Symantec.com > Enterprise > Claims by Anonymous about Symantec Source Code

Claims by Anonymous about Symantec

We will be updating this page with new information as it becomes available, so please check back regularly.

Latest Updates

Subscribe for updates RSS Feed

November 5, 2012, 14:45:00 PST

Symantec is investigating the recent claims made online by a chapter of Anonymous regarding the security of our networks. We have found no evidence that customer information was exposed or impacted. We will continue to monitor the situation and aggressively investigate these and any related claims, but will not speculate on any further elements of the claims.

September 25 2012 14:03:07 PST

On Sept. 25th, another chapter claiming to be affiliated with Anonymous said that it posted online the code for the 2006 version of Norton Utilities. Symantec is aware of these new claims that are circulating online.

We have analyzed the code that was just posted online and have concluded that it is the same code that was already posted by another group in January 2012. As we stated at that time, the 2006 version of Norton Utilities is no longer sold or supported.

The current version of Norton Utilities has been completely rebuilt and shares no common code with Norton Utilities 2006. The code that has been posted for the 2006 version poses no security threat to users of the current version of Norton Utilities. Furthermore, we have no indications that the posting of this old code impacts the functionality or security of any other Symantec or Norton solutions.

April 10, 2012 13:15 PST

On April 10, 2012 Symantec released updated versions of pcAnywhere and pcAnywhere Solution. These releases contain a redesigned security model, as well as all previous fixes, to improve pcAnywhere communications and overall security. Customers should review the release notes to understand the specific changes, and how to roll out the latest versions in their environments.

March 9, 2012 14:15 PST

Symantec can confirm that the source code for 2006 versions of Norton Antivirus posted by Anonymous is authentic. The exposure of this code poses no increased risk to Norton or Symantec customers. This code is part of the original cache of code for 2006 versions of the products that Anonymous has claimed to possess over the last few weeks. We anticipated that the code would be posted. As we have already stated publicly, our analysis shows that due to the age of the exposed code and the fact that it is only a small subset of the complete code, Symantec antivirus or endpoint security consumer and business customers – including anyone running Norton products – should not be in any increased danger of cyber attacks resulting from this incident.
We also anticipate that Anonymous will post the rest of the code they have claimed to have in their possession. So far, they have posted a small portion of the source code for the 2006 versions of Norton Utilities, pcAnywhere, and Norton Antivirus. We also anticipate that at some point, they will post the code for the 2006 versions of Norton Internet Security. Again, the code that has been exposed is so old that current out-of-the-box security settings will suffice against any possible threats that might materialize as a result of this incident.

March 1, 2012 13:20 PST

On February 17, exploit details were posted that would allow attackers to crash fully patched versions of pcAnywhere on any Windows PC. Symantec has developed and tested a fix for a bug affecting the stability and reliability of pcAnywhere. On February 29, Symantec released this new hotfix for pcAnywhere that includes all previous updates. Customers can learn more at TECH182142.
Symantec will continue to release hotfixes as they become available and recommends that all customers continue to apply new updates when they are available, even if they applied previous hotfixes.
Note: All updates are available via the RSS feed subscription.

Overview

Symantec can confirm that a segment of its source code has been accessed. Upon investigation of the claims made by Anonymous regarding source code disclosure, Symantec believes that the disclosure was the result of a theft of source code that occurred in 2006. Since 2006, Symantec has instituted a number of policies and procedures to prevent a similar incident from occurring.
Furthermore, there are no indications that customer information has been impacted or exposed at this time.

What products were impacted?

Our investigation continues to indicate that the theft is limited to only the code for the 2006 versions of Norton Antivirus; Norton Internet Security; Norton SystemWorks (Norton Utilities and Norton GoBack); and pcAnywhere.
Based on our analysis, the Norton Antivirus Corporate Edition code in question represents a small percentage of the pre-release source for the Symantec AntiVirus 10.2 product, accounting for less than 5% of the product.
The Symantec Endpoint Protection 11 product – which was initially released in the fall of 2007 – was based upon a separate code branch that we do not believe was exposed. This code branch contains multiple new protection technologies including Heuristic Protection, Intrusion Prevention Security, Firewall, Application Control, Device Control, Tamper Protection, redesigned core engines, as well as our Symantec Endpoint Protection Manager (SEPM). Customers on Symantec Endpoint Protection 11.x are at no increased security risk as a result of the aforementioned code theft.

What new risks could result from this disclosure?

Our analysis shows that due to the age of the exposed source Symantec anti-virus or endpoint security customers – including those running Norton products – should not be in any increased danger of cyber attacks resulting from this incident.
Customers of Symantec’s pcAnywhere have increased risk as a result of this incident as discussed below.

What should I do if my organization uses Norton Antivirus, Norton Internet Security, Norton SystemWorks (Norton Utilities and Norton GoBack), Symantec Endpoint Protection (SEP) 11.0, or Symantec AntiVirus 10.2?

There is nothing additional that customers of these products need to do beyond adhering to best practices. The code that has been exposed is so old that current out-of-the-box security settings will suffice against any possible threats that might materialize as a result of this incident.
Our recommended best practices include:
  • Making sure your AV definitions are up to date
  • Making sure your software is upgraded to the latest maintenance version
  • As it makes sense for your organization, upgrade to the latest version of Symantec Endpoint Protection, which is SEP 12.1 RU1. Our analysis shows that the code theft does not require organizations to accelerate an upgrade to SEP 12.1.

What should I do if my organization uses pcAnywhere?

On April 10, 2012 Symantec released updated versions of pcAnywhere and pcAnywhere Solution. These releases contain a redesigned security model, as well as all previous fixes, to improve pcAnywhere communications and overall security. Customers should review the release notes to understand the specific changes, and how to roll out the latest versions in their environments.
At this time, Symantec recommends that customers ensure that the latest version of pcAnywhere is installed, apply all relevant patches as they are released, and follow general security best practices.
Technical White Paper: pcAnywhere Security Recommendations
To help customers understand how to address the issues based on their specific use case and implement best practices to protect their devices and information.