Symantec Users Urged to Shut Down PCAnywhere

Security firm Symantec is urging all Windows users to disable "PCAnywhere" (a remote-control software program) on their systems immediately. The concern to disable the product dates back to 2006, when Symantec's PCAnywhere source code was stolen, but has never appeared in the open until now.

Symantec says users running old versions of PCAnywhere could have their systems easily hijacked. A security bulletin on their site says that even the latest edition of PCAnywhere (version 12.5) is "at an increased security threat," and have urged customers to disable the software and wait for a new, repaired edition when it becomes available. (Source: symantec.com)

"Our current analysis shows that all pcAnywhere 12.0, 12.1 and 12.5 customers are at increased risk, as well as customers using prior versions of the product," said Symantec. (Source: symantec.com)

While continuing to issue updates, the company warns that hackers could remain one step ahead of these temporary software repairs. Only totally fresh code in the new, repaired edition will invalidate the hacker's access.

For business users who absolutely need to use PCAnywhere on a daily basis, Symantec recommends immediately updating to the latest software (version 12.5) and installing every new patch as soon as it becomes available. Even so, users need to be extra vigilant when utilizing the program. (Source: symantec.com)

Code Exploit Could Provide An Open Door

PCAnywhere allows users to connect to other computers, remotely. This attracts hackers, since breaking into a PC operating the program PCAnywhere is likely to allow them access to many computers containing valuable or confidential data.

To date, the code stolen in 2006 has not been made public within the hacking community. However, Indian hackers linked to the online hacking/activist group Anonymous say they've now obtained copies of the code and are threatening to release it online.

The 2006 theft also involved code relating to other Symantec products, including Norton Internet Security. However, Symantec maintains this code is so outdated that it poses no threat to users. (Source: symantec.com)

Code Theft May Have Traveled Through India

Symantec hasn't commented on exactly when it first became aware the code was stolen, or when it realized there was a specific threat to current users of PCAnywhere.

One theory is that the company counted the Indian military among its customers, and for security reasons was therefore required to provide the source code, so the Indian government could be sure the software itself did not harbor any threats.

It appears the successful 2006 attack originally targeted Indian military computers, and that Symantec may not have known the PCAnywhere code was stolen until recent hacker postings. (Source: arstechnica.com)