Symantec Tells Customers To Stop Using pcAnywhere

Orome1 writes "In a perhaps not wholly unexpected move, Symantec has advised the customers of its pcAnywhere remote control application to stop using it until patches for a slew of vulnerabilities are issued. If the attackers place a network sniffer on a customer's internal network and have access to the encryption details, the pcAnywhere traffic — including exchanged user login credentials — could be intercepted and decoded. If the attackers get their hands on the cryptographic key they can launch remote control sessions and, thus, access to systems and sensitive data. If the cryptographic key itself is using Active Directory credentials, they can also carry out other malicious activities on the network."

Who still uses PCAnywhere?

[ArcherB]

I remember the first time I used it. It was a Godsend. It was so nice to simply take control and do it rather than sit there on the phone saying, "Click Start. Start. It's on the bottom left. S-T-A-R-T! No, don't type it. Click the button labeled 'Start'. No, it's not on your keyboard. No, wait. Hit CTRL-ESC. Control Escape. It's on your keyboard. Press and hold control and then press and release escape. Keyboard. It's on your keyboard. Nevermind. Do you see Start on your screen?" Even though we were connecting via dialup, it was lightyears better than trying to imagine the screen the use was describing and then describing elements of it it back to them.

But those days are long gone. Now we have RDP, VNC, WebEx, and a host of other remote desktop utilities and protocols. There is no longer a need for PCAW.