, the company indicated the situation was more serious.

"At this time, Symantec recommends disabling the product until Symantec releases a final set of software updates that resolve currently known vulnerability risks," it said in the white paper. (http://bit.ly/wPzX7v).

The company also reiterated its previous guidance that users of its other software titles are not at heightened risk because of the breach in 2006.

"The code that has been exposed is so old that current out-of-the-box security settings will suffice against any possible threats that might materialize as a result of this incident," it said on its website. (http://bit.ly/wqtxTI)

(Reporting By Jim Finkle in Boston, editing by Matthew Lewis)