Symantec recommends disabling pcAnywhere after source code leak

By on January 26, 2012, 4:30 PM

In a PDF outlining the impact of its proprietary source code being stolen, Symantec recommends disabling pcAnywhere until the next update is issued. This warning includes users who are running pcAnywhere 12.0, 12.1 and 12.5, which is the latest version. Aside from being a stand-alone product, the software also comes bundled with Altiris so companies may be particularly at risk.

pcAnywhere, a software designed to give users access to remote computers, is a particularly sensitive piece of software to have fully exposed. Developers often rely on "security through obscurity", but releasing a commercial product's proprietary source code into the wild defeats the effectiveness of this strategy.

Symantec has given mixed statements regarding the incident, but the company most recently told Reuters that the leaked source code was stolen during a prior security breach of Symantec's own servers in 2006. This is in contrast to a claim by hackers earlier this month that they had managed to pilfer the company's source code during a supposed intrusion of India's military network.

If what Symantec says is true, this raises the disturbing possibility that pcAnywhere has been quietly compromised for nearly six years. The 2006 security breach was thought to have been performed by members of Anonymous.

Subsequent to claims of infiltrating India's military, supposed internal intelligence memos were leaked -- documents which implied the Indian government was engaging in espionage against the U.S. and China. India stated the documents were fabricated, but that did not stop the U.S. from launching an investigation into the matter.

The investigatory probe has since suggested Chinese hackers were responsible for the attacks, not Indian hackers. The real target of the attacks was the National Foreign Trade Council, a U.S.-based, non-governmental organization that supports free trade and commerce.




User Comments: 9

Got something to say? Post a comment
Guest said:

How the heck can anonymous be blamed for the 2006 leak if they pretty much didn't exist back then?

jafo818 said:

Anonymous may not have existed, but their members aren't newborns. Use your brain.

TJGeezer said:

Dunno if this is a stupid question but... with encryption, any system not out there for public attack is inherently insecure. Since it hasn't had the opportunity to withstand or fail under open attack, so weaknesses can be dealt with, you have to assume it provides only false security, which is worse than knowing you have none.

Wouldn't a private pipe to a remote machine be subject to the same principles? That is, if source code isn't out there being tested openly, and its developers learning from failed or successful intrusion attempts, wouldn't you have to assume it can only supply a false sense of security for your system?

Guest said:

Symantec. Slowing computers since 1982 ®

Lionvibez said:

Guest said:

Symantec. Slowing computers since 1982 ®

LMAO that is golden bro!

Guest said:

I bet it was an inside job. Symantec hired anons without a clue.

tengeta tengeta said:

yeah, like someone who uses symantec garbage on their computer is a person who keeps up with tech news.

joeljoels said:

Symantec. Slowing computers since 1982 ®

Looool, that's a good one dude. ))Maybe they should have recommended uninstalling that pcanywhere junk, everyone would have been waay better without it.

I don't think either though that anon had anything with the theft of pcanywhere source code, it was stolen way back in 2006 and I suppose anon didn't exist back then.

Speaking of Pcanywhere, I keep hearing about some audials anywhere program that's supposed to let you access your files anywhere and I was wondering if it's in any way related to pcanywhere or something like that?

Not sure if it's some remote access program; the news seems kinda interesting but I just don't wanna risk it if it's got something to do with Pcanywhere.

You know what they say: better safe than sorry.

joeljoels said:

How's it going guys? Just wanted to say that I found out that pcanywhere 's got nothing to do with that audials anwyhere software I mentioned.

It's a totally different thing and it's definitely not some remote access program, from what I've read, but a personal media cloud.

If anyone else has some use for this sorta cloud, I read it'll also come with some invitation system that could be used to invite your friends to take a look at, stream and copy files from your media collection straight to their pcs.

Idk why but reminds me of private trackers, though might be wrong on that.

Anyhow, it might be a good alternative to p2p filesharing public sites...

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.