Symantec recommend disabling of PC Anywhere

26th January 2012

Symantec recommend disabling of PC Anywhere

Symantec have today advised customers to stop using, and disable PC Anywhere whilst serious security issues are patched.

The full article is available here

The issues seem to stem from the theft of some of Symantec’s source code by unknown hackers. As a result, it seems that attacks are available which bypass the inbuilt authentication controls within PC Anywhere and allow remote control of a device to unauthorized users.

This is the first time we’ve ever heard of a vendor recommending the disabling of its products whilst security issues are fixed, so this seems to indicate that this is a severe and serious risk. At the current time, Symantec are not estimating when fixed software will be available.

PC Anywhere is also bundled in several of Symantec’s other products including Altiris Client Management Suite, Altiris IT Management Suite 7.0 or later, and Altiris Deployment Solution with Remote 7.1. As a result, it should be disabled in those products too.

Barry Hesk