Under-threat pcAnywhere users told to switch off

Vulnerabilities arise after 2006 hack and customers told to wait for software updates

End users running Symantec's pcAnywhere product have been advised to disable the software until the threat from "malicious users with access to the source code" has been snuffed out.

The vendor issued a white paper this week explaining that a theft in 2006 has led to the source code for products from that era being compromised.

"With this incident pcAnywhere customers have increased risk," explained Symantec.

Customers are advised that, should they not follow security best practices, they will be "susceptible to man-in-the-middle" attacks. The security giant counsels end users to disable pcAnywhere "until Symantec releases a final set of software updates that resolve currently known vulnerability risks".

Clients that need access to the product "for business-critical purposes" are told to ensure they understand the risks, and make sure they are running the latest version of the software and download all relevant patches.

The white paper goes on to make a series of best-practice recommendations.