Symantec Urges Customers to Disable pcAnywhere

The breach of Symantec source code by an Indian hacking group a few weeks ago was all but brushed off by the security giant. Symantec went on the record saying that the leaked code is, "so old that current out-of-the-box security settings will suffice against any possible threats that might materialise as a result of this incident." 

However, in a posting on their website yesterday and an accompanying technical white paper, Symantec suggests that pcAnywhere customers are at a heightened risk and advises users to "disable the product until Symantec releases a final set of software updates that resolve currently known vulnerability risks." Customers could be at risk for "man in the middle" attacks where an unauthorized person accesses pcAnywhere transactions and intercepts data as it travels from its source to its destination. These attacks are more likely because the blueprints for Norton Antivirus Corporate Edition, Norton Internet Security, Norton SystemWorks (Norton Utilities and Norton GoBack) and pcAnywhere were accessed in the breach. The information contained in these blueprints makes it easier to identify and exploit software vulnerabilities. 

Symantec reps say that there are 50,000 people using the standalone version of pcAnywhere along with an unknown number of users who received the product bundled within other security packages.