In a security white paper Symantec published on Wednesday, the company recommends suspending use of their popular remote control product, PC Anywhere, until a complete set of update patches are released. The issue stems from hacker collective Anonymous’s claims of obtaining Symantec’s source code for the product back in 2006. Symantec advises that Norton Antivirus Corporate Edition, Norton Internet Security, and Norton SystemWorks (a product containing both Norton Utilities and GoBack) are also exposed.
Initially, the company claimed their source code wasn’t stolen through a breach in their networks, when it was first leaked out by Indian hacking group Dharmaraja (suggesting a third party might have been compromised instead). Symantec eventually backpedaled, admitting the code was stolen in a 2006 infiltration of their own systems. Symantec spokesperson, Cris Paden, claims the incident poses no threat to customers using the latest version of their security products, as they’re “protected against any type of cyber attack that might materialize as a result of the code.”
As Security Evangelist Martin McKeay of Akamai Technologies points out though, remote access products like PC Anywhere require direct exposure to the internet by their nature, which means they’ll continue to pose security risks from those wishing to compromise machines or obtain credit card information.
Ultimately, a purchase of anti-virus or other security software comes down to a matter of trust. Do you trust the anti-virus maker isn’t purposely releasing viruses into the wild that competitors’ products don’t catch effectively, ensuring their own product looks superior? Do you trust the quality of their code enough to feel confident it won’t interfere with your normal use of your computer? And do you trust a company who let hackers steal the source code to almost all of their major products in 2006, but didn’t make the public aware of the issue until 2012? Trust yourself enough to ask those questions.
I can’t help but wonder, how big a deal is it for a hackers group to have thesource code. What worries me more is that the hackers were able to get around Symantec’s network security in the first place (thus acquiring the code). Also, anti-virus makers releasing viruses (virii?) to make their own products look better is quite a stretch of the imagination as far as I’m concerned.