Wednesday, January 25, 2012

Disable PCAnywhere from Symantec / Norton

If you have Symantec pcAnywhere installed on any of your workstations or clients, Symantec would like you to disable (or at least patch) it immediately to protect your system from attack.

They are supposed to contacting all known registered customers about the issue, but I know that many people might not have updated their contact info with Symantec in the last few years -- and may not get the notice.

What happened?

Short answer, the source code for part of this product was stolen by hackers and may be used to reverse engineer an active exploit into any systems running pcAnywhere.

From: Symantec tells customers to disable PCAnywhere
PCAnywhere 12.0, 12.1, and 12.5 customers are at increased risk, as well as customers with prior, unsupported versions of the product, according to Symantec.

More info:
Symantec: Anonymous stole source code, users should disable pcAnywhere

Symantec Web Site: Claims by Anonymous about Symantec Source Code

Our investigation continues to indicate that the theft is limited to only the code for the 2006 versions of Norton Antivirus Corporate Edition; Norton Internet Security; Norton SystemWorks (Norton Utilities and Norton GoBack); and pcAnywhere.
Based on our analysis, the Norton Antivirus Corporate Edition code in question represents a small percentage of the pre-release source for the Symantec AntiVirus 10.2 product, accounting for less than 5% of the product.

The Symantec Endpoint Protection 11 product – which was initially released in the fall of 2007 – was based upon a separate code branch that we do not believe was exposed. This code branch contains multiple new protection technologies including Heuristic Protection, Intrusion Prevention Security, Firewall, Application Control, Device Control, Tamper Protection, redesigned core engines, as well as our Symantec Endpoint Protection Manager (SEPM). Customers on Symantec Endpoint Protection 11.x are at no increased security risk as a result of the aforementioned code theft.


Our current analysis shows that all pcAnywhere 12.0, 12.1 and 12.5 customers are at increased risk, as well as customers using prior versions of the product. pcAnywhere is also bundled with numerous Symantec products.

Disable pcAnywhere

Safest and Easiest Method: Uninstall the product, be sure to save your product keys for later re-installation once the program has been patched.

If you have to have it regardless: Be certain you are on version 12.5 and use LiveUpdate to get the most recent patches as of today.

Expert Level: Disable the service from starting automatically with your system and turn it off for now until patched.

Detailed and specific information is available for administrators on Symantec's blog.
Important Information on pcAnywhere


More patches for V12.x are forthcoming from Symantec. My personal advice is to not use pcAnywhere until those patches are delivered. I'll keep this post updated as they roll out.

Future customers considering pcAnywhere. There are competitive alternatives if you need this functionality now, or wait for version 13.

No comments:

Post a Comment

Comments are welcome but moderated to prevent spam links. I usually check them at least once a day in the evenings - so please be patient with me if your comment does not appear quickly.

Thank you.