[spounnypneups]

Hacking fears: Symantec tells customers to disable software

Security firm Symantec took the rare step of advising customers to stop using one of its products, saying its pcAnywhere software for accessing remote PCs is at increased risk of getting hacked after blueprints of that software were stolen.

The announcement is the company's most direct acknowledgement to date that a 2006 theft of its source code put customers at risk of attack.

Symantec said it was only asking customers to temporarily stop using the product, until it releases an update to the software that will mitigate the risk of an attack.

It acknowledged that some customers would need to continue using the software for "business critical purposes", saying they should make sure they were using the most recent version of the product and "understand the current risks", which include the possibility that hackers could steal data or credentials.

Still, it is highly unusual for a software maker to advise customers to disable a product completely while engineers develop an update to fix bugs. Companies typically recommend mitigating factors that will reduce the risk of an attack.

"That's crazy. That's pretty much unheard of to just say 'Stop using it'. Especially a vendor as large as Symantec," said H.D. Moore, chief architect of Metasploit, a platform that security experts use to test whether computer systems are vulnerable to attack.

PcAnywhere is a software program that is also bundled with some titles in Symantec's Altiris line of software for managing corporate PCs, Symantec said in a white paper and note to customers released on its website overnight where it disclosed the warning.


Hacking fears: Symantec tells customers to disable software