Symantec can confirm that a segment of its source code has been accessed. Upon investigation of the claims made by Anonymous regarding source code disclosure, Symantec believes that the disclosure was the result of a theft of source code that occurred in 2006. Since 2006, Symantec has instituted a number of policies and procedures to prevent a similar incident from occurring.
Furthermore, there are no indications that customer information has been impacted or exposed at this time.
What products were impacted?
Our investigation continues to indicate that the theft is limited to only the code for the 2006 versions of Norton Antivirus; Norton Internet Security; Norton SystemWorks (Norton Utilities and Norton GoBack); and pcAnywhere.
Based on our analysis, the Norton Antivirus Corporate Edition code in question represents a small percentage of the pre-release source for the Symantec AntiVirus 10.2 product, accounting for less than 5% of the product.
The Symantec Endpoint Protection 11 product – which was initially released in the fall of 2007 – was based upon a separate code branch that we do not believe was exposed. This code branch contains multiple new protection technologies including Heuristic Protection, Intrusion Prevention Security, Firewall, Application Control, Device Control, Tamper Protection, redesigned core engines, as well as our Symantec Endpoint Protection Manager (SEPM). Customers on Symantec Endpoint Protection 11.x are at no increased security risk as a result of the aforementioned code theft.
What new risks could result from this disclosure?
Our analysis shows that due to the age of the exposed source Symantec anti-virus or endpoint security customers – including those running Norton products – should not be in any increased danger of cyber attacks resulting from this incident.
Customers of Symantec’s pcAnywhere have increased risk as a result of this incident as discussed below.
What should I do if my organization uses Norton Antivirus, Norton Internet Security, Norton SystemWorks (Norton Utilities and Norton GoBack), Symantec Endpoint Protection (SEP) 11.0, or Symantec AntiVirus 10.2?
There is nothing additional that customers of these products need to do beyond adhering to best practices. The code that has been exposed is so old that current out-of-the-box security settings will suffice against any possible threats that might materialize as a result of this incident.
Our recommended best practices include:
- Making sure your AV definitions are up to date
- Making sure your software is upgraded to the latest maintenance version
- As it makes sense for your organization, upgrade to the latest version of Symantec Endpoint Protection, which is SEP 12.1 RU1. Our analysis shows that the code theft does not require organizations to accelerate an upgrade to SEP 12.1.
What should I do if my organization uses pcAnywhere?
On April 10, 2012 Symantec released updated versions of pcAnywhere and pcAnywhere Solution. These releases contain a redesigned security model, as well as all previous fixes, to improve pcAnywhere communications and overall security. Customers should review the release notes
to understand the specific changes, and how to roll out the latest versions in their environments.
At this time, Symantec recommends that customers ensure that the latest version of pcAnywhere is installed, apply all relevant patches as they are released, and follow general security best practices.
Technical White Paper: pcAnywhere Security Recommendations
To help customers understand how to address the issues based on their specific use case and implement best practices to protect their devices and information.