Symantec to Users: Stop Using pcAnywhere

By Paul Riegler on 27 January 2012
  • Share

Symantec told its customers to immediately stop using its pcAnywhere software while it addresses a security breach and an undisclosed number of bugs.

The pcAnywhere program is a popular program that allows users to remotely access and use another computer, such as a home or office computer.

In a prepared and rather blunt statement, the company said: “At this time, Symantec recommends disabling the product until we release a final set of software updates that resolve currently known vulnerability risks.”

The move stemmed from a leak of the product’s source code in 2006 and the subsequent involvement of a group of hackers operating under the name “Anonymous” with the leaked code. A spokesman from Symantec confirmed that the breach occurred in 2006.

Last week, Symantec said the leak would only impact users of older versions of the software but amended its recommendation this week. The current version of pcAnywhere is 12.5.  Version 12 was introduced in 2006.

While the software code for several other Symantec products was also stolen, Symantec said that the pcAnywhere theft put users at the greatest risk.

“The encoding and encryption elements within pcAnywhere are vulnerable,” Symantec wrote in a report published earlier this week. “It is possible that successful man-in-the-middle attacks may occur depending on the configuration and use of the product. If a man-in-the-middle attack should occur, the malicious user could steal session data or credentials.”

Accura News