Symantec tells clients to disable pcAnywhere software
Posted by Jared v.D. W 25 January, 2012
(Reuters) – Symantec Corp took the uncommon step of advising buyers to quit using a single of its goods, saying its pcAnywhere software for accessing remote PCs is at improved danger of finding hacked right after blueprints of that software program were stolen.
The announcement is the company's most direct acknowledgement to date that a 2006 theft of its source code put customers at risk of attack.
Symantec said it was only asking buyers to temporarily quit utilizing the item, till it releases an update to the software that will mitigate the threat of an attack.
It acknowledged that some clients would need to continue employing the computer software for "business critical purposes," saying they need to make positive they had been utilizing the most recent version of the product and "understand the existing risks," which incorporate the possibility that hackers could steal data or credentials.
Still, it is very unusual for a software program maker to advise customers to disable a product entirely although engineers create an update to fix bugs. Firms typically recommend mitigating variables that will lessen the threat of an attack.
"That's crazy. That's pretty much unheard of to just say 'Stop making use of it.' Especially a vendor as significant as Symantec," stated H.D. Moore, chief architect of Metasploit, a platform that security specialists use to test regardless of whether pc systems are vulnerable to attack.
PcAnywhere is a computer software program that is also bundled with some titles in Symantec's Altiris line of computer software for managing corporate PCs, Symantec said in a white paper and note to consumers released on its site overnight where it disclosed the warning.
Company spokesman Cris Paden stated that Symantec has fewer than 50,000 customers utilizing the stand-alone version of pcAnywhere, which was available for sale on its site for 贄 and 赨 as of early Wednesday afternoon.
The organization final week warned clients of the 2006 theft of the source code, or blueprints, to pcAnywhere and a number of other titles: Norton Antivirus Corporate Edition, Norton Internet Security, Norton Utilities and Norton GoBack.
It produced the announcement following a hacker who goes by the name YamaTough released the source code to its Norton Utilities Computer software and had threatened to publish its widely employed anti-virus programs. Authorities have but to apprehend that hacker.
At the time, Paden stated that the theft of the code posed no threat as long as consumers had been making use of the most latest versions of Symantec's software, with one particular exception: users of pcAnywhere may possibly face "a slightly increased security danger."
In the white paper published early on Wednesday morning, the firm indicated the circumstance was more serious.
"At this time, Symantec recommends disabling the item till Symantec releases a final set of software updates that resolve at the moment identified vulnerability dangers," it stated in the white paper. (http://bit.ly/wPzX7v)
The firm also reiterated its prior guidance that users of its other software titles were not at heightened threat simply because of the breach in 2006.
"The code that has been exposed is so old that current out-of-the-box security settings will suffice against any possible threats that may possibly materialize as a result of this incident," it mentioned on its site. (http://bit.ly/wqtxTI)
(Reporting By Jim Finkle in Boston, editing by Matthew Lewis)
