Published January 26, 2012
Symantec is advising customers to disable one of its products, after hackers revealed the theft of the underlying code powering the software earlier this month.
The security firm said the theft occurred in 2006, compromising 2006-era version of Norton Antivirus Corporate Edition, Norton Internet Security and Norton SystemWorks. More important was the theft of the code behind the remote access package pcAnywhere, which could allow malicious users to gain complete access to systems and data, experts warn.
“Symantec recommends disabling the product until Symantec releases a final set of software updates that resolve currently known vulnerability risks,” the company wrote in an online statement about the hacking.
The new advice is a marked change from earlier comments from the company, which at first downplayed the significance of the hacking, said Ira Victor, a security expert with Data Clone Labs in Nevada.
“At first, Symantec said that customers do not need to take additional actions in light of the breach,” Victor told FoxNews.com. “Now Symantec has changed their tune.”
Indeed, experts queried by FoxNews.com in January labeled the incident more of a business risk than anything else -- one that may lead to a loss of confidence in Symantec and potential loss of market share for the publicly traded firm.
"The headline is very embarrassing to Symantec," Anup Ghosh, founder and CEO of Virginian security firm Invincea, told FoxNews.com at the time. "But this has now become the normal in securities. Every single corporation is susceptible to threats."
The company’s new advice suggests the security breach may have been more significant than Symantec had believed at first.
“It’s possible that Symantec ‘hardcoded’ encryption keys into PCAnywhere,” Victor said. “If true, that would be a serious security mis-step.”
In the newly released security advisory, Symantec offers suggestions for tightening security in light of the code theft. Victor suggests four additional steps to greater protection:
1. Do not use a "suite" of security protection from any one firm. A mixture of best of breed security is more secure.
2. Usernames and passwords alone are not enough protection for remote access. A single-use password system makes unauthorized remote access exponentially harder for cybercriminals.
3. Do not run computers in "Administrator" mode. Run systems in "User mode" so that malware does not install automatically.
4. Businesses should deploy application "whitelisting." This will prevent unauthorized malware from running on computers.