Skip to main content

    Symantec warns users to disable pcAnywhere in wake of source code theft

    Symantec warns users to disable pcAnywhere in wake of source code theft


    Symantec has advised users to disable its remote-connection software pcAnywhere due to vulnerabilities that could be exposed by the theft of an older version's source code.

    Share this story

    Several years after the theft of source code for several of its security products, Symantec has recommended that users of pcAnywhere, which allows users to remotely connect to another computer, disable the software until further notice. In a security white paper (PDF), the company said it believes a 2006 security breach exposed source code for several programs, including the corporate version of its popular Norton Antivirus software. However, only pcAnywhere is considered at risk of someone finding and exploiting vulnerabilities in the software. Symantec says that unless pcAnywhere use is absolutely vital, customers should block the ports that accept pcAnywhere connections and avoid using the software until "until Symantec releases a final set of software updates that resolve currently known vulnerability risks."

    This information isn't completely new — early this month, Symantec admitted that code for some older versions of its products had been stolen. At that time, however, the company said that since the products had been updated several times since, there was "no indication that the code disclosure impacts the functionality or security of Symantec's solutions." Then, last week, hackers who associate themselves with Anonymous began threatening to release source code for a number of Symantec products. Customers using most products should still be fine, but it looks like the source code hack has made Symantec more vulnerable than it previously believed.