Several years after the theft of source code for several of its security products, Symantec has recommended that users of pcAnywhere, which allows users to remotely connect to another computer, disable the software until further notice. In a security white paper (PDF), the company said it believes a 2006 security breach exposed source code for several programs, including the corporate version of its popular Norton Antivirus software. However, only pcAnywhere is considered at risk of someone finding and exploiting vulnerabilities in the software. Symantec says that unless pcAnywhere use is absolutely vital, customers should block the ports that accept pcAnywhere connections and avoid using the software until "until Symantec releases a final set of software updates that resolve currently known vulnerability risks."
This information isn't completely new — early this month, Symantec admitted that code for some older versions of its products had been stolen. At that time, however, the company said that since the products had been updated several times since, there was "no indication that the code disclosure impacts the functionality or security of Symantec's solutions." Then, last week, hackers who associate themselves with Anonymous began threatening to release source code for a number of Symantec products. Customers using most products should still be fine, but it looks like the source code hack has made Symantec more vulnerable than it previously believed.
There are 27 Comments. Add yours.
Ah, security through obscurity…until it’s not.
Posted on Jan 25, 2012 | 1:26 PM EST reply Recommend (4) Flag actions
Textbook example. I will be sharing this with those who argue for such nonsense.
Posted on Jan 25, 2012 | 3:39 PM EST reply Recommend (2) Flag actions
Couldn’t have picked a more relevant image. TF2 <3
Posted on Jan 25, 2012 | 1:27 PM EST reply Recommend (9) Flag actions
Confession: I went through the “Meet the Scout” video first because I thought I remembered a good Top Secret Intelligence Briefcase shot. Clearly my memory sucks.
Posted on Jan 25, 2012 | 1:52 PM EST reply Recommend (6) Flag actions
Screw 40 line sprints, The Verge should have a TF2 game night.
Posted on Jan 25, 2012 | 6:35 PM EST reply Recommend (5) Flag actions
Agree with this guy…MEDIC!
Posted on Jan 25, 2012 | 8:01 PM EST reply Recommend Flag actions
Sounds like they’re worried that with access to the source code hackers will be able to find and potentially exploit a back-door Symantec engineered into the product.
Posted on Jan 25, 2012 | 1:27 PM EST reply Recommend (1) Flag actions
As a Sys-Admin, (pick expletive of your choice)Symantec and by all that is holy move to a product that works.
Posted on Jan 25, 2012 | 1:29 PM EST reply Recommend (2) Flag actions
pcAnywhere is still a product?
Posted on Jan 25, 2012 | 1:31 PM EST via mobile reply Recommend (1) Flag actions
Ok so you have source code – can’t be very small. So someone is going to read it all and figure out a vulnerability that way? Crazy.
Posted on Jan 25, 2012 | 1:40 PM EST reply Recommend Flag actions
You don’t have to read all the source code. Just the bits related to communication and security. It’s probably less than you think.
Posted on Jan 25, 2012 | 1:55 PM EST reply Recommend (2) Flag actions
In related news, make sure all your computers that are run pcAnywhere are Y2k Compliant!
Posted on Jan 25, 2012 | 1:49 PM EST reply Recommend (2) Flag actions
Seeing Meet The Spy always makes me wish a huge animation studio would make a TF2 cartoon using all the Source tools and all. :[
Posted on Jan 25, 2012 | 1:53 PM EST reply Recommend Flag actions
Yeah, how awesome would it be if Valve made an animated TF2 movie? Or a sitcom for that matter – all the characters’ personalities are well-defined for one.
Posted on Jan 25, 2012 | 3:10 PM EST reply Recommend Flag actions
YES
Also, why don’t they actually sell the hats? Like real hats…
I would totally buy them.
Posted on Jan 25, 2012 | 6:23 PM EST reply Recommend Flag actions
Symantec clearly has no idea what source code was stolen and what was not. Also, informing the public years after the breach doesn’t exactly install a lot of trust in a security company.
Posted on Jan 25, 2012 | 2:21 PM EST reply Recommend (6) Flag actions
the rise and fall of Symantec
similar to that of a roller coaster in a constant loop
Posted on Jan 25, 2012 | 2:28 PM EST reply Recommend Flag actions
Whoops I accidentally assumed that Valve’s Source Engine code was leaked, based on a quick glance at “Source Code” & the “Spy” picture
Posted on Jan 25, 2012 | 2:47 PM EST reply Recommend Flag actions
It leaked back in 2004 though
Posted on Jan 25, 2012 | 4:16 PM EST reply Recommend Flag actions
Fortunately, most people discovered years ago that installing Symantec products adds more problems than it eliminates.
Posted on Jan 25, 2012 | 3:18 PM EST reply Recommend (1) Flag actions
Security company’s software is not secure? Well, crap…
Posted on Jan 25, 2012 | 3:59 PM EST reply Recommend Flag actions
Symantec is the Bain of my existence. Begone, ye filth!
Posted on Jan 25, 2012 | 4:06 PM EST reply Recommend (1) Flag actions
THAT WOULD BE YOUR MOTHER!
Posted on Jan 25, 2012 | 4:22 PM EST reply Recommend (1) Flag actions
Is PC Anywhere just a VNC client that you’re expected to PAY ACTUAL MONEY for???
Posted on Jan 25, 2012 | 7:35 PM EST reply Recommend Flag actions
Ah well, Glad I have Microsoft Security Essentials. Better security, it integrates perfectly with Windows, and…it is Free!
Posted on Jan 26, 2012 | 4:56 AM EST reply Recommend Flag actions
Now-a-days that product has become irrelevant. Unless of course for maybe major corps. We stopped using PCA a long time ago.
Posted on Jan 26, 2012 | 11:56 AM EST reply Recommend Flag actions
Something to say? Choose one of these options to log in.