Symantec record: Two major hacks, two major delays admitting fault, risk to customers

'Stop using pcAnywhere' Symantec says, almost a month after unveiling 2006 source code theft

By  

Why does bad news always travel fast unless it's something you could actually guard against?

Symantec put out the word Tuesday night that end users – consumers, not just enterprise customers as it had said before – were at risk from hackers who stole source code for its pcAnywhere remote-access software.

Symantec advised all pcAnywhere users to shut the software down until Symantec could patch it.

It even put out a white paper explaining the risk, how it happened and why a vendor would take so drastic a step as recommending customers stop using a product that was hacked rather than just change passwords or use other security precautions.

Previously Symantec had said its more corporate products were the main ones affected – the 2006 versions of Norton Antivirus Corporate Edition, Norton Internet Security and Norton SystemWorks.

Later Symantec said the stolen code was so old the theft posed no risk to current customers.

Having the source code declared "old" should be real comfort to anyone still using the old versions. It should disturb those using more recent versions, too.

As with all modern commercial software, Symantec's recent apps share plenty of code, interfaces and other features that make the software more backward compatible with older versions for companies that don't upgrade everything all at once.

Those same features aimed at users, of course, also provide forward-compatibility for hackers using old source code to find back doors in new commercial apps.

Of course, Symantec also said that Symantec itself remained inviolate despite the theft.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question