Report: pcAnywhere Code Unchanged for 10 Years

An anonymous analysis of the leaked pcAnywhere source code shows that the software had undergone little change over the past decade.

The information, presented and published by Infosec Institute, included a breakdown of the code stolen by hackers in 2006 and published online last month.

While the software had undergone multiple version releases over the last 10 years, the only changes made were for compatibility issues, according to the report.

"Symantec's code is heavily commented with dates for all changes. Readme files are present for each and every software component, many readme files acting as a change log complete with versions and dates," said the anonymous report. "A surprising amount of the core code originates from what is now 10 years ago with only a few added changes, mainly to accommodate changes in Windows versions."

Included in the code were Symantec's plans for the latest version (12.5), which called for eight developers to spend 4448 hours working on updated code. However, the code also documented that this never happened.

Another important fact found in the code was for a "silent" version of the software that could run on a computer that would be hidden from the user. According to the anonymous researcher, this is very important because attackers could use the code to create hidden-door exploits.

"For hackers, the sky is the limit as hackers now have all of the juicy details of the pcAnywhere product as well as accompanying source code for all related components. pcAnywhere is now pcEverywhere," said the report.

And it looks like hackers have already started exploiting the code. Johnathan Norman, director of security research at network security vendor Alert Logic, released code last week that allegedly crashes the software's service called awhost32. He also noted that this also works against Symantec's recent update to the software.

However, this specific denial-of-service attack may not be worth attackers' effort, as the awhost32 feature automatically relaunches after a crash, said Logic.

According to Infosec Institute's report, the best course for action would be to permanently block the ports used by the software and look for alternative remote desktop tools, even for those that have patched their software.

"pcAnywhere was originally a product for the dial-up internet days which has become obsolete by other products that provide more secure ways of remote connections," according to the  report.  If you are a company user with pcAnywhere, uninstalling it is the only way to be safe that your computer is not under potential threat of undetected remote control and compromise."

About the Author

Chris Paoli is the site producer for and


  • Microsoft Adding Google G Suite Migration in Exchange Admin Center

    Microsoft's Exchange Admin Center will be getting the ability to move Google G Suite calendar, contacts and e-mail data over to the Office 365 service "in the coming weeks."

  • Qualcomm Back in Datacenter Fray with AI Chip

    The chip maker joins a crowded field of vendors that are designing silicon for processing AI inference workloads in the datacenter.

  • Microsoft To Ship Surface Hub 2S Conference Device in June

    Microsoft on Wednesday announced a June U.S. ship date for one of its Surface Hub 2S conferencing room products, plus a couple of other product milestones.

  • Kaspersky Lab Nabs Another Windows Zero-Day

    Kaspersky Lab this week described more about a zero-day Windows vulnerability (CVE-2019-0859) that its researchers recently discovered, and how PowerShell was used by the exploit.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.