Symantec has said its pcAnywhere remote control software is once again safe to use, following the release of its latest security patch. The security giant made the highly unusual move last week of advising customers to avoid using older but still widely used versions of pcAnywhere as a precaution, after it emerged that the …
A stark warning
to the dangers of offshoring ... over the past 5 years I have seen a *lot* of source code go to (and come from) places where - let's be honest - the remedy of civil enforcement for losses is dubious at best. I've always highlighted the dangers to those in power, but have been assured there's a "contract in place" to protect us.
Has anyone successfully sued a non-EU company before ?
And that's *before* we start looking at the data that flows out there ....
Why even use it?
I last used pcanywhere close 10 years ago. It was a slow piece of s...oftware that had a habit of borking display drivers on Windows NT.
So, what are the benefits of using pcanywhere over UltraVNC for ? I know it used to support serial connections and other non-IP connections but why else would anyone use it?
It's over its peak
However this is kind of software is used on Windows environments. I have worked at a company selling those environments and writing software for it. Not all of our customers had TCP/IP installed on their LAN. Even if they had, it was unlikely they used it for more than Internet and accessing network printers. Few people even had Internet beyond dialup on one PC using proprietary software from the online service.
In the Windows world, VPNs are seen as something expensive and hard to set up, so if you are lucky, you get RAS dialup via ISDN with all the security being a password which is the same for _all_ customers of that company, and, if you are lucky, a system to dial you back.
PCAnywhere is just so much easier to set up. You install it, tell it to listen to the ISDN card, and it works.
You should join the 21st century, your nonsense was obsolete over 10 years ago.
PC Anywhere is like an open infected sore full of puss waiting to escape.
I understand that you're proud of the German ISDN infrastructure. Things have, however, evolved a lot in the last 20 years.
ISDN is slow nowadays. It's not built-in to any computer. It's not available on a mobile connection. POTS modems offer more flexibility and can be connected to via GSM data if all else fails. If I needed RAS dial back on Windows I would use the Windows Server RAS service, it just works. (way back on NT/2000 when I last used it)
International ISDN connections are expensive if you need to support someone abroad. Even long distance calls are expensive if you need to connect for a few hours at a time. TCPIP is on the other hand "free".
VPN is not hard nor expensive on Windows. Of course you can pay through the nose if you want and use complicated solutions if you want.
the better questions are
What other source-code was lost and when are they going to tell us.
On the other hand, they may have had to download the publicly available code and compare it to their library before they could determine if it was theirs. This, to me, would be worse than having not told us 6 years ago.
This probably affects few
This software is unlikely to affect many users but it's good to know it's fixed.
They could just use VNC
That way, there's no worrying about *if* your session is vulnerable to sniffing or man-in-the-middle attacks -- the whole session (including password) is in the clear, so you KNOW it's fully vulnerable! Problem solved 8-)
Henry, the problem is solved simply by turning on the AES or RC4 or IDEA or Blowfish or whatever cipher.
You're not the kind of person who would insult PuTTY for offering insecure telnet access?
I hope they stole Norton too
Then perhaps someone will be able to help them clean up the load of old toilet that is Norton Internet Security.