ITWire

Home Business IT Security Symantec says stop using pcAnywhere

Symantec says stop using pcAnywhere

Get all your tech news delivered to your mail box five days a week
iTWire UPDATE - it's FREE!


Following the 'liberation' of source code for the 2006 versions of many of its products, Symantec initially indicated that the latest versions were so different that there wasn't a problem.  Perhaps that wasn't true of pcAnywhere.
It would appear that an Indian hacker managed to access the source code for the 2006 version of much of Symantec's product suite.  Interestingly, it seems that the source of the breach was the Indian government.

This particular source probably isn't surprising as many software companies are expected to disclose their code to foreign governments in order to win business.  Oddly, there is a level of distrust that such companies may have installed 'backdoors' at the instigation various US-based "men in low hats."

The surprise is that the government repository was so easily accessed.

Be that as it may, it is reasonable to assume that security software evolves at a relatively high rate, given the rapid evolution of the threats it is intended to deal with.  And thus any similarity between the 2006 version and the current version would be cursory at best.

Except, it seems, when it comes to Symantec's remote-access software pcAnywhere.

Effective immediately, Symantec has advised all users of pcAnywhere to stop using the product until an updated version (which is clearly under urgent development) is available.


According to the Symantec announcement:

Malicious users with access to the source code have an increased ability to identify vulnerabilities and build new exploits. Additionally, customers that are not following general security best practices are susceptible to man-in-the-middle attacks which can reveal authentication and session information. General security best practices include endpoint, network, remote access, and physical security, as well as configuring pcAnywhere in a way that minimizes potential risks.

At this time, Symantec recommends disabling the product until Symantec releases a final set of software updates that resolve currently known vulnerability risks. For customers that require pcAnywhere for business critical purposes, it is recommended that customers understand the current risks, ensure pcAnywhere 12.5 is installed, apply all relevant patches as they are released, and follow the general security best practices discussed herein.

One might have hoped that a properly built package would have been immune to source inspection, but it seems not to be true; suggesting that there are connection 'secrets' or other useful information enshrined in there.

With that in mind, perhaps the Indian government was on to something after all.

ITWIRE SERIES - CIO SUMMIT GOLD COAST

For CIOs & Senior IT Management Summit on the Gold Coast!

This event has been personally vetted by the iTWire CEO who has attended four of these conferences in the past and is an event you cannot afford to miss!

We can guarantee that this conference is of great value. Network with fellow CIOs and IT Mgrs and hear Glenn Archer CIO, Australian Government Information Management Office (AGIMO), Matt Barrie, Award-winning Entrepreneur to provide insights on Navigating Your Entrepreneurial Initiatives in a Hyper-connected New World, Stephen Tame, CIO & Head of Group Information Technology, Jetstar, Tim Thurman, CIO, Australian Securities Exchange (ASX).

LIMITED PLACES REGISTER NOW

David Heath

joomla statistics

David Heath has over 25 years experience in the IT industry, specializing particularly in customer support, security and computer networking. Heath has worked previously as head of IT for The Television Shopping Network, as the network and desktop manager for Armstrong Jones (a major funds management organization) and has consulted into various Australian federal government agencies (including the Department of Immigration and the Australian Bureau of Criminal Intelligence). He has also served on various state, national and international committees for Novell Users International; he was also the organising chairman for the 1994 Novell Users' Conference in Brisbane. Heath is currently employed as an Instructional Designer, building technical training courses for industrial process control systems.

More in this category: « FireAMP provides smart malware protection 'Explosive growth' in malware predicted »
back to top


Services

Company

Community

Connect

http://bs.serving-sys.com/BurstingPipe/adServer.bs?cn=tf&c=19&mc=imp&pli=5460041&PluID=0&ord=[2000]&rtu=-1