Symantec: pcAnywhere Source Code Stolen; Customers Should Disable Software

By Jim Finkle

(Reuters) - Symantec Corp took the rare step of advising customers to stop using one of its products, saying its pcAnywhere software for accessing remote PCs is at increased risk of getting hacked after blueprints of that software were stolen.

The announcement is the company's most direct acknowledgement to date that a 2006 theft of its source code put customers at risk of attack.

Symantec said it was only asking customers to temporarily stop using the product, until it releases an update to the software that will mitigate the risk of an attack.

It acknowledged that some customers would need to continue using the software for "business critical purposes," saying they should make sure they were using the most recent version of the product and "understand the current risks," which include the possibility that hackers could steal data or credentials.

Still, it is highly unusual for a software maker to advise customers to disable a product completely while engineers develop an update to fix bugs. Companies typically recommend mitigating factors that will reduce the risk of an attack.

"That's crazy. That's pretty much unheard of to just say 'Stop using it.' Especially a vendor as large as Symantec," said H.D. Moore, chief architect of Metasploit, a platform that security experts use to test whether computer systems are vulnerable to attack.

PcAnywhere is a software program that is also bundled with some titles in Symantec's Altiris line of software for managing corporate PCs, Symantec said in a white paper and note to customers released on its website overnight where it disclosed the warning.

Company spokesman Cris Paden said that Symantec has fewer than 50,000 customers using the stand-alone version of pcAnywhere, which was available for sale on its website for $100 and $200 as of early Wednesday afternoon.

The company last week warned customers of the 2006 theft of the source code, or blueprints, to pcAnywhere and several other titles: Norton Antivirus Corporate Edition, Norton Internet Security, Norton Utilities and Norton GoBack.

It made the announcement after a hacker who goes by the name YamaTough released the source code to its Norton Utilities PC software and had threatened to publish its widely used anti-virus programs. Authorities have yet to apprehend that hacker.

At the time, Paden said that the theft of the code posed no threat as long as customers were using the most recent versions of Symantec's software, with one exception: users of pcAnywhere might face "a slightly increased security risk."

In the white paper published early on Wednesday morning, the company indicated the situation was more serious.

"At this time, Symantec recommends disabling the product until Symantec releases a final set of software updates that resolve currently known vulnerability risks," it said in the white paper. (http://bit.ly/wPzX7v)

The company also reiterated its previous guidance that users of its other software titles were not at heightened risk because of the breach in 2006.

"The code that has been exposed is so old that current out-of-the-box security settings will suffice against any possible threats that might materialize as a result of this incident," it said on its website. (http://bit.ly/wqtxTI)

(Reporting By Jim Finkle in Boston, editing by Matthew Lewis)

Flickr photo by sfxeric.

Also on HuffPost: