IE 11 is not supported. For an optimal experience visit our site on another browser.

Symantec tells customers to disable pcAnywhere

Symantec took the rare step of advising customers to stop using one of its products, saying its pcAnywhere software for accessing remote PCs is at increased risk of getting hacked after blueprints of that software were stolen.
/ Source: Reuters

Symantec took the rare step of advising customers to stop using one of its products, saying its pcAnywhere software for accessing remote PCs is at increased risk of getting hacked after blueprints of that software were stolen.

The announcement is the company's most direct acknowledgement to date that a 2006 theft of its source code put customers at risk of attack.

Symantec said it was only asking customers to temporarily stop using the product, until it releases an update to the software that will mitigate the risk of an attack.

It acknowledged that some customers would need to continue using the software for "business critical purposes," saying they should make sure they were using the most recent version of the product and "understand the current risks," which include the possibility that hackers could steal data or credentials.

Symantec shares closed up 1.2 percent, in line with a gain in the technology-laden Nasdaq index. The shares gained a little more in afterhours trade as the company reported a higher quarterly profit in line with Wall Street estimates.

Analysts said that while the pcAnywhere matter was embarrassing for the world's biggest software maker, it was not clear it would have any immediate impact on sales because of long relationships with customers.

"In terms of losing deals. I still don't see it being much of an issue," said Phil Hochmuth, a security analyst with technology research firm IDC.

It is highly unusual for a software maker to advise customers to disable a product completely while engineers develop an update to fix bugs. Companies typically recommend mitigating steps that will reduce the risk of an attack.

"That's crazy. That's pretty much unheard of to just say 'Stop using it.' Especially a vendor as large as Symantec," said H.D. Moore, chief architect of Metasploit, a platform that security experts use to test whether computer systems are vulnerable to attack.

PcAnywhere is also distributed with some titles in Symantec's Altiris line of software for managing corporate PCs, Symantec said in a white paper and note to customers released on its website overnight where it disclosed the warning.

Company spokesman Cris Paden said that Symantec has fewer than 50,000 customers using the stand-alone version of pcAnywhere, which was available for sale on its website for $100 and $200, depending on the version, as of early Wednesday afternoon.

The company last week warned customers of the 2006 theft of the source code, or blueprints, to pcAnywhere and several other titles: Norton Antivirus Corporate Edition, Norton Internet Security, Norton Utilities and Norton GoBack.

It made the announcement after a hacker who goes by the name YamaTough released the source code to its Norton Utilities PC software and had threatened to publish its widely used anti-virus programs. Authorities have yet to apprehend that hacker.

At the time, Paden said that the theft of the code posed no threat as long as customers were using the most recent versions of Symantec's software, with one exception: users of pcAnywhere might face "a slightly increased security risk."

In the white paper published early on Wednesday morning, the company indicated the situation was more serious.

"At this time, Symantec recommends disabling the product until Symantec releases a final set of software updates that resolve currently known vulnerability risks," it said in the white paper.

The company also reiterated its previous guidance that users of its other software titles were not at heightened risk because of the breach in 2006.

"The code that has been exposed is so old that current out-of-the-box security settings will suffice against any possible threats that might materialize as a result of this incident," it said on its website.

Originally missed theft
Paden said the company believes the source code was stolen in a breach that was discovered in 2006. The company investigated the matter at the time, but determined that no data had been stolen, he said.

The company only recently came to believe that the investigators came to the wrong conclusion after it reopened its investigation into the matter when YamaTough, who Symantec believes is linked to the loosely knit hacking group Anonymous, started making claims about stealing Symantec's code, Paden told Reuters.

He said that the investigation continues and that the company has not ruled out the possibility that it was an inside job.

Computer security expert Jeff Moss said that hackers may have stolen the source code with the intention of launching attacks on Symantec's corporate customers.

Accessing the blueprints of its software could allow a hacker to find bugs in the program and potentially figure out a way to take control of it, said Moss, a member of the U.S. Department of Homeland Security's Advisory Council.

"That would be game over," said Moss, who is chief security officer of the Internet Corporation for Assigned Names and Numbers, a group that helps manage the stable operation of the Internet.

Analysts said while the anti-virus software has changed substantially since 2006 and there is little risk to customers from the breach today, the disclosure that it missed the theft could hurt the company's reputation.

"Any time a security company suffers a security breach there is definitely a blow to the overall public perception," said IDC's Hochmuth.

Jeffrey Carr, CEO of Taia Global, a firm that helps businesses secure data from hackers, said he thinks that more details may emerge from Symantec's ongoing investigation into the matter that show customers are still at risk.

"My opinion is they still don't know the extent of the problem," he said.

Additional reporting by Joseph Menn in San Francisco.