Symantec is urging businesses that use its pcAnywhere software to gauge their risk tolerance before deciding whether to disable, uninstall or deploy additional security controls to mitigate external threats to the remote access technology.
When using secure VPN tunnels, it is recommended that Client Management Suite and IT Management Suite customers modify policies relying on pcAnywhere Access Server.
In a revised pcAnywhere security guide (.pdf), the security giant outlines best practices that enterprises can take, from upgrading to the latest version of pcAnywhere, to blocking the default ports on corporate networks and turning off the roaming feature on endpoint machines.
“Symantec is not recommending any one specific action will provide a solution for an environment but rather applying a combination of pcAnywhere security best practices along with … general security best practices,” the company said in its revised technical document.
Symantec issued the latest updates to pcAnywhere last week following a recommendation to disable the software until known security vulnerabilities were addressed. Symantec fears a 2006 breach of its network exposed the pcAnywhere source code and could have given attackers the ability to conduct man-in-the-middle attacks and penetrate corporate networks. The source code surfaced earlier this month in an Internet forum by a hacking group in India along with the source code of outdated Norton Antivirus Corporate Edition, Norton Internet Security and SystemWorks. The company says the2006-era software poses no risk to current Norton customers.
Take action quickly, Symantec says
In its technical guide, Symantec is urging users to take action quickly on all devices that contain pcAnywhere. Disconnected users should disable the pcAnywhere service or connect their systems to the network to apply the required changes, Symantec said.
The company is still urging users of its pcAnywhere Access Server to stop using it and instead host remote sessions via secure VPN tunnels. “When using secure VPN tunnels, it is recommended that Client Management Suite and IT Management Suite customers modify policies relying on pcAnywhere Access Server,” Symantec said.
In addition to listing general best practices like using antivirus, firewalls , email and Web gateways and intrusion detection systems, Symantec is urging its Alteris customers to review pcAnywhere log reports within the Symantec Management Console. The company is also recommending administrators limit access to pcAnywhere configuration files to protect against an attacker gaining access to configuration settings.
The company also listed a number of “how to” documents to help administrators apply configuration changes, uninstall the software or disable it.
- How to use the pcAnywhere Automated Uninstall Procedures.
- How to disable pcAnywhere.
- How to install the pcAnywhere Hot Fix for 12.5.
- How to block pcAnywhere executables in Windows 2008 Domain Controller.
- How to block pcAnywhere executables in Windows 2003 Domain Controller.