Symantec can confirm that a segment of its source code has been accessed. Upon investigation of the claims made by Anonymous regarding source code disclosure, Symantec believes that the disclosure was the result of a theft of source code that occurred in 2006. Since 2006, Symantec has instituted a number of policies and procedures to prevent a similar incident from occurring.
Furthermore, there are no indications that customer information has been impacted or exposed at this time.
What products were impacted?
Our investigation continues to indicate that the theft is limited to only the code for the 2006 versions of Norton Antivirus Corporate Edition; Norton Internet Security; Norton SystemWorks (Norton Utilities and Norton GoBack); and pcAnywhere 12.0, 12.1 and 12.5.
Symantec Endpoint Protection (SEP) 11.0 and Symantec AntiVirus 10.2 inherited a very small amount of exposed code. The code that has been exposed is so old that current out-of the-box security settings will suffice against any possible threats that might materialize as a result of this incident.
What new risks could result from this disclosure?
Our analysis shows that due to the age of the exposed source code – except for that of pcAnywhere – Symantec and Norton customers should not be in any increased danger of cyber attacks resulting from this incident.
Our current analysis shows that all pcAnywhere 12.0, 12.1 and 12.5 customers are at an increased risk.
What should I do if my organization uses Norton Antivirus Corporate Edition, Norton Internet Security, Norton SystemWorks (Norton Utilities and Norton GoBack), Symantec Endpoint Protection (SEP) 11.0, or Symantec AntiVirus 10.2 ?
There is nothing additional that customers of these products need to do beyond adhering to best practices. The code that has been exposed is so old that current out-of-the-box security settings will suffice against any possible threats that might materialize as a result of this incident.
Our recommended best practices include:
*Making sure your AV definitions are up to date
*Making sure your software is upgraded to the latest maintenance version
*As it makes sense for your organization, upgrade to the latest version of Symantec Endpoint Protection, which is SEP 12.1 RU1
What should I do if my organization uses pcAnywhere?
As always with any remote control product, it is extremely important that best practices regarding physical security, endpoint security, network perimeter security and secure remote access are followed. For example, all computers should have an endpoint protection technology installed that is current and up-to-date. Corporate firewalls should not allow inbound or outbound access to pcAnywhere without using VPN tunnels. Unauthorized individuals should not be permitted on company property. Additionally, companies should employ best practices when it comes to the configuration of pcAnywhere (e.g. Password strength, password retry limits, requiring the user to approve remote connections.)